Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

infected winrscmde svchost.exe Trojan.Agent


Jenga12
 Share

Recommended Posts

It appears that my Windows 7 pc has become infected with winrscmde svchost.exe Trojan.Agent. I have run Malwarebytes and it finds two files for removal but upon reboot it actually removes Malwarebytes and I end up in a vicious cycle of downloading the Malwarebytes, running the scan, finding the files, rebooting - blue screen and all - and coming back to no Malwarebytes anymore. I have run the dds.scr as recommended in the I'm infected post and those logs are posted here:

DDS (Ver_2012-10-14.05) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Steffy at 21:36:34 on 2012-10-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1029 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\vVX3000.exe

C:\Users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe

C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://m.www.yahoo.com/

uSearch Bar = Preserve

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\CoIEPlg.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

uRun: [ALconnect] C:\Users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:149

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 10.0.0.1

TCP: Interfaces\{3A11F24C-80B1-4BD0-87AD-DFB5DB40FAE5} : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{3A11F24C-80B1-4BD0-87AD-DFB5DB40FAE5}\D456C696373716F46666963656 : DHCPNameServer = 65.32.1.65 65.32.1.70

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

x64-Run: [VX3000] C:\Windows\vVX3000.exe

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Steffy\AppData\Roaming\Mozilla\Firefox\Profiles\jn5yn95j.default\

FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - ExtSQL: !HIDDEN! 2010-01-11 22:35; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-30 101688]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1401010.002\SymDS64.sys [2012-10-14 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1401010.002\SymEFA64.sys [2012-10-14 1132192]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-9-13 1385120]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1401010.002\ccSetx64.sys [2012-10-14 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSviA64.sys [2012-10-15 513184]

R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-10 397720]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1401010.002\Ironx64.sys [2012-10-14 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1401010.002\symnets.sys [2012-10-14 432800]

R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2x.sys [2008-9-29 553472]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-12-19 48488]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-8-23 40320]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

.

=============== Created Last 30 ================

.

2012-10-16 01:21:16 20480 ----a-w- C:\Windows\svchost.exe

2012-10-16 01:10:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-15 14:38:16 -------- d-----w- C:\Users\Steffy\AppData\Roaming\Malwarebytes

2012-10-15 14:37:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-15 14:37:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-15 05:06:05 -------- d-----w- C:\Users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-10-15 00:33:27 493216 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymDS64.sys

2012-10-15 00:33:27 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\symnets.sys

2012-10-15 00:33:27 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymELAM.sys

2012-10-15 00:33:27 1132192 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymEFA64.sys

2012-10-15 00:33:26 776352 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\srtsp64.sys

2012-10-15 00:33:26 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\srtspx64.sys

2012-10-15 00:33:26 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\Ironx64.sys

2012-10-15 00:33:25 168096 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\ccSetx64.sys

2012-10-15 00:32:32 -------- d-----w- C:\Windows\System32\drivers\N360x64\1401010.002

2012-10-14 23:21:04 -------- d-----w- C:\Users\Steffy\AppData\Local\NPE

2012-10-14 03:02:50 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-10-14 03:00:07 704000 ----a-w- C:\Windows\System32\cohelper.dll

2012-10-14 03:00:07 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin

2012-10-14 02:59:04 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-10-14 02:59:04 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-10-10 17:52:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-10 17:52:00 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-10 17:39:48 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 17:39:48 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 17:39:08 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 17:39:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 17:39:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 17:39:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 17:39:07 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 17:39:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-10-10 17:38:09 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-10-10 17:34:28 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-10 17:34:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-04 23:34:04 -------- d--h--w- C:\Program Files (x86)\Zero G Registry

2012-10-04 23:34:04 -------- d-----w- C:\Program Files (x86)\Pyware iPAS

2012-10-04 23:33:00 -------- d--h--w- C:\Users\Steffy\InstallAnywhere

2012-09-26 23:19:15 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-22 04:17:10 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-09-22 04:15:52 -------- d-----w- C:\Program Files\iPod

2012-09-22 04:15:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-22 04:15:51 -------- d-----w- C:\Program Files\iTunes

2012-09-22 04:15:51 -------- d-----w- C:\Program Files (x86)\iTunes

2012-09-19 01:55:55 -------- d-----r- C:\Program Files (x86)\Skype

.

==================== Find3M ====================

.

2012-10-15 00:35:53 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-10-09 16:24:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 16:24:25 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-22 20:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 21:41:23.25 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-14.05)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/9/2010 3:03:41 PM

System Uptime: 10/15/2012 9:19:27 PM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | NARRA5

Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 218.564 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 2.172 GiB free.

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP274: 10/10/2012 2:19:59 PM - HPSF Restore Point

RP275: 10/11/2012 3:01:25 AM - Windows Update

RP276: 10/11/2012 11:20:56 PM - HPSF Restore Point

RP277: 10/12/2012 3:00:41 AM - Windows Update

RP278: 10/13/2012 11:09:50 AM - Windows Update

RP279: 10/13/2012 10:44:48 PM - Installed Rapport

RP280: 10/13/2012 10:59:25 PM - Windows Update

RP281: 10/14/2012 3:00:15 AM - Windows Update

RP282: 10/14/2012 3:23:41 PM - Windows Backup

RP283: 10/14/2012 7:39:54 PM - Windows Update

RP284: 10/15/2012 9:16:37 AM - Windows Update

RP285: 10/15/2012 4:18:22 PM - Windows Update

RP286: 10/15/2012 8:42:19 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

64 Bit HP CIO Components Installer

Acrobat.com

Activate Norton Online Backup

ActiveLink Connect

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

BufferChm

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC 8

Canon Utilities MyCamera

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

D3DX10

Destinations

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

DJ_AIO_06_F2400_SW_Min

F2400

ffdshow [rev 2527] [2008-12-19]

FlightCrew Connector

GPBaseService2

Hardware Diagnostic Tools

Hewlett-Packard ACLM.NET v1.1.2.0

Homepage Protection

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 13.0

HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

HP Games

HP Imaging Device Functions 13.0

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP Odometer

HP Print Projects 1.0

HP Remote Solution

HP Setup

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Support Assistant

HP Support Information

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

iCloud

InterActual Player

iSEEK AnswerWorks English Runtime

iTunes

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

LabelPrint

LeapFrog Connect

LeapFrog Leapster Explorer Plugin

LG Android Drivers

LG USB Modem driver

LightScribe System Software

LSI PCI-SV92EX Soft Modem

Malwarebytes Anti-Malware version 1.65.0.1400

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft LifeCam

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MobileMe Control Panel

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton 360

NVIDIA Display Control Panel

NVIDIA Drivers

Power2Go

PowerDirector

PowerRecover

PVSonyDll

QuickTime

RangeMax Wireless-N USB Adapter WN111v2

Rapport

Realtek High Definition Audio Driver

Safari

Scan

Seagate Manager Installer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Shop for HP Supplies

Skype™ 5.10

SmartWebPrinting

SolutionCenter

Status

Symantec Technical Support Web Controls

Toolbox

TrayApp

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

WebReg

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WN111v2

.

==== Event Viewer Messages From Past Week ========

.

10/15/2012 9:46:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80025e5060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-74630-01.

10/15/2012 9:37:41 AM, Error: volsnap [14] - The shadow copies of volume F: were aborted because of an IO failure on volume F:.

10/15/2012 9:21:01 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

10/15/2012 9:11:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.

10/15/2012 9:11:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80076da060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

10/15/2012 9:04:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/15/2012 9:04:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/15/2012 9:04:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/15/2012 9:04:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/15/2012 9:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/15/2012 9:04:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80024d9b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-33087-01.

10/15/2012 9:04:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/15/2012 9:04:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 RapportKE64 spldr SRTSPX SymIRON SymNetS Wanarpv6

10/15/2012 8:48:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

10/15/2012 8:45:15 PM, Error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.

10/15/2012 8:39:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

10/15/2012 8:38:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80069f6060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-90028-01.

10/15/2012 8:36:33 PM, Error: SRTSP [4] - Error loading virus definitions.

10/15/2012 8:25:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

10/15/2012 4:32:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80026bcb30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-40123-01.

10/15/2012 4:13:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa800b628b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-87329-01.

10/15/2012 2:18:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa800736eb30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-103319-01.

10/15/2012 2:10:53 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cc3405, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-95753-01.

10/15/2012 10:14:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa800343a060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-47003-01.

10/15/2012 10:07:15 AM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/15/2012 1:59:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa8007a13b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-98374-01.

10/14/2012 9:13:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/14/2012 9:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/14/2012 9:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/14/2012 9:12:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa8003d13b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101412-35303-01.

10/14/2012 9:12:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched RapportKE64 rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf

10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/13/2012 7:39:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

10/13/2012 12:26:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

10/13/2012 12:25:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

10/13/2012 12:24:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

10/13/2012 12:24:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

10/13/2012 11:13:11 AM, Error: Service Control Manager [7022] - The Intuit Update Service v4 service hung on starting.

10/13/2012 11:05:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80051ac060, 0xfffff80000ba2748, 0xfffffa80036b6520). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-48485-01.

10/12/2012 9:50:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

.

==== End Of File ===========================

I saw some other similar postings, but it seemed that you are looking for specific files for the fixes so I am posting for help. Any guidance you can provide would be greatly appreciated. Thank you!

Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download aswMBR.exe to your desktop.

  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.

Please include the following in your next post:

  • aswMBR log

Link to post
Share on other sites

Hello! Below is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-15 22:34:56

-----------------------------

22:34:56.900 OS Version: Windows x64 6.1.7601 Service Pack 1

22:34:56.900 Number of processors: 1 586 0x7F02

22:34:56.908 ComputerName: STEFFY-PC UserName: Steffy

22:35:02.963 Initialize success

22:35:16.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066

22:35:16.134 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3

22:35:16.137 Device \Driver\nvstor64 -> MajorFunction fffffa80038ce5e8

22:35:16.146 Disk 0 MBR read successfully

22:35:16.149 Disk 0 MBR scan

22:35:16.153 Disk 0 unknown MBR code

22:35:16.199 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

22:35:16.259 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292917 MB offset 206848

22:35:16.293 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12226 MB offset 600100864

22:35:16.428 Disk 0 scanning C:\Windows\system32\drivers

22:35:25.203 Service scanning

22:35:59.122 Modules scanning

22:35:59.135 Disk 0 trace - called modules:

22:35:59.145 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80038ce5e8]<<

22:35:59.540 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800304a730]

22:35:59.554 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8002cf2240]

22:35:59.566 5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8002d039c0]

22:35:59.585 \Driver\nvstor64[0xfffffa80037cc2a0] -> IRP_MJ_CREATE -> 0xfffffa80038ce5e8

22:35:59.598 Scan finished successfully

22:36:15.903 Disk 0 MBR has been saved successfully to "C:\Users\Steffy\Desktop\MBR.dat"

22:36:15.918 The log file has been saved successfully to "C:\Users\Steffy\Desktop\aswMBR.txt"

Thank you

Link to post
Share on other sites

Please do this next:

icon11.gif Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

Ok so I ran everything and did all the reboots. There were 2 TDSSKiller logsm so I am including both here. Here are all the logs including combo fix:

23:18:59.0232 4624 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

23:18:59.0282 4624 ============================================================

23:18:59.0282 4624 Current date / time: 2012/10/15 23:18:59.0282

23:18:59.0282 4624 SystemInfo:

23:18:59.0282 4624

23:18:59.0282 4624 OS Version: 6.1.7601 ServicePack: 1.0

23:18:59.0282 4624 Product type: Workstation

23:18:59.0282 4624 ComputerName: STEFFY-PC

23:18:59.0282 4624 UserName: Steffy

23:18:59.0282 4624 Windows directory: C:\Windows

23:18:59.0282 4624 System windows directory: C:\Windows

23:18:59.0282 4624 Running under WOW64

23:18:59.0282 4624 Processor architecture: Intel x64

23:18:59.0282 4624 Number of processors: 1

23:18:59.0282 4624 Page size: 0x1000

23:18:59.0282 4624 Boot type: Normal boot

23:18:59.0282 4624 ============================================================

23:19:02.0733 4624 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

23:19:02.0793 4624 ============================================================

23:19:02.0793 4624 \Device\Harddisk0\DR0:

23:19:02.0793 4624 MBR partitions:

23:19:02.0793 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:19:02.0793 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800

23:19:02.0793 4624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000

23:19:02.0793 4624 ============================================================

23:19:02.0833 4624 C: <-> \Device\Harddisk0\DR0\Partition2

23:19:02.0873 4624 D: <-> \Device\Harddisk0\DR0\Partition3

23:19:03.0003 4624 ============================================================

23:19:03.0003 4624 Initialize success

23:19:03.0003 4624 ============================================================

23:20:02.0862 0368 ============================================================

23:20:02.0862 0368 Scan started

23:20:02.0862 0368 Mode: Manual; TDLFS;

23:20:02.0862 0368 ============================================================

23:20:04.0222 0368 ================ Scan system memory ========================

23:20:04.0222 0368 System memory - ok

23:20:04.0222 0368 ================ Scan services =============================

23:20:04.0442 0368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:20:04.0442 0368 1394ohci - ok

23:20:04.0522 0368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:20:04.0522 0368 ACPI - ok

23:20:04.0572 0368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:20:04.0572 0368 AcpiPmi - ok

23:20:04.0722 0368 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:20:04.0722 0368 AdobeFlashPlayerUpdateSvc - ok

23:20:04.0792 0368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:20:04.0802 0368 adp94xx - ok

23:20:04.0862 0368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:20:04.0872 0368 adpahci - ok

23:20:04.0902 0368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:20:04.0902 0368 adpu320 - ok

23:20:04.0942 0368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:20:04.0942 0368 AeLookupSvc - ok

23:20:05.0012 0368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

23:20:05.0022 0368 AFD - ok

23:20:05.0142 0368 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

23:20:05.0142 0368 AgereModemAudio - ok

23:20:05.0212 0368 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

23:20:05.0232 0368 AgereSoftModem - ok

23:20:05.0302 0368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:20:05.0302 0368 agp440 - ok

23:20:05.0372 0368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:20:05.0372 0368 ALG - ok

23:20:05.0452 0368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:20:05.0457 0368 aliide - ok

23:20:05.0477 0368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

23:20:05.0477 0368 amdide - ok

23:20:05.0567 0368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:20:05.0572 0368 AmdK8 - ok

23:20:05.0602 0368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:20:05.0607 0368 AmdPPM - ok

23:20:05.0677 0368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:20:05.0682 0368 amdsata - ok

23:20:05.0722 0368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:20:05.0727 0368 amdsbs - ok

23:20:05.0782 0368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:20:05.0792 0368 amdxata - ok

23:20:05.0877 0368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

23:20:05.0897 0368 AppID - ok

23:20:05.0937 0368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:20:05.0937 0368 AppIDSvc - ok

23:20:05.0987 0368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

23:20:05.0987 0368 Appinfo - ok

23:20:06.0127 0368 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:20:06.0137 0368 Apple Mobile Device - ok

23:20:06.0217 0368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

23:20:06.0217 0368 arc - ok

23:20:06.0247 0368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:20:06.0247 0368 arcsas - ok

23:20:06.0307 0368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:20:06.0307 0368 AsyncMac - ok

23:20:06.0367 0368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

23:20:06.0367 0368 atapi - ok

23:20:06.0447 0368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:20:06.0447 0368 AudioEndpointBuilder - ok

23:20:06.0477 0368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:20:06.0477 0368 AudioSrv - ok

23:20:06.0537 0368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:20:06.0547 0368 AxInstSV - ok

23:20:06.0667 0368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

23:20:06.0667 0368 b06bdrv - ok

23:20:06.0747 0368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:20:06.0747 0368 b57nd60a - ok

23:20:06.0827 0368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:20:06.0827 0368 BDESVC - ok

23:20:06.0847 0368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:20:06.0847 0368 Beep - ok

23:20:06.0957 0368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

23:20:06.0967 0368 BFE - ok

23:20:07.0226 0368 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys

23:20:07.0257 0368 BHDrvx64 - ok

23:20:07.0304 0368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

23:20:07.0319 0368 BITS - ok

23:20:07.0366 0368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:20:07.0366 0368 blbdrive - ok

23:20:07.0460 0368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:20:07.0475 0368 Bonjour Service - ok

23:20:07.0569 0368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:20:07.0569 0368 bowser - ok

23:20:07.0616 0368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:20:07.0616 0368 BrFiltLo - ok

23:20:07.0631 0368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:20:07.0631 0368 BrFiltUp - ok

23:20:07.0678 0368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

23:20:07.0678 0368 Browser - ok

23:20:07.0725 0368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:20:07.0725 0368 Brserid - ok

23:20:07.0740 0368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:20:07.0756 0368 BrSerWdm - ok

23:20:07.0787 0368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:20:07.0787 0368 BrUsbMdm - ok

23:20:07.0803 0368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:20:07.0803 0368 BrUsbSer - ok

23:20:07.0818 0368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:20:07.0818 0368 BTHMODEM - ok

23:20:07.0896 0368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:20:07.0896 0368 bthserv - ok

23:20:08.0037 0368 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys

23:20:08.0037 0368 ccSet_N360 - ok

23:20:08.0084 0368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:20:08.0084 0368 cdfs - ok

23:20:08.0162 0368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

23:20:08.0162 0368 cdrom - ok

23:20:08.0240 0368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

23:20:08.0240 0368 CertPropSvc - ok

23:20:08.0302 0368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:20:08.0302 0368 circlass - ok

23:20:08.0333 0368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:20:08.0333 0368 CLFS - ok

23:20:08.0411 0368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:20:08.0411 0368 clr_optimization_v2.0.50727_32 - ok

23:20:08.0458 0368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:20:08.0474 0368 clr_optimization_v2.0.50727_64 - ok

23:20:08.0583 0368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:20:08.0583 0368 clr_optimization_v4.0.30319_32 - ok

23:20:08.0645 0368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:20:08.0661 0368 clr_optimization_v4.0.30319_64 - ok

23:20:08.0739 0368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:20:08.0739 0368 CmBatt - ok

23:20:08.0786 0368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:20:08.0786 0368 cmdide - ok

23:20:08.0817 0368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

23:20:08.0832 0368 CNG - ok

23:20:08.0848 0368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:20:08.0864 0368 Compbatt - ok

23:20:08.0910 0368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:20:08.0910 0368 CompositeBus - ok

23:20:08.0942 0368 COMSysApp - ok

23:20:08.0988 0368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:20:08.0988 0368 crcdisk - ok

23:20:09.0066 0368 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:20:09.0066 0368 CryptSvc - ok

23:20:09.0144 0368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:20:09.0160 0368 DcomLaunch - ok

23:20:09.0191 0368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:20:09.0191 0368 defragsvc - ok

23:20:09.0254 0368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:20:09.0254 0368 DfsC - ok

23:20:09.0332 0368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

23:20:09.0332 0368 Dhcp - ok

23:20:09.0363 0368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:20:09.0363 0368 discache - ok

23:20:09.0441 0368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:20:09.0441 0368 Disk - ok

23:20:09.0488 0368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:20:09.0488 0368 Dnscache - ok

23:20:09.0534 0368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:20:09.0534 0368 dot3svc - ok

23:20:09.0612 0368 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

23:20:09.0612 0368 Dot4 - ok

23:20:09.0675 0368 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

23:20:09.0675 0368 Dot4Print - ok

23:20:09.0706 0368 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

23:20:09.0706 0368 dot4usb - ok

23:20:09.0753 0368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

23:20:09.0753 0368 DPS - ok

23:20:09.0815 0368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:20:09.0815 0368 drmkaud - ok

23:20:09.0878 0368 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:20:09.0878 0368 DXGKrnl - ok

23:20:09.0909 0368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:20:09.0924 0368 EapHost - ok

23:20:10.0002 0368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

23:20:10.0049 0368 ebdrv - ok

23:20:10.0158 0368 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

23:20:10.0158 0368 eeCtrl - ok

23:20:10.0205 0368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

23:20:10.0205 0368 EFS - ok

23:20:10.0314 0368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:20:10.0314 0368 ehRecvr - ok

23:20:10.0361 0368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:20:10.0361 0368 ehSched - ok

23:20:10.0439 0368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:20:10.0455 0368 elxstor - ok

23:20:10.0533 0368 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys

23:20:10.0533 0368 EraserUtilDrv11220 - ok

23:20:10.0626 0368 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23:20:10.0626 0368 EraserUtilRebootDrv - ok

23:20:10.0658 0368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:20:10.0673 0368 ErrDev - ok

23:20:10.0736 0368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:20:10.0751 0368 EventSystem - ok

23:20:10.0782 0368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:20:10.0782 0368 exfat - ok

23:20:10.0814 0368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:20:10.0814 0368 fastfat - ok

23:20:10.0892 0368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

23:20:10.0892 0368 Fax - ok

23:20:10.0923 0368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:20:10.0923 0368 fdc - ok

23:20:11.0001 0368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:20:11.0001 0368 fdPHost - ok

23:20:11.0016 0368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:20:11.0032 0368 FDResPub - ok

23:20:11.0063 0368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:20:11.0063 0368 FileInfo - ok

23:20:11.0079 0368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:20:11.0079 0368 Filetrace - ok

23:20:11.0119 0368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:20:11.0119 0368 flpydisk - ok

23:20:11.0189 0368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:20:11.0189 0368 FltMgr - ok

23:20:11.0259 0368 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

23:20:11.0279 0368 FontCache - ok

23:20:11.0339 0368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:20:11.0339 0368 FontCache3.0.0.0 - ok

23:20:11.0489 0368 [ 07AF7870ABF051EBBAE8A8A92FF34ABE ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

23:20:11.0489 0368 FreeAgentGoNext Service - ok

23:20:11.0529 0368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:20:11.0529 0368 FsDepends - ok

23:20:11.0609 0368 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

23:20:11.0609 0368 fssfltr - ok

23:20:11.0679 0368 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

23:20:11.0699 0368 fsssvc - ok

23:20:11.0749 0368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:20:11.0759 0368 Fs_Rec - ok

23:20:11.0829 0368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:20:11.0829 0368 fvevol - ok

23:20:11.0899 0368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:20:11.0899 0368 gagp30kx - ok

23:20:11.0989 0368 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

23:20:11.0999 0368 GameConsoleService - ok

23:20:12.0039 0368 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:20:12.0039 0368 GEARAspiWDM - ok

23:20:12.0089 0368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

23:20:12.0099 0368 gpsvc - ok

23:20:12.0119 0368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:20:12.0129 0368 hcw85cir - ok

23:20:12.0199 0368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

23:20:12.0199 0368 HDAudBus - ok

23:20:12.0219 0368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:20:12.0229 0368 HidBatt - ok

23:20:12.0259 0368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:20:12.0259 0368 HidBth - ok

23:20:12.0289 0368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:20:12.0289 0368 HidIr - ok

23:20:12.0329 0368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

23:20:12.0329 0368 hidserv - ok

23:20:12.0409 0368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:20:12.0409 0368 HidUsb - ok

23:20:12.0459 0368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:20:12.0459 0368 hkmsvc - ok

23:20:12.0519 0368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:20:12.0519 0368 HomeGroupListener - ok

23:20:12.0559 0368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:20:12.0569 0368 HomeGroupProvider - ok

23:20:12.0719 0368 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

23:20:12.0719 0368 HP Support Assistant Service - ok

23:20:12.0879 0368 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

23:20:12.0879 0368 HPDrvMntSvc.exe - ok

23:20:12.0949 0368 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

23:20:12.0959 0368 hpqcxs08 - ok

23:20:12.0989 0368 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

23:20:12.0989 0368 hpqddsvc - ok

23:20:13.0089 0368 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

23:20:13.0099 0368 hpqwmiex - ok

23:20:13.0170 0368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:20:13.0180 0368 HpSAMD - ok

23:20:13.0260 0368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:20:13.0270 0368 HTTP - ok

23:20:13.0310 0368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:20:13.0310 0368 hwpolicy - ok

23:20:13.0380 0368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:20:13.0380 0368 i8042prt - ok

23:20:13.0460 0368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:20:13.0470 0368 iaStorV - ok

23:20:13.0770 0368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:20:13.0810 0368 idsvc - ok

23:20:13.0970 0368 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSvia64.sys

23:20:13.0980 0368 IDSVia64 - ok

23:20:14.0040 0368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:20:14.0040 0368 iirsp - ok

23:20:14.0110 0368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

23:20:14.0120 0368 IKEEXT - ok

23:20:14.0240 0368 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

23:20:14.0270 0368 IntcAzAudAddService - ok

23:20:14.0290 0368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

23:20:14.0300 0368 intelide - ok

23:20:14.0360 0368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:20:14.0370 0368 intelppm - ok

23:20:14.0470 0368 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

23:20:14.0480 0368 IntuitUpdateService - ok

23:20:14.0590 0368 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

23:20:14.0600 0368 IntuitUpdateServiceV4 - ok

23:20:14.0640 0368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:20:14.0640 0368 IPBusEnum - ok

23:20:14.0690 0368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:20:14.0690 0368 IpFilterDriver - ok

23:20:14.0740 0368 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:20:14.0750 0368 iphlpsvc - ok

23:20:14.0790 0368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:20:14.0800 0368 IPMIDRV - ok

23:20:14.0880 0368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:20:14.0880 0368 IPNAT - ok

23:20:14.0980 0368 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:20:14.0990 0368 iPod Service - ok

23:20:15.0050 0368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:20:15.0060 0368 IRENUM - ok

23:20:15.0100 0368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:20:15.0100 0368 isapnp - ok

23:20:15.0130 0368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:20:15.0140 0368 iScsiPrt - ok

23:20:15.0261 0368 [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe

23:20:15.0271 0368 jswpsapi - ok

23:20:15.0331 0368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

23:20:15.0341 0368 kbdclass - ok

23:20:15.0391 0368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

23:20:15.0391 0368 kbdhid - ok

23:20:15.0411 0368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

23:20:15.0411 0368 KeyIso - ok

23:20:15.0451 0368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:20:15.0461 0368 KSecDD - ok

23:20:15.0481 0368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:20:15.0491 0368 KSecPkg - ok

23:20:15.0551 0368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:20:15.0561 0368 ksthunk - ok

23:20:15.0591 0368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:20:15.0601 0368 KtmRm - ok

23:20:15.0671 0368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

23:20:15.0671 0368 LanmanServer - ok

23:20:15.0721 0368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:20:15.0731 0368 LanmanWorkstation - ok

23:20:16.0001 0368 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

23:20:16.0113 0368 LeapFrog Connect Device Service - ok

23:20:16.0176 0368 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys

23:20:16.0176 0368 Leapfrog-USBLAN - ok

23:20:16.0269 0368 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

23:20:16.0269 0368 LightScribeService - ok

23:20:16.0363 0368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:20:16.0378 0368 lltdio - ok

23:20:16.0441 0368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:20:16.0456 0368 lltdsvc - ok

23:20:16.0503 0368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:20:16.0503 0368 lmhosts - ok

23:20:16.0566 0368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:20:16.0566 0368 LSI_FC - ok

23:20:16.0597 0368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:20:16.0597 0368 LSI_SAS - ok

23:20:16.0628 0368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:20:16.0628 0368 LSI_SAS2 - ok

23:20:16.0644 0368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:20:16.0659 0368 LSI_SCSI - ok

23:20:16.0706 0368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:20:16.0722 0368 luafv - ok

23:20:16.0753 0368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:20:16.0753 0368 Mcx2Svc - ok

23:20:16.0800 0368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:20:16.0800 0368 megasas - ok

23:20:16.0846 0368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:20:16.0846 0368 MegaSR - ok

23:20:16.0956 0368 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

23:20:16.0956 0368 Microsoft Office Groove Audit Service - ok

23:20:17.0018 0368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:20:17.0018 0368 MMCSS - ok

23:20:17.0049 0368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:20:17.0049 0368 Modem - ok

23:20:17.0127 0368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:20:17.0127 0368 monitor - ok

23:20:17.0190 0368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

23:20:17.0190 0368 mouclass - ok

23:20:17.0283 0368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:20:17.0299 0368 mouhid - ok

23:20:17.0361 0368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:20:17.0361 0368 mountmgr - ok

23:20:17.0392 0368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:20:17.0392 0368 mpio - ok

23:20:17.0424 0368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:20:17.0424 0368 mpsdrv - ok

23:20:17.0486 0368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:20:17.0486 0368 MpsSvc - ok

23:20:17.0548 0368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:20:17.0548 0368 MRxDAV - ok

23:20:17.0595 0368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:20:17.0595 0368 mrxsmb - ok

23:20:17.0658 0368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:20:17.0658 0368 mrxsmb10 - ok

23:20:17.0673 0368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:20:17.0689 0368 mrxsmb20 - ok

23:20:17.0720 0368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:20:17.0720 0368 msahci - ok

23:20:17.0798 0368 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe

23:20:17.0798 0368 MSCamSvc - ok

23:20:17.0829 0368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:20:17.0829 0368 msdsm - ok

23:20:17.0845 0368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:20:17.0860 0368 MSDTC - ok

23:20:17.0938 0368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:20:17.0938 0368 Msfs - ok

23:20:17.0970 0368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:20:17.0970 0368 mshidkmdf - ok

23:20:18.0016 0368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:20:18.0016 0368 msisadrv - ok

23:20:18.0063 0368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:20:18.0063 0368 MSiSCSI - ok

23:20:18.0079 0368 msiserver - ok

23:20:18.0157 0368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:20:18.0157 0368 MSKSSRV - ok

23:20:18.0172 0368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:20:18.0172 0368 MSPCLOCK - ok

23:20:18.0188 0368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:20:18.0188 0368 MSPQM - ok

23:20:18.0250 0368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:20:18.0250 0368 MsRPC - ok

23:20:18.0297 0368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:20:18.0297 0368 mssmbios - ok

23:20:18.0375 0368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:20:18.0375 0368 MSTEE - ok

23:20:18.0406 0368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:20:18.0406 0368 MTConfig - ok

23:20:18.0453 0368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:20:18.0453 0368 Mup - ok

23:20:18.0625 0368 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe

23:20:18.0625 0368 N360 - ok

23:20:18.0703 0368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

23:20:18.0713 0368 napagent - ok

23:20:18.0773 0368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:20:18.0773 0368 NativeWifiP - ok

23:20:18.0963 0368 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121015.017\ENG64.SYS

23:20:18.0963 0368 NAVENG - ok

23:20:19.0073 0368 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121015.017\EX64.SYS

23:20:19.0103 0368 NAVEX15 - ok

23:20:19.0183 0368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:20:19.0193 0368 NDIS - ok

23:20:19.0265 0368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:20:19.0265 0368 NdisCap - ok

23:20:19.0315 0368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:20:19.0315 0368 NdisTapi - ok

23:20:19.0375 0368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:20:19.0385 0368 Ndisuio - ok

23:20:19.0435 0368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:20:19.0435 0368 NdisWan - ok

23:20:19.0485 0368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:20:19.0485 0368 NDProxy - ok

23:20:19.0565 0368 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

23:20:19.0575 0368 Net Driver HPZ12 - ok

23:20:19.0645 0368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:20:19.0645 0368 NetBIOS - ok

23:20:19.0705 0368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:20:19.0705 0368 NetBT - ok

23:20:19.0725 0368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

23:20:19.0735 0368 Netlogon - ok

23:20:19.0795 0368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:20:19.0805 0368 Netman - ok

23:20:19.0835 0368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:20:19.0845 0368 netprofm - ok

23:20:19.0875 0368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:20:19.0875 0368 NetTcpPortSharing - ok

23:20:19.0945 0368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:20:19.0945 0368 nfrd960 - ok

23:20:20.0015 0368 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:20:20.0025 0368 NlaSvc - ok

23:20:20.0075 0368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:20:20.0075 0368 Npfs - ok

23:20:20.0105 0368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:20:20.0105 0368 nsi - ok

23:20:20.0125 0368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:20:20.0125 0368 nsiproxy - ok

23:20:20.0205 0368 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:20:20.0225 0368 Ntfs - ok

23:20:20.0275 0368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:20:20.0275 0368 Null - ok

23:20:20.0575 0368 [ C967514483FA30A0A352E70BB6414D1D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:20:20.0823 0368 nvlddmkm - ok

23:20:20.0930 0368 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys

23:20:20.0940 0368 NVNET - ok

23:20:20.0965 0368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:20:20.0965 0368 nvraid - ok

23:20:21.0074 0368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:20:21.0106 0368 nvstor - ok

23:20:21.0168 0368 [ 6BA747B1A9297A6C0271700D12FDD495 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys

23:20:21.0184 0368 nvstor64 - ok

23:20:21.0262 0368 [ E26706A65D97EF9188B1D7BFA23C96C2 ] nvsvc C:\Windows\system32\nvvsvc.exe

23:20:21.0262 0368 nvsvc - ok

23:20:21.0308 0368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:20:21.0308 0368 nv_agp - ok

23:20:21.0402 0368 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:20:21.0418 0368 odserv - ok

23:20:21.0464 0368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:20:21.0464 0368 ohci1394 - ok

23:20:21.0527 0368 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:20:21.0527 0368 ose - ok

23:20:21.0620 0368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:20:21.0620 0368 p2pimsvc - ok

23:20:21.0683 0368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:20:21.0698 0368 p2psvc - ok

23:20:21.0730 0368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:20:21.0730 0368 Parport - ok

23:20:21.0776 0368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:20:21.0776 0368 partmgr - ok

23:20:21.0808 0368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:20:21.0823 0368 PcaSvc - ok

23:20:21.0839 0368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

23:20:21.0839 0368 pci - ok

23:20:21.0901 0368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

23:20:21.0901 0368 pciide - ok

23:20:21.0948 0368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:20:21.0948 0368 pcmcia - ok

23:20:21.0979 0368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:20:21.0979 0368 pcw - ok

23:20:22.0026 0368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:20:22.0026 0368 PEAUTH - ok

23:20:22.0120 0368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:20:22.0120 0368 PerfHost - ok

23:20:22.0198 0368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

23:20:22.0213 0368 pla - ok

23:20:22.0276 0368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:20:22.0276 0368 PlugPlay - ok

23:20:22.0322 0368 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

23:20:22.0322 0368 Pml Driver HPZ12 - ok

23:20:22.0354 0368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:20:22.0369 0368 PNRPAutoReg - ok

23:20:22.0385 0368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:20:22.0400 0368 PNRPsvc - ok

23:20:22.0447 0368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:20:22.0463 0368 PolicyAgent - ok

23:20:22.0541 0368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:20:22.0541 0368 Power - ok

23:20:22.0603 0368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:20:22.0619 0368 PptpMiniport - ok

23:20:22.0650 0368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:20:22.0650 0368 Processor - ok

23:20:22.0712 0368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

23:20:22.0728 0368 ProfSvc - ok

23:20:22.0744 0368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:20:22.0744 0368 ProtectedStorage - ok

23:20:22.0822 0368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:20:22.0822 0368 Psched - ok

23:20:22.0868 0368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:20:22.0884 0368 ql2300 - ok

23:20:22.0915 0368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:20:22.0915 0368 ql40xx - ok

23:20:22.0946 0368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:20:22.0962 0368 QWAVE - ok

23:20:22.0993 0368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:20:22.0993 0368 QWAVEdrv - ok

23:20:23.0134 0368 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys

23:20:23.0134 0368 RapportCerberus_42020 - ok

23:20:23.0227 0368 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

23:20:23.0227 0368 RapportEI64 - ok

23:20:23.0290 0368 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys

23:20:23.0290 0368 RapportKE64 - ok

23:20:23.0368 0368 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

23:20:23.0383 0368 RapportMgmtService - ok

23:20:23.0492 0368 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

23:20:23.0492 0368 RapportPG64 - ok

23:20:23.0524 0368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:20:23.0524 0368 RasAcd - ok

23:20:23.0586 0368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:20:23.0586 0368 RasAgileVpn - ok

23:20:23.0617 0368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:20:23.0633 0368 RasAuto - ok

23:20:23.0680 0368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:20:23.0680 0368 Rasl2tp - ok

23:20:23.0742 0368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

23:20:23.0742 0368 RasMan - ok

23:20:23.0804 0368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:20:23.0820 0368 RasPppoe - ok

23:20:23.0867 0368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:20:23.0914 0368 RasSstp - ok

23:20:24.0163 0368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:20:24.0179 0368 rdbss - ok

23:20:24.0194 0368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:20:24.0194 0368 rdpbus - ok

23:20:24.0241 0368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:20:24.0241 0368 RDPCDD - ok

23:20:24.0272 0368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:20:24.0272 0368 RDPENCDD - ok

23:20:24.0288 0368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:20:24.0304 0368 RDPREFMP - ok

23:20:24.0350 0368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:20:24.0350 0368 RDPWD - ok

23:20:24.0428 0368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:20:24.0428 0368 rdyboost - ok

23:20:24.0460 0368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:20:24.0460 0368 RemoteAccess - ok

23:20:24.0506 0368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:20:24.0506 0368 RemoteRegistry - ok

23:20:24.0553 0368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:20:24.0569 0368 RpcEptMapper - ok

23:20:24.0600 0368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:20:24.0600 0368 RpcLocator - ok

23:20:24.0647 0368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

23:20:24.0662 0368 RpcSs - ok

23:20:24.0725 0368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:20:24.0725 0368 rspndr - ok

23:20:24.0756 0368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

23:20:24.0756 0368 SamSs - ok

23:20:24.0803 0368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:20:24.0803 0368 sbp2port - ok

23:20:24.0850 0368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:20:24.0850 0368 SCardSvr - ok

23:20:24.0896 0368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:20:24.0896 0368 scfilter - ok

23:20:24.0959 0368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

23:20:24.0974 0368 Schedule - ok

23:20:25.0021 0368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:20:25.0021 0368 SCPolicySvc - ok

23:20:25.0068 0368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:20:25.0084 0368 SDRSVC - ok

23:20:25.0193 0368 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

23:20:25.0193 0368 SeaPort - ok

23:20:25.0224 0368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:20:25.0224 0368 secdrv - ok

23:20:25.0271 0368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

23:20:25.0271 0368 seclogon - ok

23:20:25.0302 0368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

23:20:25.0302 0368 SENS - ok

23:20:25.0364 0368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:20:25.0364 0368 SensrSvc - ok

23:20:25.0396 0368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:20:25.0396 0368 Serenum - ok

23:20:25.0427 0368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:20:25.0427 0368 Serial - ok

23:20:25.0474 0368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:20:25.0474 0368 sermouse - ok

23:20:25.0536 0368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:20:25.0552 0368 SessionEnv - ok

23:20:25.0583 0368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:20:25.0583 0368 sffdisk - ok

23:20:25.0598 0368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:20:25.0598 0368 sffp_mmc - ok

23:20:25.0645 0368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:20:25.0645 0368 sffp_sd - ok

23:20:25.0676 0368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:20:25.0676 0368 sfloppy - ok

23:20:25.0708 0368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:20:25.0723 0368 SharedAccess - ok

23:20:25.0770 0368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:20:25.0770 0368 ShellHWDetection - ok

23:20:25.0832 0368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:20:25.0848 0368 SiSRaid2 - ok

23:20:25.0879 0368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:20:25.0879 0368 SiSRaid4 - ok

23:20:25.0973 0368 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

23:20:25.0988 0368 SkypeUpdate - ok

23:20:26.0051 0368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:20:26.0051 0368 Smb - ok

23:20:26.0098 0368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:20:26.0098 0368 SNMPTRAP - ok

23:20:26.0129 0368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:20:26.0129 0368 spldr - ok

23:20:26.0191 0368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

23:20:26.0191 0368 Spooler - ok

23:20:26.0300 0368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

23:20:26.0347 0368 sppsvc - ok

23:20:26.0378 0368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:20:26.0378 0368 sppuinotify - ok

23:20:26.0534 0368 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\System32\Drivers\N360x64\1401010.002\SRTSP64.SYS

23:20:26.0550 0368 SRTSP - ok

23:20:26.0644 0368 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1401010.002\SRTSPX64.SYS

23:20:26.0644 0368 SRTSPX - ok

23:20:26.0706 0368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

23:20:26.0706 0368 srv - ok

23:20:26.0753 0368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:20:26.0768 0368 srv2 - ok

23:20:26.0784 0368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:20:26.0800 0368 srvnet - ok

23:20:26.0846 0368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:20:26.0862 0368 SSDPSRV - ok

23:20:26.0878 0368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:20:26.0893 0368 SstpSvc - ok

23:20:26.0924 0368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:20:26.0924 0368 stexstor - ok

23:20:26.0971 0368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

23:20:26.0987 0368 stisvc - ok

23:20:27.0034 0368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

23:20:27.0034 0368 swenum - ok

23:20:27.0080 0368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:20:27.0080 0368 swprv - ok

23:20:27.0252 0368 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

23:20:27.0268 0368 Symantec RemoteAssist - ok

23:20:27.0361 0368 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS

23:20:27.0361 0368 SymDS - ok

23:20:27.0439 0368 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS

23:20:27.0455 0368 SymEFA - ok

23:20:27.0517 0368 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

23:20:27.0517 0368 SymEvent - ok

23:20:27.0548 0368 SYMFW - ok

23:20:27.0611 0368 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS

23:20:27.0626 0368 SymIRON - ok

23:20:27.0642 0368 SYMNDISV - ok

23:20:27.0673 0368 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS

23:20:27.0673 0368 SymNetS - ok

23:20:27.0782 0368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

23:20:27.0829 0368 SysMain - ok

23:20:27.0892 0368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:20:27.0892 0368 TabletInputService - ok

23:20:27.0923 0368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:20:27.0923 0368 TapiSrv - ok

23:20:27.0970 0368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:20:27.0970 0368 TBS - ok

23:20:28.0048 0368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:20:28.0063 0368 Tcpip - ok

23:20:28.0126 0368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:20:28.0141 0368 TCPIP6 - ok

23:20:28.0204 0368 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:20:28.0204 0368 tcpipreg - ok

23:20:28.0235 0368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:20:28.0235 0368 TDPIPE - ok

23:20:28.0282 0368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:20:28.0282 0368 TDTCP - ok

23:20:28.0360 0368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:20:28.0360 0368 tdx - ok

23:20:28.0391 0368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:20:28.0406 0368 TermDD - ok

23:20:28.0453 0368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

23:20:28.0469 0368 TermService - ok

23:20:28.0500 0368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:20:28.0500 0368 Themes - ok

23:20:28.0531 0368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:20:28.0531 0368 THREADORDER - ok

23:20:28.0594 0368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:20:28.0609 0368 TrkWks - ok

23:20:28.0672 0368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:20:28.0672 0368 TrustedInstaller - ok

23:20:28.0750 0368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:20:28.0765 0368 tssecsrv - ok

23:20:28.0828 0368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:20:28.0828 0368 TsUsbFlt - ok

23:20:28.0906 0368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:20:28.0906 0368 tunnel - ok

23:20:28.0937 0368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:20:28.0937 0368 uagp35 - ok

23:20:28.0999 0368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:20:28.0999 0368 udfs - ok

23:20:29.0046 0368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:20:29.0062 0368 UI0Detect - ok

23:20:29.0077 0368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:20:29.0077 0368 uliagpkx - ok

23:20:29.0140 0368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

23:20:29.0140 0368 umbus - ok

23:20:29.0186 0368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:20:29.0202 0368 UmPass - ok

23:20:29.0218 0368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:20:29.0233 0368 upnphost - ok

23:20:29.0296 0368 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:20:29.0296 0368 USBAAPL64 - ok

23:20:29.0374 0368 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

23:20:29.0374 0368 usbaudio - ok

23:20:29.0436 0368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:20:29.0436 0368 usbccgp - ok

23:20:29.0514 0368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:20:29.0514 0368 usbcir - ok

23:20:29.0576 0368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:20:29.0576 0368 usbehci - ok

23:20:29.0654 0368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:20:29.0654 0368 usbhub - ok

23:20:29.0701 0368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

23:20:29.0701 0368 usbohci - ok

23:20:29.0764 0368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:20:29.0764 0368 usbprint - ok

23:20:29.0795 0368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:20:29.0795 0368 usbscan - ok

23:20:29.0826 0368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:20:29.0826 0368 USBSTOR - ok

23:20:29.0873 0368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

23:20:29.0888 0368 usbuhci - ok

23:20:29.0935 0368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:20:29.0935 0368 UxSms - ok

23:20:29.0981 0368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

23:20:29.0981 0368 VaultSvc - ok

23:20:30.0051 0368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:20:30.0051 0368 vdrvroot - ok

23:20:30.0111 0368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

23:20:30.0121 0368 vds - ok

23:20:30.0161 0368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:20:30.0161 0368 vga - ok

23:20:30.0181 0368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:20:30.0181 0368 VgaSave - ok

23:20:30.0231 0368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:20:30.0241 0368 vhdmp - ok

23:20:30.0261 0368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:20:30.0261 0368 viaide - ok

23:20:30.0291 0368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:20:30.0291 0368 volmgr - ok

23:20:30.0351 0368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:20:30.0351 0368 volmgrx - ok

23:20:30.0406 0368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:20:30.0406 0368 volsnap - ok

23:20:30.0484 0368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:20:30.0484 0368 vsmraid - ok

23:20:30.0562 0368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

23:20:30.0578 0368 VSS - ok

23:20:30.0609 0368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:20:30.0609 0368 vwifibus - ok

23:20:30.0718 0368 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys

23:20:30.0734 0368 VX3000 - ok

23:20:30.0781 0368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:20:30.0781 0368 W32Time - ok

23:20:30.0828 0368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:20:30.0828 0368 WacomPen - ok

23:20:30.0906 0368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:20:30.0906 0368 WANARP - ok

23:20:30.0921 0368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:20:30.0921 0368 Wanarpv6 - ok

23:20:31.0030 0368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:20:31.0046 0368 WatAdminSvc - ok

23:20:31.0155 0368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

23:20:31.0186 0368 wbengine - ok

23:20:31.0249 0368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:20:31.0249 0368 WbioSrvc - ok

23:20:31.0311 0368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:20:31.0311 0368 wcncsvc - ok

23:20:31.0342 0368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:20:31.0342 0368 WcsPlugInService - ok

23:20:31.0374 0368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:20:31.0389 0368 Wd - ok

23:20:31.0436 0368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:20:31.0436 0368 Wdf01000 - ok

23:20:31.0467 0368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:20:31.0467 0368 WdiServiceHost - ok

23:20:31.0483 0368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:20:31.0483 0368 WdiSystemHost - ok

23:20:31.0545 0368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:20:31.0561 0368 WebClient - ok

23:20:31.0623 0368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:20:31.0639 0368 Wecsvc - ok

23:20:31.0654 0368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:20:31.0670 0368 wercplsupport - ok

23:20:31.0686 0368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:20:31.0686 0368 WerSvc - ok

23:20:31.0748 0368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:20:31.0748 0368 WfpLwf - ok

23:20:31.0779 0368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:20:31.0779 0368 WIMMount - ok

23:20:31.0795 0368 WinDefend - ok

23:20:31.0826 0368 WinHttpAutoProxySvc - ok

23:20:31.0873 0368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:20:31.0873 0368 Winmgmt - ok

23:20:31.0951 0368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

23:20:31.0982 0368 WinRM - ok

23:20:32.0060 0368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:20:32.0060 0368 WinUsb - ok

23:20:32.0138 0368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:20:32.0154 0368 Wlansvc - ok

23:20:32.0232 0368 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

23:20:32.0232 0368 wlcrasvc - ok

23:20:32.0356 0368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:20:32.0388 0368 wlidsvc - ok

23:20:32.0434 0368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:20:32.0434 0368 WmiAcpi - ok

23:20:32.0466 0368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:20:32.0481 0368 wmiApSrv - ok

23:20:32.0528 0368 WMPNetworkSvc - ok

23:20:32.0622 0368 [ AE06D75F402DE21C922BCECB30F8FB50 ] WN111v2 C:\Windows\system32\DRIVERS\WN111v2x.sys

23:20:32.0622 0368 WN111v2 - ok

23:20:32.0653 0368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:20:32.0653 0368 WPCSvc - ok

23:20:32.0700 0368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:20:32.0700 0368 WPDBusEnum - ok

23:20:32.0731 0368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:20:32.0731 0368 ws2ifsl - ok

23:20:32.0762 0368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

23:20:32.0762 0368 wscsvc - ok

23:20:32.0778 0368 WSearch - ok

23:20:32.0902 0368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

23:20:32.0949 0368 wuauserv - ok

23:20:32.0980 0368 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:20:32.0980 0368 WudfPf - ok

23:20:33.0058 0368 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:20:33.0058 0368 WUDFRd - ok

23:20:33.0121 0368 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:20:33.0121 0368 wudfsvc - ok

23:20:33.0152 0368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

23:20:33.0168 0368 WwanSvc - ok

23:20:33.0386 0368 ================ Scan global ===============================

23:20:33.0417 0368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:20:33.0511 0368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

23:20:33.0558 0368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

23:20:33.0620 0368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:20:33.0651 0368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:20:33.0651 0368 [Global] - ok

23:20:33.0667 0368 ================ Scan MBR ==================================

23:20:33.0667 0368 [ 7776D739BFD97B30B095C7D4B834C04C ] \Device\Harddisk0\DR0

23:20:33.0667 0368 Suspicious mbr (Forged): \Device\Harddisk0\DR0

23:20:33.0729 0368 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

23:20:33.0729 0368 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

23:20:33.0792 0368 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

23:20:33.0792 0368 \Device\Harddisk0\DR0 - detected TDSS File System (1)

23:20:33.0792 0368 ================ Scan VBR ==================================

23:20:33.0807 0368 [ 20D218B71287C01B0817F27ABF3AC4BC ] \Device\Harddisk0\DR0\Partition1

23:20:33.0807 0368 \Device\Harddisk0\DR0\Partition1 - ok

23:20:33.0838 0368 [ 7A6424EA9E4D5582E37F247F5E00541D ] \Device\Harddisk0\DR0\Partition2

23:20:33.0838 0368 \Device\Harddisk0\DR0\Partition2 - ok

23:20:33.0885 0368 [ E5F490D53C7C27E497FECD887F8BAD12 ] \Device\Harddisk0\DR0\Partition3

23:20:33.0885 0368 \Device\Harddisk0\DR0\Partition3 - ok

23:20:33.0885 0368 ============================================================

23:20:33.0885 0368 Scan finished

23:20:33.0885 0368 ============================================================

23:20:33.0916 3128 Detected object count: 2

23:20:33.0916 3128 Actual detected object count: 2

23:21:38.0424 3128 \Device\Harddisk0\DR0\# - copied to quarantine

23:21:38.0434 3128 \Device\Harddisk0\DR0 - copied to quarantine

23:21:38.0484 3128 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

23:21:38.0494 3128 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

23:21:38.0604 3128 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

23:21:38.0634 3128 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

23:21:38.0644 3128 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

23:21:38.0654 3128 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

23:21:38.0674 3128 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

23:21:38.0754 3128 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

23:21:38.0784 3128 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

23:21:38.0804 3128 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

23:21:38.0824 3128 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

23:21:38.0844 3128 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

23:21:38.0914 3128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

23:21:38.0954 3128 \Device\Harddisk0\DR0 - ok

23:21:40.0895 3128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

23:21:40.0895 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

23:21:40.0895 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

23:21:55.0529 5032 Deinitialize success

23:24:52.0007 3924 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

23:24:54.0846 3924 ============================================================

23:24:54.0955 3924 Current date / time: 2012/10/15 23:24:54.0846

23:24:54.0955 3924 SystemInfo:

23:24:54.0955 3924

23:24:54.0955 3924 OS Version: 6.1.7601 ServicePack: 1.0

23:24:54.0955 3924 Product type: Workstation

23:24:54.0955 3924 ComputerName: STEFFY-PC

23:24:54.0955 3924 UserName: Steffy

23:24:54.0955 3924 Windows directory: C:\Windows

23:24:54.0955 3924 System windows directory: C:\Windows

23:24:54.0955 3924 Running under WOW64

23:24:54.0955 3924 Processor architecture: Intel x64

23:24:54.0955 3924 Number of processors: 1

23:24:54.0955 3924 Page size: 0x1000

23:24:54.0955 3924 Boot type: Normal boot

23:24:54.0955 3924 ============================================================

23:25:27.0888 3924 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

23:25:28.0029 3924 ============================================================

23:25:28.0029 3924 \Device\Harddisk0\DR0:

23:25:28.0107 3924 MBR partitions:

23:25:28.0107 3924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:25:28.0107 3924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800

23:25:28.0107 3924 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000

23:25:28.0107 3924 ============================================================

23:25:28.0653 3924 C: <-> \Device\Harddisk0\DR0\Partition2

23:25:29.0167 3924 D: <-> \Device\Harddisk0\DR0\Partition3

23:25:29.0167 3924 ============================================================

23:25:29.0167 3924 Initialize success

23:25:29.0167 3924 ============================================================

23:25:45.0126 3764 Deinitialize success

ComboFix 12-10-15.02 - Steffy 10/15/2012 23:36:20.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1719 [GMT -4:00]

Running from: c:\users\Steffy\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\Microsoft\Windows\DRM\8109.tmp

c:\programdata\Microsoft\Windows\DRM\8139.tmp

c:\windows\jestertb.dll

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_nvsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))

.

.

2012-10-16 03:52 . 2012-10-16 03:52 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-10-16 03:52 . 2012-10-16 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-16 03:21 . 2012-10-16 03:21 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-16 01:10 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-15 14:38 . 2012-10-15 14:38 -------- d-----w- c:\users\Steffy\AppData\Roaming\Malwarebytes

2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\programdata\Malwarebytes

2012-10-15 14:37 . 2012-10-16 01:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-15 05:06 . 2012-10-15 05:06 -------- d-----w- c:\users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-10-15 00:32 . 2012-10-16 00:50 -------- d-----w- c:\windows\system32\drivers\N360x64\1401010.002

2012-10-14 23:21 . 2012-10-15 13:54 -------- d-----w- c:\users\Steffy\AppData\Local\NPE

2012-10-14 03:02 . 2012-10-14 03:03 -------- d-----w- c:\program files\NVIDIA Corporation

2012-10-14 03:00 . 2009-07-31 03:48 704000 ----a-w- c:\windows\system32\cohelper.dll

2012-10-14 03:00 . 2009-07-31 03:39 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2012-10-14 02:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-10-14 02:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-10-10 17:52 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 17:52 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-10 17:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 17:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 17:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 17:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 17:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 17:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 17:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 17:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-10 17:38 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-10 17:34 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 17:34 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-04 23:34 . 2012-10-06 04:47 -------- d-----w- c:\program files (x86)\Pyware iPAS

2012-10-04 23:34 . 2012-10-04 23:34 -------- d--h--w- c:\program files (x86)\Zero G Registry

2012-10-04 23:33 . 2012-10-04 23:33 -------- d--h--w- c:\users\Steffy\InstallAnywhere

2012-09-26 23:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-22 04:17 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-22 04:15 . 2012-09-22 04:15 -------- d-----w- c:\program files\iPod

2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files\iTunes

2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files (x86)\iTunes

2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----r- c:\program files (x86)\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-15 00:35 . 2010-01-19 14:06 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-10-11 07:09 . 2010-01-10 18:12 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 16:24 . 2012-04-21 01:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 16:24 . 2011-05-15 17:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-22 20:34 . 2011-03-31 03:21 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2012-08-22 18:12 . 2012-09-12 19:53 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 19:53 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 19:53 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 19:53 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 17:01 . 2010-01-19 14:06 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-21 17:01 . 2010-01-19 14:06 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-20 17:38 . 2012-10-10 17:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 19:53 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 19:53 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-07-18 18:15 . 2012-08-16 00:11 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ALconnect"="c:\users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" [2012-07-04 716416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2008-12-2 1728512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 14681688;14681688; [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-08-23 40320]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS [2012-07-28 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS [2012-08-08 1132192]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-14 1385120]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys [2012-08-07 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSvia64.sys [2012-10-12 513184]

S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-10 397720]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS [2012-07-28 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS [2012-07-23 432800]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [2012-08-29 143928]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2008-09-29 553472]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 60941100

*NewlyCreated* - WS2IFSL

*Deregistered* - 60941100

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 16:24]

.

2012-10-02 c:\windows\Tasks\HPCeeScheduleForSteffy.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

2012-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://m.www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Steffy\AppData\Roaming\Mozilla\Firefox\Profiles\jn5yn95j.default\

FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/

FF - ExtSQL: !HIDDEN! 2010-01-11 22:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-60941100.sys

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,

1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:48,2d,dc,c9,22,a7,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-10-16 00:06:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-16 04:06

.

Pre-Run: 234,104,893,440 bytes free

Post-Run: 233,842,917,376 bytes free

.

- - End Of File - - 62A4E81FEC8BFA46E29F47AC1DA7780F

Please let me know if there are any more steps needed. Thank you!

Link to post
Share on other sites

Please do this next:

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • MBAM log

Link to post
Share on other sites

I ran the MBAM and it found the same infected files. On the reboot I got the blue screen. Here is the MBAM log:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.16.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Steffy :: STEFFY-PC [administrator]

10/16/2012 10:31:28 AM

mbam-log-2012-10-16 (10-31-28).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 414914

Time elapsed: 2 hour(s), 7 minute(s),

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4396 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\TDSSKiller_Quarantine\15.10.2012_23.18.59\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Please advise next steps...

Thank you!

Link to post
Share on other sites

Please do this next:

icon11.gif Download Farbar Recovery Scan Tool and save it to a flash drive. Note: You need the 64 bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Well that proved challenging. Had a hard time getting to System Recovery Options - kept getting blue screen. But finally got it and ran the scan - see log below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012

Ran by SYSTEM at 16-10-2012 20:35:38

Running from J:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-05-01] (Seagate LLC)

HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Steffy\...\Run: [ALconnect] C:\Users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [716416 2012-07-04] (Koninklijke Philips Electronics N.V.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk

ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)

==================== Services (Whitelisted) ===================

3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-28] (Atheros Communications, Inc.)

2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll" /prefetch:1 [531864 2012-08-21] (Symantec Corporation)

2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-09-22] (Trusteer Ltd.)

3 Symantec RemoteAssist; "C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-09-13] (Symantec Corporation)

1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSvia64.sys [513184 2012-10-12] (Symantec Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.002\ENG64.SYS [126112 2012-10-15] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.002\EX64.SYS [2084000 2012-10-15] (Symantec Corporation)

1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-10] ()

1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-22] (Trusteer Ltd.)

0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-22] (Trusteer Ltd.)

1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-22] (Trusteer Ltd.)

3 SRTSP; C:\Windows\System32\Drivers\N360x64\1401010.002\SRTSP64.SYS [776352 2012-08-10] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360x64\1401010.002\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\1401010.002\SYMDS64.SYS [493216 2012-07-27] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\1401010.002\SYMEFA64.SYS [1132192 2012-08-07] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-10-14] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation)

3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)

3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)

3 14681688; [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 SYMFW; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [x]

3 SYMNDISV; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-10-16 20:35 - 2012-10-16 20:35 - 00000000 ____D C:\FRST

2012-10-16 15:41 - 2012-10-16 15:41 - 00282080 ____A C:\Windows\Minidump\101612-34164-01.dmp

2012-10-16 15:32 - 2012-10-16 15:32 - 00282240 ____A C:\Windows\Minidump\101612-21949-01.dmp

2012-10-16 15:08 - 2012-10-16 15:08 - 01458573 ____A (Farbar) C:\Users\Steffy\Desktop\FRST64.exe

2012-10-16 10:25 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-10-16 10:24 - 2012-10-16 10:25 - 00288600 ____A C:\Windows\Minidump\101612-44257-01.dmp

2012-10-15 21:45 - 2012-10-15 21:46 - 00286416 ____A C:\Windows\Minidump\101612-46862-01.dmp

2012-10-15 20:11 - 2012-10-15 20:11 - 00022045 ____A C:\Users\Steffy\Desktop\combofix.txt

2012-10-15 20:06 - 2012-10-15 20:06 - 00022045 ____A C:\ComboFix.txt

2012-10-15 19:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-15 19:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-15 19:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-15 19:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-15 19:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-15 19:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-15 19:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-15 19:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-15 19:29 - 2012-10-15 20:07 - 00000000 ____D C:\Qoobox

2012-10-15 19:27 - 2012-10-15 20:02 - 00000000 ____D C:\Windows\erdnt

2012-10-15 19:23 - 2012-10-15 19:24 - 00296480 ____A C:\Windows\Minidump\101512-47361-01.dmp

2012-10-15 19:21 - 2012-10-15 19:21 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-10-15 19:17 - 2012-10-15 19:18 - 00000000 ____D C:\Users\Steffy\Desktop\tdsskiller

2012-10-15 19:15 - 2012-10-15 19:15 - 04980596 ____R (Swearware) C:\Users\Steffy\Desktop\ComboFix.exe

2012-10-15 19:15 - 2012-10-15 19:15 - 02194704 ____A C:\Users\Steffy\Desktop\tdsskiller.zip

2012-10-15 18:36 - 2012-10-15 18:36 - 00001840 ____A C:\Users\Steffy\Desktop\aswMBR.txt

2012-10-15 18:36 - 2012-10-15 18:36 - 00000512 ____A C:\Users\Steffy\Desktop\MBR.dat

2012-10-15 18:32 - 2012-10-15 18:33 - 04731392 ____A (AVAST Software) C:\Users\Steffy\Desktop\aswMBR.exe

2012-10-15 17:41 - 2012-10-15 17:41 - 00022751 ____A C:\Users\Steffy\Desktop\attach.txt

2012-10-15 17:41 - 2012-10-15 17:41 - 00020616 ____A C:\Users\Steffy\Desktop\dds.txt

2012-10-15 17:34 - 2012-10-15 17:34 - 00706431 ____R (Swearware) C:\Users\Steffy\Desktop\dds.scr

2012-10-15 17:10 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-15 17:09 - 2012-10-15 17:09 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Steffy\Desktop\mbam-setup-1.65.0.1400.exe

2012-10-15 17:04 - 2012-10-15 17:04 - 00288120 ____A C:\Windows\Minidump\101512-33087-01.dmp

2012-10-15 16:37 - 2012-10-15 16:37 - 00287384 ____A C:\Windows\Minidump\101512-90028-01.dmp

2012-10-15 12:55 - 2012-10-15 17:10 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-15 12:13 - 2012-10-15 12:13 - 00283144 ____A C:\Windows\Minidump\101512-87329-01.dmp

2012-10-15 06:38 - 2012-10-15 06:38 - 00000000 ____D C:\Users\Steffy\AppData\Roaming\Malwarebytes

2012-10-15 06:37 - 2012-10-15 17:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-15 06:37 - 2012-10-15 06:37 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-14 22:17 - 2012-10-14 22:18 - 00282240 ____A C:\Windows\Minidump\101512-103319-01.dmp

2012-10-14 22:10 - 2012-10-14 22:10 - 00282240 ____A C:\Windows\Minidump\101512-95753-01.dmp

2012-10-14 21:58 - 2012-10-14 21:59 - 00290712 ____A C:\Windows\Minidump\101512-98374-01.dmp

2012-10-14 21:06 - 2012-10-14 21:06 - 00000000 ____D C:\Users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-10-14 17:12 - 2012-10-14 17:12 - 00286864 ____A C:\Windows\Minidump\101412-35303-01.dmp

2012-10-14 16:18 - 2012-10-14 16:18 - 00002052 ____A C:\Windows\epplauncher.mif

2012-10-14 15:47 - 2012-10-14 15:47 - 13529576 ____A (Microsoft Corporation) C:\Users\Steffy\Desktop\mseinstall.exe

2012-10-14 15:21 - 2012-10-15 05:54 - 00000000 ____D C:\Users\Steffy\AppData\Local\NPE

2012-10-14 10:27 - 2012-10-14 15:20 - 02957840 ____A (Symantec Corporation) C:\Users\Steffy\Desktop\NPE.exe

2012-10-13 19:02 - 2012-10-13 19:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2012-10-13 19:00 - 2009-07-30 19:48 - 00704000 ____A (NVIDIA Corporation) C:\Windows\System32\cohelper.dll

2012-10-13 19:00 - 2009-07-30 19:39 - 00006136 ____A C:\Windows\System32\Drivers\nvphy.bin

2012-10-13 18:59 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

2012-10-13 18:59 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2012-10-13 07:05 - 2012-10-13 07:05 - 01108944 ____A C:\Windows\Minidump\101312-48485-01.dmp

2012-10-10 09:52 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-10-10 09:52 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-10-10 09:39 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-10-10 09:39 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2012-10-10 09:39 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-10-10 09:39 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-10-10 09:39 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-10-10 09:39 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-10-10 09:39 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-10-10 09:39 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-10-10 09:38 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-10-10 09:37 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-10-10 09:37 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-10-10 09:37 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-10-10 09:37 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-10-10 09:37 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-10-10 09:37 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-10-10 09:37 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-10-10 09:37 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-10-10 09:37 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-10-10 09:37 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-10-10 09:37 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-10-10 09:37 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-10-10 09:37 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-10-10 09:37 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-10-10 09:37 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-10 09:37 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-10-10 09:34 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-10-10 09:34 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-10-06 07:36 - 2012-10-06 07:37 - 01175400 ____A C:\Windows\Minidump\100612-57923-01.dmp

2012-10-05 17:29 - 2012-10-05 17:29 - 00292416 ____A C:\Windows\Minidump\100512-56706-01.dmp

2012-10-04 15:34 - 2012-10-05 20:47 - 00000000 ____D C:\Program Files (x86)\Pyware iPAS

2012-10-04 15:34 - 2012-10-04 15:34 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry

2012-10-04 15:33 - 2012-10-04 15:33 - 00000000 ___HD C:\Users\Steffy\InstallAnywhere

2012-09-26 15:19 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-09-24 05:17 - 2012-09-24 05:17 - 01218760 ____A C:\Windows\Minidump\092412-23727-01.dmp

2012-09-21 21:28 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-21 21:28 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-21 21:28 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-21 21:28 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-21 21:28 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-21 21:28 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-21 21:28 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-21 21:28 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-21 21:28 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-21 21:28 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-21 21:28 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-21 21:28 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-21 21:28 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-21 21:28 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-21 21:28 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-21 21:28 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-21 21:28 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-09-21 21:28 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-09-21 21:28 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-09-21 21:28 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-09-21 21:28 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-09-21 21:28 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-09-21 21:28 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-09-21 21:28 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-09-21 21:28 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-09-21 21:28 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-09-21 21:28 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-09-21 21:28 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-09-21 21:28 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-09-21 21:28 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-09-21 21:28 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-09-21 21:28 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-09-21 20:17 - 2012-09-21 20:17 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-09-21 20:17 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-09-21 20:15 - 2012-09-21 20:17 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-21 20:15 - 2012-09-21 20:17 - 00000000 ____D C:\Program Files\iTunes

2012-09-21 20:15 - 2012-09-21 20:17 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-09-21 20:15 - 2012-09-21 20:15 - 00000000 ____D C:\Program Files\iPod

2012-09-18 17:55 - 2012-09-18 17:55 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== 3 Months Modified Files ==================

2012-10-16 16:25 - 2012-06-29 06:06 - 00008187 ____A C:\Windows\setupact.log

2012-10-16 16:25 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-16 15:45 - 2009-07-13 21:13 - 00732638 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-16 15:41 - 2012-10-16 15:41 - 00282080 ____A C:\Windows\Minidump\101612-34164-01.dmp

2012-10-16 15:41 - 2012-07-19 20:28 - 387813058 ____A C:\Windows\MEMORY.DMP

2012-10-16 15:39 - 2009-08-21 11:37 - 01933386 ____A C:\Windows\WindowsUpdate.log

2012-10-16 15:32 - 2012-10-16 15:32 - 00282240 ____A C:\Windows\Minidump\101612-21949-01.dmp

2012-10-16 15:24 - 2012-07-29 04:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-16 15:08 - 2012-10-16 15:08 - 01458573 ____A (Farbar) C:\Users\Steffy\Desktop\FRST64.exe

2012-10-16 10:38 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-16 10:38 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-16 10:25 - 2012-10-16 10:24 - 00288600 ____A C:\Windows\Minidump\101612-44257-01.dmp

2012-10-16 10:24 - 2009-08-15 10:22 - 02288380 ____A C:\Windows\PFRO.log

2012-10-15 21:46 - 2012-10-15 21:45 - 00286416 ____A C:\Windows\Minidump\101612-46862-01.dmp

2012-10-15 20:11 - 2012-10-15 20:11 - 00022045 ____A C:\Users\Steffy\Desktop\combofix.txt

2012-10-15 20:06 - 2012-10-15 20:06 - 00022045 ____A C:\ComboFix.txt

2012-10-15 19:56 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-10-15 19:54 - 2009-07-13 18:34 - 79953920 ____A C:\Windows\System32\config\software.bak

2012-10-15 19:54 - 2009-07-13 18:34 - 15728640 ____A C:\Windows\System32\config\system.bak

2012-10-15 19:54 - 2009-07-13 18:34 - 00786432 ____A C:\Windows\System32\config\default.bak

2012-10-15 19:54 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak

2012-10-15 19:54 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak

2012-10-15 19:24 - 2012-10-15 19:23 - 00296480 ____A C:\Windows\Minidump\101512-47361-01.dmp

2012-10-15 19:15 - 2012-10-15 19:15 - 04980596 ____R (Swearware) C:\Users\Steffy\Desktop\ComboFix.exe

2012-10-15 19:15 - 2012-10-15 19:15 - 02194704 ____A C:\Users\Steffy\Desktop\tdsskiller.zip

2012-10-15 18:36 - 2012-10-15 18:36 - 00001840 ____A C:\Users\Steffy\Desktop\aswMBR.txt

2012-10-15 18:36 - 2012-10-15 18:36 - 00000512 ____A C:\Users\Steffy\Desktop\MBR.dat

2012-10-15 18:33 - 2012-10-15 18:32 - 04731392 ____A (AVAST Software) C:\Users\Steffy\Desktop\aswMBR.exe

2012-10-15 17:41 - 2012-10-15 17:41 - 00022751 ____A C:\Users\Steffy\Desktop\attach.txt

2012-10-15 17:41 - 2012-10-15 17:41 - 00020616 ____A C:\Users\Steffy\Desktop\dds.txt

2012-10-15 17:34 - 2012-10-15 17:34 - 00706431 ____R (Swearware) C:\Users\Steffy\Desktop\dds.scr

2012-10-15 17:10 - 2012-10-15 12:55 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-15 17:09 - 2012-10-15 17:09 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Steffy\Desktop\mbam-setup-1.65.0.1400.exe

2012-10-15 17:04 - 2012-10-15 17:04 - 00288120 ____A C:\Windows\Minidump\101512-33087-01.dmp

2012-10-15 16:37 - 2012-10-15 16:37 - 00287384 ____A C:\Windows\Minidump\101512-90028-01.dmp

2012-10-15 12:13 - 2012-10-15 12:13 - 00283144 ____A C:\Windows\Minidump\101512-87329-01.dmp

2012-10-14 22:18 - 2012-10-14 22:17 - 00282240 ____A C:\Windows\Minidump\101512-103319-01.dmp

2012-10-14 22:10 - 2012-10-14 22:10 - 00282240 ____A C:\Windows\Minidump\101512-95753-01.dmp

2012-10-14 21:59 - 2012-10-14 21:58 - 00290712 ____A C:\Windows\Minidump\101512-98374-01.dmp

2012-10-14 17:12 - 2012-10-14 17:12 - 00286864 ____A C:\Windows\Minidump\101412-35303-01.dmp

2012-10-14 16:41 - 2011-01-11 13:22 - 00001262 ____A C:\Users\Steffy\Desktop\Norton Installation Files.lnk

2012-10-14 16:35 - 2010-01-19 06:06 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS

2012-10-14 16:35 - 2010-01-19 06:06 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

2012-10-14 16:18 - 2012-10-14 16:18 - 00002052 ____A C:\Windows\epplauncher.mif

2012-10-14 15:47 - 2012-10-14 15:47 - 13529576 ____A (Microsoft Corporation) C:\Users\Steffy\Desktop\mseinstall.exe

2012-10-14 15:20 - 2012-10-14 10:27 - 02957840 ____A (Symantec Corporation) C:\Users\Steffy\Desktop\NPE.exe

2012-10-13 07:05 - 2012-10-13 07:05 - 01108944 ____A C:\Windows\Minidump\101312-48485-01.dmp

2012-10-10 23:09 - 2010-01-10 10:12 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-10-10 13:58 - 2010-01-11 16:32 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-10-09 08:24 - 2012-04-20 17:33 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-10-09 08:24 - 2011-05-15 09:22 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-10-06 07:37 - 2012-10-06 07:36 - 01175400 ____A C:\Windows\Minidump\100612-57923-01.dmp

2012-10-05 17:29 - 2012-10-05 17:29 - 00292416 ____A C:\Windows\Minidump\100512-56706-01.dmp

2012-10-02 06:19 - 2012-05-09 14:52 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForSteffy.job

2012-09-25 08:32 - 2009-07-13 21:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-09-24 05:17 - 2012-09-24 05:17 - 01218760 ____A C:\Windows\Minidump\092412-23727-01.dmp

2012-09-22 12:34 - 2011-03-30 19:21 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys

2012-09-21 20:17 - 2012-09-21 20:17 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-09-18 17:55 - 2011-12-19 11:52 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2012-09-14 11:19 - 2012-10-10 09:52 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-09-14 10:28 - 2012-10-10 09:52 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-09-07 13:04 - 2012-10-15 17:10 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-01 19:11 - 2012-01-19 17:27 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-08-31 10:19 - 2012-10-10 09:38 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-08-31 10:00 - 2010-01-09 12:33 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job

2012-08-29 06:00 - 2012-01-16 21:12 - 00010191 ____A C:\Users\Steffy\Documents\Budget2012.xlsx

2012-08-24 10:05 - 2012-10-10 09:34 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-08-24 08:57 - 2012-10-10 09:34 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-08-24 03:15 - 2012-09-21 21:28 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-24 02:39 - 2012-09-21 21:28 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-24 02:31 - 2012-09-21 21:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-24 02:22 - 2012-09-21 21:28 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-24 02:21 - 2012-09-21 21:28 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-24 02:20 - 2012-09-21 21:28 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-24 02:18 - 2012-09-21 21:28 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-24 02:17 - 2012-09-21 21:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-24 02:14 - 2012-09-21 21:28 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-24 02:14 - 2012-09-21 21:28 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-24 02:13 - 2012-09-21 21:28 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-24 02:12 - 2012-09-21 21:28 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-24 02:11 - 2012-09-21 21:28 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-24 02:10 - 2012-09-21 21:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-24 02:09 - 2012-09-21 21:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-24 02:04 - 2012-09-21 21:28 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-23 23:27 - 2012-09-21 21:28 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-23 23:03 - 2012-09-21 21:28 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-23 22:59 - 2012-09-21 21:28 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-23 22:51 - 2012-09-21 21:28 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-23 22:51 - 2012-09-21 21:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-23 22:51 - 2012-09-21 21:28 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-23 22:49 - 2012-09-21 21:28 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-23 22:48 - 2012-09-21 21:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-23 22:47 - 2012-09-21 21:28 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-23 22:47 - 2012-09-21 21:28 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-08-23 22:47 - 2012-09-21 21:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-23 22:45 - 2012-09-21 21:28 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-08-23 22:44 - 2012-09-21 21:28 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-23 22:44 - 2012-09-21 21:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-23 22:43 - 2012-09-21 21:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-23 22:40 - 2012-09-21 21:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-22 10:12 - 2012-09-12 11:53 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-12 11:53 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-12 11:53 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-12 11:53 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 13:01 - 2012-09-26 15:19 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-08-21 09:01 - 2012-09-21 20:17 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-08-21 09:01 - 2010-01-19 06:06 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll

2012-08-21 09:01 - 2010-01-19 06:06 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll

2012-08-20 10:48 - 2012-10-10 09:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-08-20 10:48 - 2012-10-10 09:37 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-08-20 10:48 - 2012-10-10 09:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-08-20 10:48 - 2012-10-10 09:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-08-20 10:48 - 2012-10-10 09:37 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-08-20 10:48 - 2012-10-10 09:37 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-08-20 10:48 - 2012-10-10 09:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-08-20 10:46 - 2012-10-10 09:37 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-08-20 10:38 - 2012-10-10 09:37 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 09:40 - 2012-10-10 09:37 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-08-20 09:38 - 2012-10-10 09:37 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-08-20 09:37 - 2012-10-10 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-08-20 09:37 - 2012-10-10 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-08-20 09:37 - 2012-10-10 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-08-20 07:38 - 2012-10-10 09:37 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-08-20 07:38 - 2012-10-10 09:37 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-08-20 07:33 - 2012-10-10 09:37 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-08-16 05:18 - 2009-07-13 20:45 - 00440552 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-13 10:55 - 2012-08-13 10:53 - 01325320 ____A C:\Windows\Minidump\081312-26832-01.dmp

2012-08-11 08:41 - 2012-08-11 08:40 - 01236704 ____A C:\Windows\Minidump\081112-51995-01.dmp

2012-08-10 16:56 - 2012-10-10 09:39 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-08-10 15:56 - 2012-10-10 09:39 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2012-08-02 09:58 - 2012-09-12 11:53 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-12 11:53 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-07-29 04:14 - 2012-07-29 04:13 - 01234616 ____A C:\Windows\Minidump\072912-26348-01.dmp

2012-07-25 13:31 - 2011-11-02 07:48 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-07-19 20:29 - 2012-07-19 20:28 - 01342960 ____A C:\Windows\Minidump\072012-23478-01.dmp

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-11 19:21:23

Restore point made on: 2012-10-11 23:01:02

Restore point made on: 2012-10-13 07:11:27

Restore point made on: 2012-10-13 18:45:35

Restore point made on: 2012-10-13 18:59:41

Restore point made on: 2012-10-13 23:01:04

Restore point made on: 2012-10-14 11:24:23

Restore point made on: 2012-10-14 15:40:41

Restore point made on: 2012-10-15 05:18:22

Restore point made on: 2012-10-15 12:21:45

Restore point made on: 2012-10-15 16:46:07

Restore point made on: 2012-10-15 23:00:49

==================== Memory info ===========================

Percentage of memory in use: 23%

Total physical RAM: 2942.49 MB

Available physical RAM: 2248.02 MB

Total Pagefile: 2940.64 MB

Available Pagefile: 2238.07 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:217.79 GB) NTFS

2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF

7 Drive j: (UDISK 28X) (Removable) (Total:0.96 GB) (Free:0.2 GB) FAT

9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS

10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 Online 980 MB 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 286 GB 101 MB

Partition 3 Primary 11 GB 286 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C HP NTFS Partition 286 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 4:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 979 MB 16 KB

==================================================================================

Disk: 4

Partition 1

Type : 0E

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 7 J UDISK 28X FAT Removable 979 MB Healthy

=========================================================

Last Boot: 2012-10-06 14:40

==================== End Of Log =============================

Please advise next steps.

Thank you!

Link to post
Share on other sites

Please do this next:

icon11.gif Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [] [x]
C:\Windows\svchost.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

icon11.gif Once that's done, reboot and run TDSSKiller again for me. Be sure to reboot after that finishes as well.

Please include the following in your next post:

  • Fixlog.txt log
  • TDSSKiller log

Link to post
Share on other sites

Okay. I ran both and here are the results. There were 3 TDSSKiller logs produced so I've posted all 3 for you.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012

Ran by SYSTEM at 2012-10-16 23:45:09 Run:1

Running from J:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====

TDSSKiller.2.8.13.0_17.10.2012_00.16.08_log

00:16:08.0557 3424 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

00:16:11.0068 3424 ============================================================

00:16:11.0068 3424 Current date / time: 2012/10/17 00:16:11.0068

00:16:11.0068 3424 SystemInfo:

00:16:11.0068 3424

00:16:11.0068 3424 OS Version: 6.1.7601 ServicePack: 1.0

00:16:11.0068 3424 Product type: Workstation

00:16:11.0068 3424 ComputerName: STEFFY-PC

00:16:11.0068 3424 UserName: Steffy

00:16:11.0068 3424 Windows directory: C:\Windows

00:16:11.0068 3424 System windows directory: C:\Windows

00:16:11.0068 3424 Running under WOW64

00:16:11.0068 3424 Processor architecture: Intel x64

00:16:11.0068 3424 Number of processors: 1

00:16:11.0068 3424 Page size: 0x1000

00:16:11.0068 3424 Boot type: Normal boot

00:16:11.0068 3424 ============================================================

00:16:20.0794 3424 BG loaded

00:16:21.0758 3424 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

00:16:21.0991 3424 ============================================================

00:16:21.0991 3424 \Device\Harddisk0\DR0:

00:16:21.0991 3424 MBR partitions:

00:16:21.0991 3424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

00:16:21.0992 3424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800

00:16:21.0992 3424 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000

00:16:21.0992 3424 ============================================================

00:16:22.0078 3424 C: <-> \Device\Harddisk0\DR0\Partition2

00:16:22.0282 3424 D: <-> \Device\Harddisk0\DR0\Partition3

00:16:22.0283 3424 ============================================================

00:16:22.0283 3424 Initialize success

00:16:22.0283 3424 ============================================================

00:16:51.0795 3392 Deinitialize success

TDSSKiller.2.8.13.0_17.10.2012_00.12.46_log

00:12:46.0112 4588 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

00:12:46.0144 4588 ============================================================

00:12:46.0144 4588 Current date / time: 2012/10/17 00:12:46.0144

00:12:46.0144 4588 SystemInfo:

00:12:46.0144 4588

00:12:46.0144 4588 OS Version: 6.1.7601 ServicePack: 1.0

00:12:46.0144 4588 Product type: Workstation

00:12:46.0144 4588 ComputerName: STEFFY-PC

00:12:46.0144 4588 UserName: Steffy

00:12:46.0144 4588 Windows directory: C:\Windows

00:12:46.0144 4588 System windows directory: C:\Windows

00:12:46.0144 4588 Running under WOW64

00:12:46.0144 4588 Processor architecture: Intel x64

00:12:46.0144 4588 Number of processors: 1

00:12:46.0144 4588 Page size: 0x1000

00:12:46.0144 4588 Boot type: Normal boot

00:12:46.0144 4588 ============================================================

00:12:47.0953 4588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

00:12:47.0984 4588 ============================================================

00:12:47.0984 4588 \Device\Harddisk0\DR0:

00:12:48.0000 4588 MBR partitions:

00:12:48.0000 4588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

00:12:48.0000 4588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800

00:12:48.0000 4588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000

00:12:48.0000 4588 ============================================================

00:12:48.0094 4588 C: <-> \Device\Harddisk0\DR0\Partition2

00:12:48.0140 4588 D: <-> \Device\Harddisk0\DR0\Partition3

00:12:48.0140 4588 ============================================================

00:12:48.0140 4588 Initialize success

00:12:48.0140 4588 ============================================================

00:13:04.0505 3340 ============================================================

00:13:04.0505 3340 Scan started

00:13:04.0505 3340 Mode: Manual; TDLFS;

00:13:04.0505 3340 ============================================================

00:13:05.0550 3340 ================ Scan system memory ========================

00:13:05.0550 3340 System memory - ok

00:13:05.0566 3340 ================ Scan services =============================

00:13:05.0878 3340 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

00:13:05.0893 3340 1394ohci - ok

00:13:05.0940 3340 14681688 - ok

00:13:06.0002 3340 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

00:13:06.0002 3340 ACPI - ok

00:13:06.0065 3340 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

00:13:06.0065 3340 AcpiPmi - ok

00:13:06.0190 3340 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

00:13:06.0190 3340 AdobeFlashPlayerUpdateSvc - ok

00:13:06.0252 3340 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

00:13:06.0268 3340 adp94xx - ok

00:13:06.0314 3340 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

00:13:06.0330 3340 adpahci - ok

00:13:06.0346 3340 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

00:13:06.0346 3340 adpu320 - ok

00:13:06.0392 3340 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

00:13:06.0392 3340 AeLookupSvc - ok

00:13:06.0439 3340 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

00:13:06.0455 3340 AFD - ok

00:13:06.0533 3340 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

00:13:06.0533 3340 AgereModemAudio - ok

00:13:06.0611 3340 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

00:13:06.0626 3340 AgereSoftModem - ok

00:13:06.0689 3340 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

00:13:06.0689 3340 agp440 - ok

00:13:06.0736 3340 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

00:13:06.0736 3340 ALG - ok

00:13:06.0782 3340 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

00:13:06.0782 3340 aliide - ok

00:13:06.0845 3340 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

00:13:06.0845 3340 amdide - ok

00:13:06.0907 3340 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

00:13:06.0907 3340 AmdK8 - ok

00:13:06.0923 3340 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

00:13:06.0923 3340 AmdPPM - ok

00:13:07.0001 3340 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

00:13:07.0001 3340 amdsata - ok

00:13:07.0032 3340 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

00:13:07.0048 3340 amdsbs - ok

00:13:07.0063 3340 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

00:13:07.0063 3340 amdxata - ok

00:13:07.0126 3340 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

00:13:07.0126 3340 AppID - ok

00:13:07.0157 3340 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

00:13:07.0157 3340 AppIDSvc - ok

00:13:07.0219 3340 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

00:13:07.0219 3340 Appinfo - ok

00:13:07.0360 3340 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:13:07.0360 3340 Apple Mobile Device - ok

00:13:07.0422 3340 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

00:13:07.0422 3340 arc - ok

00:13:07.0453 3340 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

00:13:07.0453 3340 arcsas - ok

00:13:07.0516 3340 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

00:13:07.0516 3340 AsyncMac - ok

00:13:07.0578 3340 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

00:13:07.0578 3340 atapi - ok

00:13:07.0640 3340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

00:13:07.0656 3340 AudioEndpointBuilder - ok

00:13:07.0672 3340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

00:13:07.0687 3340 AudioSrv - ok

00:13:07.0750 3340 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

00:13:07.0750 3340 AxInstSV - ok

00:13:07.0812 3340 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

00:13:07.0828 3340 b06bdrv - ok

00:13:07.0890 3340 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

00:13:07.0906 3340 b57nd60a - ok

00:13:07.0952 3340 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

00:13:07.0968 3340 BDESVC - ok

00:13:08.0015 3340 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

00:13:08.0015 3340 Beep - ok

00:13:08.0124 3340 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

00:13:08.0140 3340 BFE - ok

00:13:08.0389 3340 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys

00:13:08.0405 3340 BHDrvx64 - ok

00:13:08.0467 3340 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

00:13:08.0483 3340 BITS - ok

00:13:08.0545 3340 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

00:13:08.0545 3340 blbdrive - ok

00:13:08.0623 3340 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

00:13:08.0639 3340 Bonjour Service - ok

00:13:08.0686 3340 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

00:13:08.0686 3340 bowser - ok

00:13:08.0701 3340 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:13:08.0717 3340 BrFiltLo - ok

00:13:08.0732 3340 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:13:08.0748 3340 BrFiltUp - ok

00:13:08.0810 3340 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

00:13:08.0810 3340 BridgeMP - ok

00:13:08.0857 3340 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

00:13:08.0857 3340 Browser - ok

00:13:08.0888 3340 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

00:13:08.0888 3340 Brserid - ok

00:13:08.0935 3340 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

00:13:08.0935 3340 BrSerWdm - ok

00:13:08.0966 3340 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

00:13:08.0966 3340 BrUsbMdm - ok

00:13:08.0982 3340 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

00:13:08.0982 3340 BrUsbSer - ok

00:13:08.0998 3340 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

00:13:08.0998 3340 BTHMODEM - ok

00:13:09.0060 3340 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

00:13:09.0076 3340 bthserv - ok

00:13:09.0107 3340 catchme - ok

00:13:09.0232 3340 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys

00:13:09.0247 3340 ccSet_N360 - ok

00:13:09.0294 3340 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

00:13:09.0310 3340 cdfs - ok

00:13:09.0372 3340 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

00:13:09.0388 3340 cdrom - ok

00:13:09.0434 3340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

00:13:09.0434 3340 CertPropSvc - ok

00:13:09.0497 3340 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

00:13:09.0497 3340 circlass - ok

00:13:09.0528 3340 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

00:13:09.0544 3340 CLFS - ok

00:13:09.0590 3340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:13:09.0590 3340 clr_optimization_v2.0.50727_32 - ok

00:13:09.0653 3340 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:13:09.0653 3340 clr_optimization_v2.0.50727_64 - ok

00:13:09.0762 3340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:13:09.0762 3340 clr_optimization_v4.0.30319_32 - ok

00:13:09.0793 3340 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:13:09.0793 3340 clr_optimization_v4.0.30319_64 - ok

00:13:09.0856 3340 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

00:13:09.0856 3340 CmBatt - ok

00:13:09.0887 3340 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

00:13:09.0902 3340 cmdide - ok

00:13:09.0949 3340 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

00:13:09.0949 3340 CNG - ok

00:13:09.0980 3340 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

00:13:09.0980 3340 Compbatt - ok

00:13:10.0043 3340 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

00:13:10.0043 3340 CompositeBus - ok

00:13:10.0074 3340 COMSysApp - ok

00:13:10.0121 3340 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

00:13:10.0121 3340 crcdisk - ok

00:13:10.0183 3340 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

00:13:10.0183 3340 CryptSvc - ok

00:13:10.0246 3340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

00:13:10.0261 3340 DcomLaunch - ok

00:13:10.0308 3340 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

00:13:10.0324 3340 defragsvc - ok

00:13:10.0370 3340 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

00:13:10.0370 3340 DfsC - ok

00:13:10.0464 3340 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

00:13:10.0480 3340 Dhcp - ok

00:13:10.0511 3340 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

00:13:10.0511 3340 discache - ok

00:13:10.0573 3340 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

00:13:10.0573 3340 Disk - ok

00:13:10.0604 3340 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

00:13:10.0620 3340 Dnscache - ok

00:13:10.0682 3340 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

00:13:10.0682 3340 dot3svc - ok

00:13:10.0745 3340 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

00:13:10.0760 3340 Dot4 - ok

00:13:10.0807 3340 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

00:13:10.0823 3340 Dot4Print - ok

00:13:10.0901 3340 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

00:13:10.0901 3340 dot4usb - ok

00:13:10.0963 3340 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

00:13:10.0963 3340 DPS - ok

00:13:11.0010 3340 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

00:13:11.0010 3340 drmkaud - ok

00:13:11.0088 3340 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

00:13:11.0104 3340 DXGKrnl - ok

00:13:11.0150 3340 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

00:13:11.0150 3340 EapHost - ok

00:13:11.0260 3340 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

00:13:11.0291 3340 ebdrv - ok

00:13:11.0400 3340 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

00:13:11.0400 3340 eeCtrl - ok

00:13:11.0447 3340 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

00:13:11.0447 3340 EFS - ok

00:13:11.0556 3340 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

00:13:11.0572 3340 ehRecvr - ok

00:13:11.0618 3340 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

00:13:11.0634 3340 ehSched - ok

00:13:11.0712 3340 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

00:13:11.0728 3340 elxstor - ok

00:13:11.0821 3340 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

00:13:11.0821 3340 EraserUtilRebootDrv - ok

00:13:11.0868 3340 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

00:13:11.0868 3340 ErrDev - ok

00:13:11.0946 3340 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

00:13:11.0946 3340 EventSystem - ok

00:13:11.0993 3340 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

00:13:11.0993 3340 exfat - ok

00:13:12.0008 3340 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

00:13:12.0024 3340 fastfat - ok

00:13:12.0102 3340 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

00:13:12.0118 3340 Fax - ok

00:13:12.0149 3340 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

00:13:12.0149 3340 fdc - ok

00:13:12.0164 3340 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

00:13:12.0180 3340 fdPHost - ok

00:13:12.0196 3340 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

00:13:12.0196 3340 FDResPub - ok

00:13:12.0227 3340 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

00:13:12.0227 3340 FileInfo - ok

00:13:12.0258 3340 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

00:13:12.0258 3340 Filetrace - ok

00:13:12.0289 3340 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

00:13:12.0289 3340 flpydisk - ok

00:13:12.0352 3340 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

00:13:12.0352 3340 FltMgr - ok

00:13:12.0430 3340 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

00:13:12.0445 3340 FontCache - ok

00:13:12.0523 3340 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:13:12.0523 3340 FontCache3.0.0.0 - ok

00:13:12.0648 3340 [ 07AF7870ABF051EBBAE8A8A92FF34ABE ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

00:13:12.0648 3340 FreeAgentGoNext Service - ok

00:13:12.0695 3340 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

00:13:12.0695 3340 FsDepends - ok

00:13:12.0757 3340 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

00:13:12.0757 3340 fssfltr - ok

00:13:12.0851 3340 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

00:13:12.0866 3340 fsssvc - ok

00:13:12.0913 3340 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

00:13:12.0913 3340 Fs_Rec - ok

00:13:12.0976 3340 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

00:13:12.0976 3340 fvevol - ok

00:13:13.0038 3340 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

00:13:13.0038 3340 gagp30kx - ok

00:13:13.0116 3340 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

00:13:13.0116 3340 GameConsoleService - ok

00:13:13.0163 3340 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:13:13.0163 3340 GEARAspiWDM - ok

00:13:13.0225 3340 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

00:13:13.0241 3340 gpsvc - ok

00:13:13.0288 3340 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

00:13:13.0288 3340 hcw85cir - ok

00:13:13.0350 3340 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

00:13:13.0366 3340 HDAudBus - ok

00:13:13.0381 3340 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

00:13:13.0381 3340 HidBatt - ok

00:13:13.0412 3340 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

00:13:13.0412 3340 HidBth - ok

00:13:13.0459 3340 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

00:13:13.0459 3340 HidIr - ok

00:13:13.0475 3340 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

00:13:13.0490 3340 hidserv - ok

00:13:13.0537 3340 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

00:13:13.0537 3340 HidUsb - ok

00:13:13.0584 3340 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

00:13:13.0584 3340 hkmsvc - ok

00:13:13.0631 3340 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

00:13:13.0631 3340 HomeGroupListener - ok

00:13:13.0678 3340 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

00:13:13.0678 3340 HomeGroupProvider - ok

00:13:13.0802 3340 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

00:13:13.0818 3340 HP Support Assistant Service - ok

00:13:13.0943 3340 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

00:13:13.0958 3340 HPDrvMntSvc.exe - ok

00:13:14.0068 3340 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

00:13:14.0068 3340 hpqcxs08 - ok

00:13:14.0114 3340 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

00:13:14.0114 3340 hpqddsvc - ok

00:13:14.0208 3340 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

00:13:14.0224 3340 hpqwmiex - ok

00:13:14.0270 3340 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

00:13:14.0286 3340 HpSAMD - ok

00:13:14.0348 3340 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

00:13:14.0348 3340 HTTP - ok

00:13:14.0380 3340 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

00:13:14.0395 3340 hwpolicy - ok

00:13:14.0442 3340 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

00:13:14.0442 3340 i8042prt - ok

00:13:14.0520 3340 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

00:13:14.0536 3340 iaStorV - ok

00:13:14.0614 3340 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:13:14.0614 3340 idsvc - ok

00:13:14.0754 3340 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSvia64.sys

00:13:14.0754 3340 IDSVia64 - ok

00:13:14.0816 3340 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

00:13:14.0816 3340 iirsp - ok

00:13:14.0879 3340 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

00:13:14.0894 3340 IKEEXT - ok

00:13:15.0050 3340 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

00:13:15.0066 3340 IntcAzAudAddService - ok

00:13:15.0097 3340 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

00:13:15.0097 3340 intelide - ok

00:13:15.0160 3340 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

00:13:15.0160 3340 intelppm - ok

00:13:15.0253 3340 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

00:13:15.0253 3340 IntuitUpdateService - ok

00:13:15.0378 3340 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

00:13:15.0378 3340 IntuitUpdateServiceV4 - ok

00:13:15.0425 3340 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

00:13:15.0425 3340 IPBusEnum - ok

00:13:15.0472 3340 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:13:15.0472 3340 IpFilterDriver - ok

00:13:15.0534 3340 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

00:13:15.0534 3340 iphlpsvc - ok

00:13:15.0581 3340 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

00:13:15.0581 3340 IPMIDRV - ok

00:13:15.0612 3340 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

00:13:15.0612 3340 IPNAT - ok

00:13:15.0706 3340 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

00:13:15.0706 3340 iPod Service - ok

00:13:15.0784 3340 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

00:13:15.0784 3340 IRENUM - ok

00:13:15.0846 3340 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

00:13:15.0862 3340 isapnp - ok

00:13:15.0971 3340 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

00:13:16.0033 3340 iScsiPrt - ok

00:13:16.0267 3340 [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe

00:13:16.0283 3340 jswpsapi - ok

00:13:16.0345 3340 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

00:13:16.0345 3340 kbdclass - ok

00:13:16.0392 3340 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

00:13:16.0392 3340 kbdhid - ok

00:13:16.0408 3340 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

00:13:16.0408 3340 KeyIso - ok

00:13:16.0439 3340 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

00:13:16.0439 3340 KSecDD - ok

00:13:16.0470 3340 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

00:13:16.0470 3340 KSecPkg - ok

00:13:16.0532 3340 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

00:13:16.0532 3340 ksthunk - ok

00:13:16.0564 3340 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

00:13:16.0564 3340 KtmRm - ok

00:13:16.0642 3340 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

00:13:16.0642 3340 LanmanServer - ok

00:13:16.0688 3340 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

00:13:16.0704 3340 LanmanWorkstation - ok

00:13:16.0922 3340 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

00:13:17.0016 3340 LeapFrog Connect Device Service - ok

00:13:17.0156 3340 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys

00:13:17.0156 3340 Leapfrog-USBLAN - ok

00:13:17.0234 3340 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

00:13:17.0234 3340 LightScribeService - ok

00:13:17.0297 3340 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

00:13:17.0297 3340 lltdio - ok

00:13:17.0359 3340 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

00:13:17.0375 3340 lltdsvc - ok

00:13:17.0406 3340 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

00:13:17.0406 3340 lmhosts - ok

00:13:17.0468 3340 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

00:13:17.0468 3340 LSI_FC - ok

00:13:17.0500 3340 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

00:13:17.0500 3340 LSI_SAS - ok

00:13:17.0515 3340 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:13:17.0531 3340 LSI_SAS2 - ok

00:13:17.0546 3340 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:13:17.0546 3340 LSI_SCSI - ok

00:13:17.0593 3340 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

00:13:17.0593 3340 luafv - ok

00:13:17.0624 3340 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

00:13:17.0640 3340 Mcx2Svc - ok

00:13:17.0656 3340 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

00:13:17.0671 3340 megasas - ok

00:13:17.0702 3340 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

00:13:17.0702 3340 MegaSR - ok

00:13:17.0796 3340 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

00:13:17.0812 3340 Microsoft Office Groove Audit Service - ok

00:13:17.0874 3340 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

00:13:17.0890 3340 MMCSS - ok

00:13:17.0936 3340 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

00:13:17.0936 3340 Modem - ok

00:13:17.0999 3340 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

00:13:17.0999 3340 monitor - ok

00:13:18.0061 3340 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

00:13:18.0061 3340 mouclass - ok

00:13:18.0124 3340 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

00:13:18.0124 3340 mouhid - ok

00:13:18.0170 3340 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

00:13:18.0170 3340 mountmgr - ok

00:13:18.0217 3340 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

00:13:18.0217 3340 mpio - ok

00:13:18.0264 3340 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

00:13:18.0264 3340 mpsdrv - ok

00:13:18.0326 3340 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

00:13:18.0342 3340 MpsSvc - ok

00:13:18.0420 3340 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

00:13:18.0420 3340 MRxDAV - ok

00:13:18.0482 3340 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

00:13:18.0482 3340 mrxsmb - ok

00:13:18.0529 3340 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:13:18.0529 3340 mrxsmb10 - ok

00:13:18.0560 3340 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:13:18.0560 3340 mrxsmb20 - ok

00:13:18.0607 3340 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

00:13:18.0607 3340 msahci - ok

00:13:18.0685 3340 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe

00:13:18.0685 3340 MSCamSvc - ok

00:13:18.0716 3340 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

00:13:18.0732 3340 msdsm - ok

00:13:18.0748 3340 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

00:13:18.0748 3340 MSDTC - ok

00:13:18.0826 3340 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

00:13:18.0826 3340 Msfs - ok

00:13:18.0888 3340 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

00:13:18.0888 3340 mshidkmdf - ok

00:13:18.0935 3340 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

00:13:18.0935 3340 msisadrv - ok

00:13:18.0997 3340 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

00:13:18.0997 3340 MSiSCSI - ok

00:13:19.0013 3340 msiserver - ok

00:13:19.0060 3340 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

00:13:19.0075 3340 MSKSSRV - ok

00:13:19.0091 3340 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

00:13:19.0091 3340 MSPCLOCK - ok

00:13:19.0106 3340 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

00:13:19.0106 3340 MSPQM - ok

00:13:19.0169 3340 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

00:13:19.0169 3340 MsRPC - ok

00:13:19.0231 3340 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

00:13:19.0231 3340 mssmbios - ok

00:13:19.0278 3340 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

00:13:19.0278 3340 MSTEE - ok

00:13:19.0309 3340 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

00:13:19.0309 3340 MTConfig - ok

00:13:19.0340 3340 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

00:13:19.0340 3340 Mup - ok

00:13:19.0512 3340 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe

00:13:19.0528 3340 N360 - ok

00:13:19.0590 3340 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

00:13:19.0590 3340 napagent - ok

00:13:19.0652 3340 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

00:13:19.0668 3340 NativeWifiP - ok

00:13:19.0762 3340 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.009\ENG64.SYS

00:13:19.0762 3340 NAVENG - ok

00:13:19.0855 3340 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.009\EX64.SYS

00:13:19.0871 3340 NAVEX15 - ok

00:13:19.0949 3340 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

00:13:19.0964 3340 NDIS - ok

00:13:20.0042 3340 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

00:13:20.0042 3340 NdisCap - ok

00:13:20.0105 3340 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

00:13:20.0105 3340 NdisTapi - ok

00:13:20.0183 3340 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

00:13:20.0183 3340 Ndisuio - ok

00:13:20.0230 3340 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

00:13:20.0230 3340 NdisWan - ok

00:13:20.0292 3340 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

00:13:20.0292 3340 NDProxy - ok

00:13:20.0354 3340 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

00:13:20.0354 3340 Net Driver HPZ12 - ok

00:13:20.0401 3340 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

00:13:20.0401 3340 NetBIOS - ok

00:13:20.0464 3340 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

00:13:20.0464 3340 NetBT - ok

00:13:20.0495 3340 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

00:13:20.0495 3340 Netlogon - ok

00:13:20.0557 3340 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

00:13:20.0557 3340 Netman - ok

00:13:20.0588 3340 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

00:13:20.0604 3340 netprofm - ok

00:13:20.0635 3340 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:13:20.0635 3340 NetTcpPortSharing - ok

00:13:20.0682 3340 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

00:13:20.0682 3340 nfrd960 - ok

00:13:20.0744 3340 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

00:13:20.0744 3340 NlaSvc - ok

00:13:20.0791 3340 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

00:13:20.0791 3340 Npfs - ok

00:13:20.0822 3340 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

00:13:20.0822 3340 nsi - ok

00:13:20.0838 3340 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

00:13:20.0838 3340 nsiproxy - ok

00:13:20.0932 3340 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

00:13:20.0963 3340 Ntfs - ok

00:13:21.0025 3340 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

00:13:21.0025 3340 Null - ok

00:13:21.0431 3340 [ C967514483FA30A0A352E70BB6414D1D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:13:21.0540 3340 nvlddmkm - ok

00:13:21.0587 3340 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys

00:13:21.0602 3340 NVNET - ok

00:13:21.0618 3340 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

00:13:21.0634 3340 nvraid - ok

00:13:21.0680 3340 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

00:13:21.0680 3340 nvstor - ok

00:13:21.0743 3340 [ 6BA747B1A9297A6C0271700D12FDD495 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys

00:13:21.0743 3340 nvstor64 - ok

00:13:21.0805 3340 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

00:13:21.0805 3340 nv_agp - ok

00:13:21.0899 3340 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

00:13:21.0899 3340 odserv - ok

00:13:21.0946 3340 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

00:13:21.0946 3340 ohci1394 - ok

00:13:22.0008 3340 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:13:22.0008 3340 ose - ok

00:13:22.0086 3340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

00:13:22.0086 3340 p2pimsvc - ok

00:13:22.0117 3340 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

00:13:22.0117 3340 p2psvc - ok

00:13:22.0148 3340 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

00:13:22.0164 3340 Parport - ok

00:13:22.0195 3340 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

00:13:22.0211 3340 partmgr - ok

00:13:22.0242 3340 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

00:13:22.0242 3340 PcaSvc - ok

00:13:22.0258 3340 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

00:13:22.0273 3340 pci - ok

00:13:22.0320 3340 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

00:13:22.0320 3340 pciide - ok

00:13:22.0382 3340 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

00:13:22.0382 3340 pcmcia - ok

00:13:22.0429 3340 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

00:13:22.0429 3340 pcw - ok

00:13:22.0460 3340 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

00:13:22.0460 3340 PEAUTH - ok

00:13:22.0538 3340 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

00:13:22.0554 3340 PerfHost - ok

00:13:22.0632 3340 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

00:13:22.0648 3340 pla - ok

00:13:22.0710 3340 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

00:13:22.0726 3340 PlugPlay - ok

00:13:22.0788 3340 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

00:13:22.0804 3340 Pml Driver HPZ12 - ok

00:13:22.0835 3340 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

00:13:22.0850 3340 PNRPAutoReg - ok

00:13:22.0866 3340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

00:13:22.0882 3340 PNRPsvc - ok

00:13:22.0928 3340 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

00:13:22.0944 3340 PolicyAgent - ok

00:13:22.0975 3340 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

00:13:22.0991 3340 Power - ok

00:13:23.0069 3340 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

00:13:23.0084 3340 PptpMiniport - ok

00:13:23.0116 3340 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

00:13:23.0116 3340 Processor - ok

00:13:23.0272 3340 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

00:13:23.0287 3340 ProfSvc - ok

00:13:23.0334 3340 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

00:13:23.0350 3340 ProtectedStorage - ok

00:13:23.0428 3340 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

00:13:23.0428 3340 Psched - ok

00:13:23.0490 3340 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

00:13:23.0506 3340 ql2300 - ok

00:13:23.0521 3340 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

00:13:23.0521 3340 ql40xx - ok

00:13:23.0552 3340 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

00:13:23.0568 3340 QWAVE - ok

00:13:23.0599 3340 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

00:13:23.0599 3340 QWAVEdrv - ok

00:13:23.0740 3340 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys

00:13:23.0740 3340 RapportCerberus_42020 - ok

00:13:23.0833 3340 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

00:13:23.0833 3340 RapportEI64 - ok

00:13:23.0880 3340 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys

00:13:23.0880 3340 RapportKE64 - ok

00:13:23.0942 3340 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

00:13:23.0958 3340 RapportMgmtService - ok

00:13:24.0052 3340 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

00:13:24.0052 3340 RapportPG64 - ok

00:13:24.0067 3340 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

00:13:24.0067 3340 RasAcd - ok

00:13:24.0114 3340 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

00:13:24.0114 3340 RasAgileVpn - ok

00:13:24.0161 3340 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

00:13:24.0161 3340 RasAuto - ok

00:13:24.0223 3340 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

00:13:24.0223 3340 Rasl2tp - ok

00:13:24.0270 3340 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

00:13:24.0270 3340 RasMan - ok

00:13:24.0348 3340 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

00:13:24.0348 3340 RasPppoe - ok

00:13:24.0395 3340 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

00:13:24.0395 3340 RasSstp - ok

00:13:24.0457 3340 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

00:13:24.0457 3340 rdbss - ok

00:13:24.0488 3340 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

00:13:24.0488 3340 rdpbus - ok

00:13:24.0520 3340 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

00:13:24.0520 3340 RDPCDD - ok

00:13:24.0566 3340 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

00:13:24.0582 3340 RDPENCDD - ok

00:13:24.0598 3340 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

00:13:24.0598 3340 RDPREFMP - ok

00:13:24.0660 3340 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

00:13:24.0660 3340 RDPWD - ok

00:13:24.0722 3340 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

00:13:24.0738 3340 rdyboost - ok

00:13:24.0785 3340 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

00:13:24.0800 3340 RemoteAccess - ok

00:13:24.0847 3340 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

00:13:24.0847 3340 RemoteRegistry - ok

00:13:24.0894 3340 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

00:13:24.0910 3340 RpcEptMapper - ok

00:13:24.0925 3340 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

00:13:24.0925 3340 RpcLocator - ok

00:13:24.0988 3340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

00:13:25.0003 3340 RpcSs - ok

00:13:25.0050 3340 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

00:13:25.0066 3340 rspndr - ok

00:13:25.0081 3340 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

00:13:25.0081 3340 SamSs - ok

00:13:25.0128 3340 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

00:13:25.0128 3340 sbp2port - ok

00:13:25.0175 3340 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

00:13:25.0175 3340 SCardSvr - ok

00:13:25.0222 3340 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

00:13:25.0222 3340 scfilter - ok

00:13:25.0284 3340 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

00:13:25.0315 3340 Schedule - ok

00:13:25.0378 3340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

00:13:25.0378 3340 SCPolicySvc - ok

00:13:25.0440 3340 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

00:13:25.0456 3340 SDRSVC - ok

00:13:25.0549 3340 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

00:13:25.0565 3340 SeaPort - ok

00:13:25.0627 3340 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

00:13:25.0627 3340 secdrv - ok

00:13:25.0658 3340 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

00:13:25.0658 3340 seclogon - ok

00:13:25.0705 3340 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

00:13:25.0705 3340 SENS - ok

00:13:25.0752 3340 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

00:13:25.0752 3340 SensrSvc - ok

00:13:25.0783 3340 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

00:13:25.0783 3340 Serenum - ok

00:13:25.0814 3340 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

00:13:25.0814 3340 Serial - ok

00:13:25.0877 3340 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

00:13:25.0877 3340 sermouse - ok

00:13:25.0986 3340 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

00:13:25.0986 3340 SessionEnv - ok

00:13:26.0017 3340 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

00:13:26.0017 3340 sffdisk - ok

00:13:26.0033 3340 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

00:13:26.0048 3340 sffp_mmc - ok

00:13:26.0080 3340 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

00:13:26.0095 3340 sffp_sd - ok

00:13:26.0111 3340 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

00:13:26.0111 3340 sfloppy - ok

00:13:26.0173 3340 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

00:13:26.0173 3340 SharedAccess - ok

00:13:26.0236 3340 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

00:13:26.0282 3340 ShellHWDetection - ok

00:13:26.0470 3340 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:13:26.0516 3340 SiSRaid2 - ok

00:13:26.0563 3340 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

00:13:26.0563 3340 SiSRaid4 - ok

00:13:26.0641 3340 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

00:13:26.0641 3340 SkypeUpdate - ok

00:13:26.0704 3340 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

00:13:26.0704 3340 Smb - ok

00:13:26.0766 3340 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

00:13:26.0782 3340 SNMPTRAP - ok

00:13:26.0797 3340 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

00:13:26.0797 3340 spldr - ok

00:13:26.0860 3340 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

00:13:26.0875 3340 Spooler - ok

00:13:27.0000 3340 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

00:13:27.0047 3340 sppsvc - ok

00:13:27.0094 3340 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

00:13:27.0094 3340 sppuinotify - ok

00:13:27.0218 3340 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\System32\Drivers\N360x64\1401010.002\SRTSP64.SYS

00:13:27.0234 3340 SRTSP - ok

00:13:27.0312 3340 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1401010.002\SRTSPX64.SYS

00:13:27.0312 3340 SRTSPX - ok

00:13:27.0374 3340 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

00:13:27.0374 3340 srv - ok

00:13:27.0437 3340 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

00:13:27.0452 3340 srv2 - ok

00:13:27.0484 3340 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

00:13:27.0499 3340 srvnet - ok

00:13:27.0562 3340 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

00:13:27.0562 3340 SSDPSRV - ok

00:13:27.0593 3340 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

00:13:27.0593 3340 SstpSvc - ok

00:13:27.0624 3340 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

00:13:27.0624 3340 stexstor - ok

00:13:27.0686 3340 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

00:13:27.0686 3340 stisvc - ok

00:13:27.0733 3340 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

00:13:27.0733 3340 swenum - ok

00:13:27.0796 3340 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

00:13:27.0796 3340 swprv - ok

00:13:27.0889 3340 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

00:13:27.0905 3340 Symantec RemoteAssist - ok

00:13:27.0967 3340 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS

00:13:27.0983 3340 SymDS - ok

00:13:28.0045 3340 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS

00:13:28.0061 3340 SymEFA - ok

00:13:28.0108 3340 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

00:13:28.0108 3340 SymEvent - ok

00:13:28.0139 3340 SYMFW - ok

00:13:28.0201 3340 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS

00:13:28.0201 3340 SymIRON - ok

00:13:28.0217 3340 SYMNDISV - ok

00:13:28.0264 3340 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS

00:13:28.0279 3340 SymNetS - ok

00:13:28.0373 3340 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

00:13:28.0388 3340 SysMain - ok

00:13:28.0435 3340 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

00:13:28.0435 3340 TabletInputService - ok

00:13:28.0466 3340 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

00:13:28.0466 3340 TapiSrv - ok

00:13:28.0498 3340 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

00:13:28.0513 3340 TBS - ok

00:13:28.0591 3340 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

00:13:28.0622 3340 Tcpip - ok

00:13:28.0685 3340 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

00:13:28.0700 3340 TCPIP6 - ok

00:13:28.0747 3340 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

00:13:28.0763 3340 tcpipreg - ok

00:13:28.0794 3340 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

00:13:28.0794 3340 TDPIPE - ok

00:13:28.0825 3340 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

00:13:28.0825 3340 TDTCP - ok

00:13:28.0888 3340 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

00:13:28.0888 3340 tdx - ok

00:13:28.0934 3340 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

00:13:28.0934 3340 TermDD - ok

00:13:28.0997 3340 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

00:13:28.0997 3340 TermService - ok

00:13:29.0044 3340 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

00:13:29.0044 3340 Themes - ok

00:13:29.0075 3340 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

00:13:29.0075 3340 THREADORDER - ok

00:13:29.0122 3340 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

00:13:29.0122 3340 TrkWks - ok

00:13:29.0200 3340 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

00:13:29.0215 3340 TrustedInstaller - ok

00:13:29.0293 3340 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

00:13:29.0293 3340 tssecsrv - ok

00:13:29.0340 3340 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

00:13:29.0340 3340 TsUsbFlt - ok

00:13:29.0465 3340 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

00:13:29.0480 3340 tunnel - ok

00:13:29.0512 3340 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

00:13:29.0512 3340 uagp35 - ok

00:13:29.0574 3340 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

00:13:29.0574 3340 udfs - ok

00:13:29.0621 3340 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

00:13:29.0621 3340 UI0Detect - ok

00:13:29.0668 3340 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

00:13:29.0668 3340 uliagpkx - ok

00:13:29.0714 3340 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

00:13:29.0714 3340 umbus - ok

00:13:29.0746 3340 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

00:13:29.0746 3340 UmPass - ok

00:13:29.0792 3340 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

00:13:29.0792 3340 upnphost - ok

00:13:29.0855 3340 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

00:13:29.0870 3340 USBAAPL64 - ok

00:13:29.0948 3340 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

00:13:29.0948 3340 usbaudio - ok

00:13:30.0026 3340 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

00:13:30.0026 3340 usbccgp - ok

00:13:30.0073 3340 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

00:13:30.0073 3340 usbcir - ok

00:13:30.0120 3340 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

00:13:30.0120 3340 usbehci - ok

00:13:30.0182 3340 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

00:13:30.0182 3340 usbhub - ok

00:13:30.0229 3340 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

00:13:30.0229 3340 usbohci - ok

00:13:30.0276 3340 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

00:13:30.0292 3340 usbprint - ok

00:13:30.0307 3340 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

00:13:30.0323 3340 usbscan - ok

00:13:30.0338 3340 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:13:30.0338 3340 USBSTOR - ok

00:13:30.0385 3340 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

00:13:30.0385 3340 usbuhci - ok

00:13:30.0416 3340 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

00:13:30.0416 3340 UxSms - ok

00:13:30.0432 3340 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

00:13:30.0448 3340 VaultSvc - ok

00:13:30.0510 3340 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

00:13:30.0526 3340 vdrvroot - ok

00:13:30.0604 3340 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

00:13:30.0619 3340 vds - ok

00:13:30.0666 3340 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

00:13:30.0666 3340 vga - ok

00:13:30.0697 3340 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

00:13:30.0697 3340 VgaSave - ok

00:13:30.0728 3340 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

00:13:30.0744 3340 vhdmp - ok

00:13:30.0775 3340 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

00:13:30.0775 3340 viaide - ok

00:13:30.0806 3340 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

00:13:30.0806 3340 volmgr - ok

00:13:30.0853 3340 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

00:13:30.0853 3340 volmgrx - ok

00:13:30.0884 3340 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

00:13:30.0884 3340 volsnap - ok

00:13:30.0947 3340 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

00:13:30.0947 3340 vsmraid - ok

00:13:31.0025 3340 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

00:13:31.0056 3340 VSS - ok

00:13:31.0087 3340 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

00:13:31.0087 3340 vwifibus - ok

00:13:31.0212 3340 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys

00:13:31.0243 3340 VX3000 - ok

00:13:31.0306 3340 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

00:13:31.0306 3340 W32Time - ok

00:13:31.0352 3340 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

00:13:31.0352 3340 WacomPen - ok

00:13:31.0415 3340 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

00:13:31.0415 3340 WANARP - ok

00:13:31.0430 3340 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

00:13:31.0430 3340 Wanarpv6 - ok

00:13:31.0555 3340 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

00:13:31.0571 3340 WatAdminSvc - ok

00:13:31.0649 3340 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

00:13:31.0664 3340 wbengine - ok

00:13:31.0696 3340 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

00:13:31.0711 3340 WbioSrvc - ok

00:13:31.0758 3340 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

00:13:31.0774 3340 wcncsvc - ok

00:13:31.0820 3340 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

00:13:31.0836 3340 WcsPlugInService - ok

00:13:31.0867 3340 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

00:13:31.0867 3340 Wd - ok

00:13:31.0930 3340 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

00:13:31.0930 3340 Wdf01000 - ok

00:13:31.0961 3340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

00:13:31.0961 3340 WdiServiceHost - ok

00:13:31.0976 3340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

00:13:31.0976 3340 WdiSystemHost - ok

00:13:32.0023 3340 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

00:13:32.0039 3340 WebClient - ok

00:13:32.0070 3340 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

00:13:32.0070 3340 Wecsvc - ok

00:13:32.0086 3340 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

00:13:32.0101 3340 wercplsupport - ok

00:13:32.0148 3340 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

00:13:32.0148 3340 WerSvc - ok

00:13:32.0210 3340 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

00:13:32.0210 3340 WfpLwf - ok

00:13:32.0226 3340 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

00:13:32.0226 3340 WIMMount - ok

00:13:32.0257 3340 WinDefend - ok

00:13:32.0273 3340 WinHttpAutoProxySvc - ok

00:13:32.0320 3340 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

00:13:32.0335 3340 Winmgmt - ok

00:13:32.0444 3340 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

00:13:32.0476 3340 WinRM - ok

00:13:32.0585 3340 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

00:13:32.0585 3340 WinUsb - ok

00:13:32.0632 3340 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

00:13:32.0647 3340 Wlansvc - ok

00:13:32.0725 3340 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:13:32.0725 3340 wlcrasvc - ok

00:13:32.0866 3340 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:13:32.0897 3340 wlidsvc - ok

00:13:32.0944 3340 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

00:13:32.0944 3340 WmiAcpi - ok

00:13:32.0975 3340 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

00:13:32.0975 3340 wmiApSrv - ok

00:13:33.0037 3340 WMPNetworkSvc - ok

00:13:33.0115 3340 [ AE06D75F402DE21C922BCECB30F8FB50 ] WN111v2 C:\Windows\system32\DRIVERS\WN111v2x.sys

00:13:33.0115 3340 WN111v2 - ok

00:13:33.0146 3340 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

00:13:33.0162 3340 WPCSvc - ok

00:13:33.0209 3340 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

00:13:33.0209 3340 WPDBusEnum - ok

00:13:33.0240 3340 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

00:13:33.0240 3340 ws2ifsl - ok

00:13:33.0302 3340 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

00:13:33.0318 3340 wscsvc - ok

00:13:33.0349 3340 WSearch - ok

00:13:33.0677 3340 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

00:13:33.0708 3340 wuauserv - ok

00:13:33.0724 3340 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

00:13:33.0739 3340 WudfPf - ok

00:13:33.0802 3340 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

00:13:33.0802 3340 WUDFRd - ok

00:13:33.0848 3340 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

00:13:33.0864 3340 wudfsvc - ok

00:13:33.0895 3340 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

00:13:33.0895 3340 WwanSvc - ok

00:13:33.0958 3340 ================ Scan global ===============================

00:13:33.0989 3340 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

00:13:34.0036 3340 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

00:13:34.0051 3340 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

00:13:34.0082 3340 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

00:13:34.0098 3340 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

00:13:34.0114 3340 [Global] - ok

00:13:34.0114 3340 ================ Scan MBR ==================================

00:13:34.0129 3340 [ 7776D739BFD97B30B095C7D4B834C04C ] \Device\Harddisk0\DR0

00:13:34.0129 3340 Suspicious mbr (Forged): \Device\Harddisk0\DR0

00:13:34.0192 3340 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

00:13:34.0192 3340 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

00:13:34.0238 3340 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

00:13:34.0238 3340 \Device\Harddisk0\DR0 - detected TDSS File System (1)

00:13:34.0254 3340 ================ Scan VBR ==================================

00:13:34.0254 3340 [ 20D218B71287C01B0817F27ABF3AC4BC ] \Device\Harddisk0\DR0\Partition1

00:13:34.0254 3340 \Device\Harddisk0\DR0\Partition1 - ok

00:13:34.0301 3340 [ 7A6424EA9E4D5582E37F247F5E00541D ] \Device\Harddisk0\DR0\Partition2

00:13:34.0301 3340 \Device\Harddisk0\DR0\Partition2 - ok

00:13:34.0348 3340 [ E5F490D53C7C27E497FECD887F8BAD12 ] \Device\Harddisk0\DR0\Partition3

00:13:34.0348 3340 \Device\Harddisk0\DR0\Partition3 - ok

00:13:34.0348 3340 ============================================================

00:13:34.0348 3340 Scan finished

00:13:34.0348 3340 ============================================================

00:13:34.0363 5012 Detected object count: 2

00:13:34.0363 5012 Actual detected object count: 2

00:13:48.0773 5012 \Device\Harddisk0\DR0\# - copied to quarantine

00:13:48.0789 5012 \Device\Harddisk0\DR0 - copied to quarantine

00:13:48.0820 5012 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

00:13:48.0835 5012 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

00:13:48.0882 5012 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

00:13:48.0929 5012 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

00:13:48.0945 5012 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

00:13:48.0960 5012 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

00:13:48.0976 5012 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

00:13:48.0991 5012 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

00:13:49.0007 5012 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

00:13:49.0069 5012 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

00:13:49.0085 5012 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

00:13:49.0116 5012 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

00:13:49.0147 5012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

00:13:49.0147 5012 \Device\Harddisk0\DR0 - ok

00:13:49.0740 5012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

00:13:49.0756 5012 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

00:13:49.0756 5012 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

00:13:57.0384 5080 Deinitialize success

TDSSKiller.2.8.13.0_17.10.2012_00.10.04_log

00:10:04.0650 5072 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

00:10:06.0655 5072 ============================================================

00:10:06.0655 5072 Current date / time: 2012/10/17 00:10:06.0655

00:10:06.0655 5072 SystemInfo:

00:10:06.0655 5072

00:10:06.0655 5072 OS Version: 6.1.7601 ServicePack: 1.0

00:10:06.0655 5072 Product type: Workstation

00:10:06.0656 5072 ComputerName: STEFFY-PC

00:10:06.0677 5072 UserName: Steffy

00:10:06.0677 5072 Windows directory: C:\Windows

00:10:06.0677 5072 System windows directory: C:\Windows

00:10:06.0677 5072 Running under WOW64

00:10:06.0677 5072 Processor architecture: Intel x64

00:10:06.0677 5072 Number of processors: 1

00:10:06.0677 5072 Page size: 0x1000

00:10:06.0677 5072 Boot type: Normal boot

00:10:06.0677 5072 ============================================================

00:10:08.0839 5072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

00:10:08.0873 5072 ============================================================

00:10:08.0873 5072 \Device\Harddisk0\DR0:

00:10:08.0874 5072 MBR partitions:

00:10:08.0874 5072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

00:10:08.0874 5072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800

00:10:08.0874 5072 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000

00:10:08.0874 5072 ============================================================

00:10:08.0905 5072 C: <-> \Device\Harddisk0\DR0\Partition2

00:10:08.0962 5072 D: <-> \Device\Harddisk0\DR0\Partition3

00:10:08.0962 5072 ============================================================

00:10:08.0963 5072 Initialize success

00:10:08.0963 5072 ============================================================

00:10:22.0100 5216 Deinitialize success

Please advise what to do next.

thank you so much for your continued attention to this

Link to post
Share on other sites

Ok so ran ComboFix and here is the log:

ComboFix 12-10-17.03 - Steffy 10/17/2012 11:45:34.2.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1664 [GMT -4:00]

Running from: c:\users\Steffy\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

c:\windows\SysWow64\msstdfmt.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))

.

.

2012-10-17 16:00 . 2012-10-17 16:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-10-17 16:00 . 2012-10-17 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-17 04:35 . 2012-10-17 04:35 -------- d-----w- C:\FRST

2012-10-16 03:21 . 2012-10-17 04:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-16 01:10 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-15 14:38 . 2012-10-15 14:38 -------- d-----w- c:\users\Steffy\AppData\Roaming\Malwarebytes

2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\programdata\Malwarebytes

2012-10-15 14:37 . 2012-10-16 01:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-15 05:06 . 2012-10-15 05:06 -------- d-----w- c:\users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-10-15 00:32 . 2012-10-16 00:50 -------- d-----w- c:\windows\system32\drivers\N360x64\1401010.002

2012-10-14 23:21 . 2012-10-15 13:54 -------- d-----w- c:\users\Steffy\AppData\Local\NPE

2012-10-14 03:02 . 2012-10-14 03:03 -------- d-----w- c:\program files\NVIDIA Corporation

2012-10-14 03:00 . 2009-07-31 03:48 704000 ----a-w- c:\windows\system32\cohelper.dll

2012-10-14 03:00 . 2009-07-31 03:39 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2012-10-14 02:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-10-14 02:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-10-10 17:52 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 17:52 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-10 17:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 17:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 17:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 17:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 17:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 17:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 17:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 17:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-10 17:38 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-10 17:38 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-10 17:34 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 17:34 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-04 23:34 . 2012-10-06 04:47 -------- d-----w- c:\program files (x86)\Pyware iPAS

2012-10-04 23:34 . 2012-10-04 23:34 -------- d--h--w- c:\program files (x86)\Zero G Registry

2012-10-04 23:33 . 2012-10-04 23:33 -------- d--h--w- c:\users\Steffy\InstallAnywhere

2012-09-26 23:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-22 04:17 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-22 04:15 . 2012-09-22 04:15 -------- d-----w- c:\program files\iPod

2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files\iTunes

2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files (x86)\iTunes

2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----r- c:\program files (x86)\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-15 00:35 . 2010-01-19 14:06 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-10-11 07:09 . 2010-01-10 18:12 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 16:24 . 2012-04-21 01:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 16:24 . 2011-05-15 17:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-22 20:34 . 2011-03-31 03:21 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2012-08-22 18:12 . 2012-09-12 19:53 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 19:53 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 19:53 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 19:53 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 17:01 . 2010-01-19 14:06 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-21 17:01 . 2010-01-19 14:06 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-20 17:38 . 2012-10-10 17:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 19:53 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 19:53 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ALconnect"="c:\users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" [2012-07-04 716416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2008-12-2 1728512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 14681688;14681688; [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-08-23 40320]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS [2012-07-28 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS [2012-08-08 1132192]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-14 1385120]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys [2012-08-07 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSvia64.sys [2012-10-12 513184]

S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-10 397720]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS [2012-07-28 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS [2012-07-23 432800]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [2012-08-29 143928]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2008-09-29 553472]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 16:24]

.

2012-10-02 c:\windows\Tasks\HPCeeScheduleForSteffy.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

2012-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://m.www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Steffy\AppData\Roaming\Mozilla\Firefox\Profiles\jn5yn95j.default\

FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/

FF - ExtSQL: !HIDDEN! 2010-01-11 22:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-31664407.sys

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,

1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:48,2d,dc,c9,22,a7,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-17 12:05:22

ComboFix-quarantined-files.txt 2012-10-17 16:05

ComboFix2.txt 2012-10-16 04:06

.

Pre-Run: 233,946,218,496 bytes free

Post-Run: 233,911,283,712 bytes free

.

- - End Of File - - 321F895CD0D41949D4272D20E04BA651

Let me know what to do next.

Thank you

Link to post
Share on other sites

Please do this next:

icon11.gif Download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix64 application to the USB drive.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

SaveMbr: Drive=0

Now please enter System Recovery Options and select "Command Prompt".

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.

Please include the following in your next post:

  • Fixlog.txt log
  • Attach the MBRDUMP file

Link to post
Share on other sites

Hello again. Here is the fixlog.txt log and the attached MBRDUMP file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012

Ran by SYSTEM at 2012-10-17 22:51:44 Run:2

Running from G:\

==============================================

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

Please advise next steps.

Thank you

MBRDUMP.txt

Link to post
Share on other sites

Hi. Sorry for the slow response...busy day...

I ran the tool and the results log follows:

ListParts by Farbar Version: 16-10-2012

Ran by Steffy (administrator) on 18-10-2012 at 23:10:26

Windows 7 (X64)

Running From: C:\Users\Steffy\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 49%

Total physical RAM: 2942.49 MB

Available physical RAM: 1499.39 MB

Total Pagefile: 5883.18 MB

Available Pagefile: 4288.04 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:217.42 GB) NTFS

2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]

8 Drive k: (UDISK 28X) (Removable) (Total:0.96 GB) (Free:0.2 GB) FAT

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 980 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 286 GB 101 MB

Partition 3 Primary 11 GB 286 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C HP NTFS Partition 286 GB Healthy Boot

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 979 MB 16 KB

======================================================================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 K UDISK 28X FAT Removable 979 MB Healthy

======================================================================================================

****** End Of Log ******

Please advise next steps

Thank you.

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.