TechSpot

Hi - TrojanZeroAccessinf - please bail me out!

Solved
By Tobydog
Sep 9, 2012
  1. TrojanZeroAccessinf - Norton didn't get anywhere near this badboy !
  2. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    Thank you for helping me

    Below are the logs from MBAM, GMER and DDS

    Awaiting your instructions - thanks again

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.09.09.04
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Mark :: MARK-PC [administrator]
    Protection: Enabled
    09/09/2012 17:13:42
    mbam-log-2012-09-09 (17-13-42).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207433
    Time elapsed: 8 minute(s), 25 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.
    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Data: C:\Users\Mark\AppData\Roaming\csrss.exe -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:50370 -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 3
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    Files Detected: 5
    C:\Users\Mark\Downloads\Zwinky (1).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Users\Mark\Downloads\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Users\Mark\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    (end)

    2012/09/09 17:11:37 +0100 MARK-PC Mark MESSAGE Starting protection
    2012/09/09 17:11:39 +0100 MARK-PC Mark MESSAGE Protection started successfully
    2012/09/09 17:11:42 +0100 MARK-PC Mark MESSAGE Starting IP protection
    2012/09/09 17:11:44 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
    2012/09/09 17:11:47 +0100 MARK-PC Mark MESSAGE Starting database refresh
    2012/09/09 17:11:47 +0100 MARK-PC Mark MESSAGE Stopping IP protection
    2012/09/09 17:11:49 +0100 MARK-PC Mark MESSAGE IP Protection stopped
    2012/09/09 17:11:51 +0100 MARK-PC Mark MESSAGE Database refreshed successfully
    2012/09/09 17:11:51 +0100 MARK-PC Mark MESSAGE Starting IP protection
    2012/09/09 17:11:53 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
    2012/09/09 17:56:18 +0100 MARK-PC Mark MESSAGE Starting protection
    2012/09/09 17:56:20 +0100 MARK-PC Mark MESSAGE Protection started successfully
    2012/09/09 17:56:23 +0100 MARK-PC Mark MESSAGE Starting IP protection
    2012/09/09 17:56:25 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
    2012/09/09 18:15:57 +0100 MARK-PC Mark MESSAGE Starting protection
    2012/09/09 18:15:59 +0100 MARK-PC Mark MESSAGE Protection started successfully
    2012/09/09 18:16:02 +0100 MARK-PC Mark MESSAGE Starting IP protection
    2012/09/09 18:16:05 +0100 MARK-PC Mark MESSAGE IP Protection started successfully

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-09 18:34:01
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.GM4O
    Running: lwg7ygib.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kwldypoc.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    ---- EOF - GMER 1.0.15 ----



    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

    Run by Mark at 18:40:19 on 2012-09-09

    .

    ============== Running Processes ===============

    .

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/

    mStart Page = hxxp://www.voover.com/

    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

    uURLSearchHooks: H - No File

    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\20.1.1.2\coIEPlg.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\20.1.1.2\ips\IPSBHO.DLL

    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

    TB: AOL Broadband Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\20.1.1.2\coIEPlg.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

    uRun: [Power2GoExpress]

    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [Power2GoExpress8] "c:\program files\cyberlink\power2go8\Power2GoExpress8.exe"

    uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup

    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.0; EasyBits GO v1.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; AskTbSPC2/5.9.1.14019)" -"http://www.gamepuma.com/shockwave-games/Driver-s-ED.html"

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    mRun: [KBD] c:\hp\kbd\KbdStub.EXE

    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

    mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"

    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

    mRun: [<NO NAME>]

    mRun: [HostManager] c:\program files\common files\aol\1219316984\ee\AOLSoftware.exe

    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    mRun: [CLMLServer_For_P2G8] "c:\program files\cyberlink\power2go8\CLMLSvc_P2G8.exe"

    mRun: [CLVirtualDrive] "c:\program files\cyberlink\power2go8\VirtualDrive.exe" /R

    mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"

    mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"

    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-gb\local\search.html

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: NameServer = 208.67.220.220,208.67.222.222

    TCP: DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{DF935B54-EE05-4BDB-BF19-E742BFB044C4} : DhcpNameServer = 192.168.1.254

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL

    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    .

    ============= SERVICES / DRIVERS ===============

    .

    .

    =============== Created Last 30 ================

    .

    2012-09-09 16:11:18 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes

    2012-09-09 16:11:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-09-09 16:11:03 -------- d-----w- c:\programdata\Malwarebytes

    2012-09-09 16:11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-09-09 08:11:27 -------- d-----w- c:\programdata\SMR310

    2012-09-09 08:11:09 97440 ----a-w- c:\windows\system32\drivers\SMR310.SYS

    2012-09-08 16:16:38 -------- d-----w- C:\TDSSKiller_Quarantine

    2012-09-08 14:29:41 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-09-08 14:29:12 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0501000.01A

    2012-09-08 14:29:12 -------- d-----w- c:\windows\system32\drivers\NBRTWizard

    2012-09-08 14:29:10 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard

    2012-09-08 14:19:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    2012-09-08 14:19:07 -------- d-----w- c:\program files\Symantec

    2012-09-08 14:18:31 926880 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys

    2012-09-08 14:18:31 368288 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys

    2012-09-08 14:18:31 350368 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symtdiv.sys

    2012-09-08 14:18:31 338592 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys

    2012-09-08 14:18:31 32888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtspx.sys

    2012-09-08 14:18:31 21400 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymELAM.sys

    2012-09-08 14:18:30 585888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys

    2012-09-08 14:18:30 175264 ----a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys

    2012-09-08 14:18:30 134304 ----a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys

    2012-09-08 14:18:19 8942 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymVTcer.dat

    2012-09-08 14:18:18 -------- d-----w- c:\windows\system32\drivers\n360\1401010.002

    2012-09-08 14:18:18 -------- d-----w- c:\windows\system32\drivers\N360

    2012-09-07 21:04:20 -------- d-----w- c:\windows\system32\N360_BACKUP

    2012-09-07 19:02:06 -------- d-----w- c:\users\mark\appdata\local\NPE

    2012-09-07 18:26:33 -------- d-----w- c:\program files\Norton 360

    2012-09-07 18:26:16 -------- d-----w- c:\programdata\NortonInstaller

    2012-09-07 18:26:16 -------- d-----w- c:\program files\NortonInstaller

    2012-09-07 17:31:23 -------- d-----w- c:\users\mark\Sources

    2012-09-07 17:09:30 -------- d-----w- c:\users\mark\appdata\local\NokiaAccount

    2012-08-23 09:29:59 -------- d-----w- c:\users\mark\appdata\local\MediaShow

    2012-08-23 08:03:17 -------- d-----w- c:\users\mark\appdata\local\Power2Go8

    2012-08-22 16:04:14 -------- d-----w- c:\users\mark\appdata\local\MediaServer

    2012-08-22 16:04:11 -------- d-----w- c:\programdata\PDVD

    2012-08-22 15:59:05 73712 ----a-w- c:\windows\system32\drivers\CLVirtualDrive.sys

    2012-08-22 15:58:54 -------- d-----w- c:\program files\common files\CyberLink

    2012-08-22 15:54:16 -------- d-----w- c:\users\mark\appdata\local\Cyberlink

    2012-08-22 15:51:42 -------- d-----w- c:\programdata\install_clap

    2012-08-22 15:47:38 -------- d-----w- c:\programdata\CLSK

    .

    ==================== Find3M ====================

    .

    2012-09-08 16:21:38 282624 ----a-w- c:\windows\system32\services.exe

    2012-08-27 11:10:29 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-08-27 11:10:29 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-07-26 05:32:24 106928 ----a-w- c:\windows\system32\GEARAspi.dll

    .

    ============= FINISH: 18:43:47.44 ===============
     

     

     

     

     

     

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    .

    ==== Disk Partitions =========================

    .

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    No restore point in system.

    .

    ==== Installed Programs ======================

    .

    32 Bit HP CIO Components Installer

    Ad-Aware

    Ad-Aware Security Toolbar

    Adobe AIR

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.4)

    Adobe Shockwave Player 11

    AIO_Scan

    Amazon MP3 Downloader 1.0.4

    AOL Broadband Toolbar 5.0

    AOL Registration

    AOL Toolbar 5.0

    AOL Uninstaller (Choose which Products to Remove)

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Art Effects for PDR10

    µTorrent

    BBC iPlayer Desktop

    BlackBerry App World Browser Plugin

    BlackBerry Desktop Software 7.1

    Bonjour

    BT Desktop Help

    BTHomeHub

    BufferChm

    C4200

    C4200_doccd

    c4200_Help

    Cards_Calendar_OrderGift_DoMorePlugout

    Compatibility Pack for the 2007 Office system

    ConvertXtoDVD 3.5.3.139

    ConvertXtoDVD 4.1.9.347

    Copy

    CyberLink LabelPrint 2.5

    CyberLink Media Suite 10

    CyberLink MediaEspresso 6.5

    CyberLink MediaShow 6

    CyberLink OEM Share Pack 2

    CyberLink Power2Go 8

    CyberLink PowerBackup 2.6

    CyberLink PowerDirector 10

    CyberLink PowerDVD 12

    CyberLink PowerDVD Copy 1.5

    CyberLink PowerProducer 5.5

    CyberLink WaveEditor 2

    D3DX10

    Destination Component

    DeviceDiscovery

    DeviceManagementQFolder

    DocProc

    DocProcQFolder

    EasyBits Magic Desktop

    Enhanced Multimedia Keyboard Solution

    eSupportQFolder

    Google Chrome

    Google Earth

    Google Toolbar for Firefox

    Google Toolbar for Internet Explorer

    Google Update Helper

    Google Updater

    GoToAssist Corporate

    Hewlett-Packard Active Check

    Hewlett-Packard Asset Agent for Health Check

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    HP Advisor

    HP Customer Experience Enhancements

    HP Customer Feedback

    HP Easy Setup - Frontend

    HP Games

    HP Imaging Device Functions 9.0

    HP OCR Software 9.0

    HP On-Screen Cap/Num/Scroll Lock Indicator

    HP Photosmart All-In-One Software 9.0

    HP Photosmart Essential 2.5

    HP Picasso Media Center Add-In

    HP Product Assistant

    HP Smart Web Printing 4.60

    HP Solution Center 9.0

    HP Update

    HPDiagnosticAlert

    HPPhotoSmartPhotobookWebPack1

    HPProductAssistant

    iCloud

    Intel(R) Matrix Storage Manager

    iTunes

    Java Auto Updater

    Java(TM) 6 Update 31

    Java(TM) SE Runtime Environment 6 Update 1

    Junk Mail filter update

    LEGO Digital Designer

    LightScribe System Software

    Malwarebytes Anti-Malware version 1.62.0.1300

    MarketingReg

    Microsoft .NET Framework 3.5 SP1

    Microsoft .NET Framework 4 Client Profile

    Microsoft Application Error Reporting

    Microsoft Games for Windows - LIVE Redistributable

    Microsoft Games for Windows Marketplace

    Microsoft Office Home and Student 60 day trial

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft VC9 runtime libraries

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Works

    MSVC80_x86

    MSVC80_x86_v2

    MSVC90_x86

    MSVCRT

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB941833)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Norton 360

    Norton Bootable Recovery Tool Wizard

    NVIDIA Drivers

    OEM Share Pack

    OGA Notifier 2.0.0048.0

    PC Connectivity Solution

    Power2Go

    PowerDirector

    PS_AIO_ProductContext

    PS_AIO_Software

    PS_AIO_Software_min

    PSSWCORE

    Python 2.5

    QuickTime

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    RealPlayer

    Realtek High Definition Audio Driver

    RealUpgrade 1.1

    RTC Client API v1.2

    Safari

    Scan

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Segoe UI

    SmartWebPrinting

    Softease Browser

    SolutionCenter

    Status

    TomTom HOME 2.8.1.2218

    TomTom HOME Visual Studio Merge Modules

    Toolbox

    TrayApp

    UnloadSupport

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update Installer for WildTangent Games App

    Vanilla and Chocolate

    VideoToolkit01

    Viewpoint Media Player

    VLC media player 1.1.11

    WebReg

    WildTangent Games App (HP Games)

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Mail

    Windows Live Messenger

    Windows Live MIME IFilter

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live Sync

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    .

    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    I have tried to download RogueKiller as above but keep getting the following message

    'RogueKiller.exe / Winlogon.exe / Winlogon.com is unsafe to download and was blocked by SmartScreen Filter'
  6. Broni

    Broni Malware Annihilator Posts: 46,479   +252

  7. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Thanks Broni

    Here are the logs from RogueKiller and aswMBR

    RogueKiller V8.0.2 [08/31/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Mark [Admin rights]
    Mode : Scan -- Date : 09/09/2012 19:57:19
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-AJR0M.exe" /REG /REGSVRMODE) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}\U --> FOUND
    [ZeroAccess][FOLDER] U : C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}\U --> FOUND
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[13] : NtAlertResumeThread @ 0x820D15C3 -> HOOKED (Unknown @ 0x88096C88)
    SSDT[14] : NtAlertThread @ 0x8204A255 -> HOOKED (Unknown @ 0x88096D68)
    SSDT[18] : NtAllocateVirtualMemory @ 0x820864FB -> HOOKED (Unknown @ 0x87FE56E0)
    SSDT[21] : NtAlpcConnectPort @ 0x82028887 -> HOOKED (Unknown @ 0x87ED0F70)
    SSDT[42] : NtAssignProcessToJobObject @ 0x81FFBB43 -> HOOKED (Unknown @ 0x88096430)
    SSDT[67] : NtCreateMutant @ 0x8205E812 -> HOOKED (Unknown @ 0x880969D8)
    SSDT[77] : NtCreateSymbolicLinkObject @ 0x81FFE35A -> HOOKED (Unknown @ 0x88096150)
    SSDT[78] : NtCreateThread @ 0x820CFBE0 -> HOOKED (Unknown @ 0x87FE5BE8)
    SSDT[116] : NtDebugActiveProcess @ 0x820A2D22 -> HOOKED (Unknown @ 0x88096510)
    SSDT[129] : NtDuplicateObject @ 0x82036551 -> HOOKED (Unknown @ 0x87FE58B0)
    SSDT[147] : NtFreeVirtualMemory @ 0x81EC2F1D -> HOOKED (Unknown @ 0x87FE5498)
    SSDT[156] : NtImpersonateAnonymousToken @ 0x81FF8F12 -> HOOKED (Unknown @ 0x88096AC8)
    SSDT[158] : NtImpersonateThread @ 0x8200E54F -> HOOKED (Unknown @ 0x88096BA8)
    SSDT[165] : NtLoadDriver @ 0x81FA9DEE -> HOOKED (Unknown @ 0x87ED0BB8)
    SSDT[177] : NtMapViewOfSection @ 0x8204E89A -> HOOKED (Unknown @ 0x87FE5398)
    SSDT[184] : NtOpenEvent @ 0x82037DCF -> HOOKED (Unknown @ 0x880968F8)
    SSDT[194] : NtOpenProcess @ 0x8205EFAE -> HOOKED (Unknown @ 0x87FE5A90)
    SSDT[195] : NtOpenProcessToken @ 0x8203FA2E -> HOOKED (Unknown @ 0x87FE57D0)
    SSDT[197] : NtOpenSection @ 0x8204F66D -> HOOKED (Unknown @ 0x88096738)
    SSDT[201] : NtOpenThread @ 0x8205A4FF -> HOOKED (Unknown @ 0x87FE59A0)
    SSDT[210] : NtProtectVirtualMemory @ 0x820582E2 -> HOOKED (Unknown @ 0x88096340)
    SSDT[282] : NtResumeThread @ 0x82059B4A -> HOOKED (Unknown @ 0x88096E48)
    SSDT[289] : NtSetContextThread @ 0x820D106F -> HOOKED (Unknown @ 0x87FE50E8)
    SSDT[305] : NtSetInformationProcess @ 0x820528C8 -> HOOKED (Unknown @ 0x87FE51C8)
    SSDT[317] : NtSetSystemInformation @ 0x82024EEB -> HOOKED (Unknown @ 0x880965F0)
    SSDT[330] : NtSuspendProcess @ 0x820D14FF -> HOOKED (Unknown @ 0x88096818)
    SSDT[331] : NtSuspendThread @ 0x81FD892B -> HOOKED (Unknown @ 0x88096F28)
    SSDT[334] : NtTerminateProcess @ 0x8202F143 -> HOOKED (Unknown @ 0x87FE5CE8)
    SSDT[335] : unknown @ 0x8205A534 -> HOOKED (Unknown @ 0x87FE5048)
    SSDT[348] : NtUnmapViewOfSection @ 0x8204EB5D -> HOOKED (Unknown @ 0x87FE52B8)
    SSDT[358] : NtWriteVirtualMemory @ 0x8204B92D -> HOOKED (Unknown @ 0x87FE5588)
    SSDT[382] : NtCreateThreadEx @ 0x82059FE9 -> HOOKED (Unknown @ 0x88096240)
    S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x87159640)
    S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x87ED0D70)
    S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x87158390)
    S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x880B5998)
    S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x8882C7E8)
    S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8882CF78)
    S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8882C580)
    S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8882C4B0)
    S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x880AEAC0)
    S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x86F49C80)
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 832a299e0aa7d5dab4d1a2c09a18e8e4
    [BSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466441 Mo
    3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955273095 | Size: 10495 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-09 20:00:57
    -----------------------------
    20:00:57.184 OS Version: Windows 6.0.6002 Service Pack 2
    20:00:57.184 Number of processors: 4 586 0xF0B
    20:00:57.194 ComputerName: MARK-PC UserName: Mark
    20:00:59.611 Initialize success
    20:02:02.360 AVAST engine defs: 12090900
    20:02:19.004 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:02:19.004 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
    20:02:19.036 Disk 0 MBR read successfully
    20:02:19.036 Disk 0 MBR scan
    20:02:19.036 Disk 0 unknown MBR code
    20:02:19.051 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466441 MB offset 63
    20:02:19.082 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10495 MB offset 955273095
    20:02:19.082 Disk 0 scanning sectors +976768065
    20:02:19.145 Disk 0 scanning C:\Windows\system32\drivers
    20:02:37.163 Service scanning
    20:03:10.682 Modules scanning
    20:03:41.794 Disk 0 trace - called modules:
    20:03:41.832 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    20:03:41.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86645340]
    20:03:41.844 3 CLASSPNP.SYS[8b1ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8546e030]
    20:03:45.086 AVAST engine scan C:\Windows
    20:03:57.401 AVAST engine scan C:\Windows\system32
    20:10:16.470 AVAST engine scan C:\Windows\system32\drivers
    20:11:01.373 AVAST engine scan C:\Users\Mark
    20:12:40.023 File: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000324 **INFECTED** Win32:Adware-gen [Adw]
    20:17:44.605 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
    20:17:44.615 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
  8. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  9. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    Here's the TDSSKiller log - in 2 parts due to size

    20:36:08.0845 7096 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    20:36:10.0879 7096 ============================================================
    20:36:10.0879 7096 Current date / time: 2012/09/09 20:36:10.0879
    20:36:10.0879 7096 SystemInfo:
    20:36:10.0879 7096
    20:36:10.0879 7096 OS Version: 6.0.6002 ServicePack: 2.0
    20:36:10.0879 7096 Product type: Workstation
    20:36:10.0879 7096 ComputerName: MARK-PC
    20:36:10.0879 7096 UserName: Mark
    20:36:10.0879 7096 Windows directory: C:\Windows
    20:36:10.0879 7096 System windows directory: C:\Windows
    20:36:10.0879 7096 Processor architecture: Intel x86
    20:36:10.0879 7096 Number of processors: 4
    20:36:10.0879 7096 Page size: 0x1000
    20:36:10.0879 7096 Boot type: Normal boot
    20:36:10.0879 7096 ============================================================
    20:36:13.0845 7096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    20:36:13.0915 7096 ============================================================
    20:36:13.0915 7096 \Device\Harddisk0\DR0:
    20:36:13.0925 7096 MBR partitions:
    20:36:13.0925 7096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38F04F48
    20:36:13.0925 7096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38F04F87, BlocksNum 0x147FCBA
    20:36:13.0925 7096 ============================================================
    20:36:14.0075 7096 C: <-> \Device\Harddisk0\DR0\Partition1
    20:36:14.0165 7096 D: <-> \Device\Harddisk0\DR0\Partition2
    20:36:14.0235 7096 ============================================================
    20:36:14.0255 7096 Initialize success
    20:36:14.0255 7096 ============================================================
    20:37:34.0660 6292 ============================================================
    20:37:34.0660 6292 Scan started
    20:37:34.0660 6292 Mode: Manual;
    20:37:34.0660 6292 ============================================================
    20:37:38.0123 6292 ================ Scan system memory ========================
    20:37:38.0123 6292 System memory - ok
    20:37:38.0123 6292 ================ Scan services =============================
    20:37:38.0903 6292 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    20:37:38.0919 6292 ACPI - ok
    20:37:39.0044 6292 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:37:39.0044 6292 AdobeARMservice - ok
    20:37:39.0137 6292 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    20:37:39.0137 6292 AdobeFlashPlayerUpdateSvc - ok
    20:37:39.0215 6292 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    20:37:39.0215 6292 adp94xx - ok
    20:37:39.0293 6292 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
    20:37:39.0309 6292 adpahci - ok
    20:37:39.0356 6292 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    20:37:39.0356 6292 adpu160m - ok
    20:37:39.0402 6292 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    20:37:39.0402 6292 adpu320 - ok
    20:37:39.0496 6292 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:37:39.0496 6292 AeLookupSvc - ok
    20:37:39.0636 6292 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    20:37:39.0652 6292 AFD - ok
    20:37:39.0699 6292 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
    20:37:39.0714 6292 agp440 - ok
    20:37:39.0777 6292 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    20:37:39.0777 6292 aic78xx - ok
    20:37:39.0824 6292 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    20:37:39.0839 6292 ALG - ok
    20:37:39.0870 6292 [ C392B591746961B60F89FE1CBCA7B4FB ] aliide C:\Windows\system32\drivers\aliide.sys
    20:37:39.0870 6292 aliide - ok
    20:37:39.0886 6292 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    20:37:39.0886 6292 amdagp - ok
    20:37:39.0917 6292 [ F5F8D2885D1DF33C74764EA2C06C0028 ] amdide C:\Windows\system32\drivers\amdide.sys
    20:37:39.0917 6292 amdide - ok
    20:37:39.0933 6292 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    20:37:39.0933 6292 AmdK7 - ok
    20:37:39.0980 6292 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    20:37:40.0011 6292 AmdK8 - ok
    20:37:40.0104 6292 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    20:37:40.0104 6292 AOL ACS - ok
    20:37:40.0136 6292 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    20:37:40.0136 6292 Appinfo - ok
    20:37:40.0198 6292 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:37:40.0229 6292 Apple Mobile Device - ok
    20:37:40.0245 6292 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
    20:37:40.0245 6292 arc - ok
    20:37:40.0307 6292 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    20:37:40.0307 6292 arcsas - ok
    20:37:40.0354 6292 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:37:40.0354 6292 AsyncMac - ok
    20:37:40.0370 6292 [ BFD3DF48C9ED81934FE21E8E3CFC2496 ] atapi C:\Windows\system32\drivers\atapi.sys
    20:37:40.0385 6292 atapi - ok
    20:37:40.0448 6292 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:37:40.0448 6292 AudioEndpointBuilder - ok
    20:37:40.0448 6292 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    20:37:40.0463 6292 Audiosrv - ok
    20:37:40.0494 6292 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    20:37:40.0494 6292 Beep - ok
    20:37:40.0510 6292 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    20:37:40.0526 6292 BFE - ok
    20:37:41.0477 6292 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
    20:37:41.0493 6292 BHDrvx86 - ok
    20:37:41.0508 6292 blbdrive - ok
    20:37:41.0618 6292 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:37:41.0649 6292 Bonjour Service - ok
    20:37:41.0727 6292 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:37:41.0727 6292 bowser - ok
    20:37:41.0758 6292 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    20:37:41.0758 6292 BrFiltLo - ok
    20:37:41.0789 6292 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    20:37:41.0789 6292 BrFiltUp - ok
    20:37:41.0820 6292 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    20:37:41.0820 6292 Browser - ok
    20:37:41.0867 6292 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    20:37:41.0867 6292 Brserid - ok
    20:37:41.0914 6292 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    20:37:41.0945 6292 BrSerWdm - ok
    20:37:41.0976 6292 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    20:37:41.0976 6292 BrUsbMdm - ok
    20:37:41.0992 6292 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    20:37:41.0992 6292 BrUsbSer - ok
    20:37:42.0023 6292 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    20:37:42.0023 6292 BTHMODEM - ok
    20:37:42.0148 6292 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_N360 C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys
    20:37:42.0148 6292 ccSet_N360 - ok
    20:37:42.0210 6292 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:37:42.0210 6292 cdfs - ok
    20:37:42.0288 6292 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    20:37:42.0288 6292 cdrom - ok
    20:37:42.0398 6292 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    20:37:42.0398 6292 CertPropSvc - ok
    20:37:42.0507 6292 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
    20:37:42.0507 6292 circlass - ok
    20:37:42.0585 6292 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    20:37:42.0585 6292 CLFS - ok
    20:37:42.0912 6292 [ 2BD10F37E6122D91697A13EF17B18087 ] CLHNServiceForPowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    20:37:42.0944 6292 CLHNServiceForPowerDVD12 - ok
    20:37:43.0022 6292 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:37:43.0053 6292 clr_optimization_v2.0.50727_32 - ok
    20:37:43.0256 6292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:37:43.0318 6292 clr_optimization_v4.0.30319_32 - ok
    20:37:43.0396 6292 [ 657C94FAC8C4B5CE0AA338A361E01E87 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
    20:37:43.0396 6292 CLVirtualDrive - ok
    20:37:43.0412 6292 [ 78D56FE738F63D7FEFCC7B396C5DCB67 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    20:37:43.0412 6292 cmdide - ok
    20:37:43.0443 6292 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    20:37:43.0443 6292 Compbatt - ok
    20:37:43.0443 6292 COMSysApp - ok
    20:37:43.0458 6292 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    20:37:43.0474 6292 crcdisk - ok
    20:37:43.0505 6292 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    20:37:43.0505 6292 Crusoe - ok
    20:37:43.0568 6292 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:37:43.0568 6292 CryptSvc - ok
    20:37:43.0630 6292 [ 8EB5F4EA0EC0535A18CEE819E2A8DB86 ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    20:37:43.0646 6292 CyberLink PowerDVD 12 Media Server Monitor Service - ok
    20:37:43.0692 6292 [ DD9374D59CF4C850C4B211B498676CD2 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    20:37:43.0692 6292 CyberLink PowerDVD 12 Media Server Service - ok
    20:37:43.0770 6292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:37:43.0786 6292 DcomLaunch - ok
    20:37:43.0833 6292 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:37:43.0864 6292 DfsC - ok
    20:37:44.0098 6292 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    20:37:44.0129 6292 DFSR - ok
    20:37:44.0160 6292 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    20:37:44.0160 6292 Dhcp - ok
    20:37:44.0254 6292 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    20:37:44.0285 6292 disk - ok
    20:37:44.0363 6292 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:37:44.0394 6292 Dnscache - ok
    20:37:44.0426 6292 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    20:37:44.0426 6292 dot3svc - ok
    20:37:44.0504 6292 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    20:37:44.0504 6292 Dot4 - ok
    20:37:44.0535 6292 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    20:37:44.0535 6292 Dot4Print - ok
    20:37:44.0566 6292 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    20:37:44.0566 6292 dot4usb - ok
    20:37:44.0597 6292 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    20:37:44.0597 6292 DPS - ok
    20:37:44.0644 6292 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:37:44.0644 6292 drmkaud - ok
    20:37:44.0925 6292 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:37:44.0956 6292 DXGKrnl - ok
    20:37:45.0034 6292 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    20:37:45.0034 6292 E1G60 - ok
    20:37:45.0081 6292 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    20:37:45.0081 6292 EapHost - ok
    20:37:45.0159 6292 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    20:37:45.0190 6292 Ecache - ok
    20:37:45.0268 6292 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    20:37:45.0268 6292 eeCtrl - ok
    20:37:45.0330 6292 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:37:45.0330 6292 ehRecvr - ok
    20:37:45.0362 6292 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    20:37:45.0377 6292 ehSched - ok
    20:37:45.0393 6292 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    20:37:45.0393 6292 ehstart - ok
    20:37:45.0440 6292 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
    20:37:45.0455 6292 elxstor - ok
    20:37:45.0549 6292 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    20:37:45.0564 6292 EMDMgmt - ok
    20:37:45.0596 6292 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    20:37:45.0596 6292 EraserUtilRebootDrv - ok
    20:37:45.0658 6292 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    20:37:45.0658 6292 EventSystem - ok
    20:37:45.0752 6292 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    20:37:45.0767 6292 exfat - ok
    20:37:45.0798 6292 [ 9F5984873CDEA9BA1A0689DABF931E13 ] ezntsvc C:\Windows\system32\ezNTSvc.exe
    20:37:45.0798 6292 ezntsvc - ok
    20:37:45.0908 6292 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:37:45.0923 6292 fastfat - ok
    20:37:45.0970 6292 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:37:45.0970 6292 fdc - ok
    20:37:46.0032 6292 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    20:37:46.0032 6292 fdPHost - ok
    20:37:46.0079 6292 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    20:37:46.0079 6292 FDResPub - ok
    20:37:46.0126 6292 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:37:46.0157 6292 FileInfo - ok
    20:37:46.0188 6292 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:37:46.0188 6292 Filetrace - ok
    20:37:46.0204 6292 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:37:46.0204 6292 flpydisk - ok
    20:37:46.0344 6292 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:37:46.0376 6292 FltMgr - ok
    20:37:46.0547 6292 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    20:37:46.0563 6292 FontCache - ok
    20:37:46.0656 6292 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    20:37:46.0688 6292 FontCache3.0.0.0 - ok
    20:37:46.0719 6292 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    20:37:46.0719 6292 fssfltr - ok
    20:37:47.0171 6292 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    20:37:47.0202 6292 fsssvc - ok
    20:37:47.0296 6292 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
    20:37:47.0327 6292 FsUsbExDisk - ok
    20:37:47.0374 6292 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:37:47.0374 6292 Fs_Rec - ok
    20:37:47.0405 6292 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    20:37:47.0405 6292 gagp30kx - ok
    20:37:47.0546 6292 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
    20:37:47.0561 6292 GamesAppService - ok
    20:37:47.0608 6292 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:37:47.0608 6292 GEARAspiWDM - ok
    20:37:47.0733 6292 [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
    20:37:47.0764 6292 GoToAssist - ok
    20:37:47.0811 6292 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    20:37:47.0826 6292 gpsvc - ok
    20:37:47.0998 6292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    20:37:47.0998 6292 gupdate - ok
    20:37:48.0029 6292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    20:37:48.0029 6292 gupdatem - ok
    20:37:48.0045 6292 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:37:48.0045 6292 gusvc - ok
    20:37:48.0123 6292 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:37:48.0123 6292 HDAudBus - ok
    20:37:48.0154 6292 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    20:37:48.0154 6292 HidBth - ok
    20:37:48.0201 6292 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    20:37:48.0232 6292 HidIr - ok
    20:37:48.0263 6292 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    20:37:48.0263 6292 hidserv - ok
    20:37:48.0294 6292 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:37:48.0294 6292 HidUsb - ok
    20:37:48.0326 6292 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:37:48.0357 6292 hkmsvc - ok
    20:37:48.0435 6292 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    20:37:48.0466 6292 HP Health Check Service - ok
    20:37:48.0513 6292 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    20:37:48.0528 6292 HpCISSs - ok
    20:37:48.0638 6292 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    20:37:48.0638 6292 hpqcxs08 - ok
    20:37:48.0716 6292 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    20:37:48.0716 6292 hpqddsvc - ok
    20:37:48.0809 6292 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:37:48.0825 6292 HTTP - ok
    20:37:48.0856 6292 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    20:37:48.0856 6292 i2omp - ok
    20:37:48.0903 6292 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    20:37:48.0903 6292 i8042prt - ok
    20:37:48.0934 6292 [ 11A220EB53F1D42B8AF0AD1210B8241D ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    20:37:48.0950 6292 IAANTMON - ok
    20:37:48.0965 6292 [ 25C3D5F66A74A7BDDECA56085F040D2E ] iaStor C:\Windows\system32\drivers\iastor.sys
    20:37:48.0965 6292 iaStor - ok
    20:37:48.0996 6292 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    20:37:49.0012 6292 iaStorV - ok
    20:37:49.0090 6292 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:37:49.0106 6292 idsvc - ok
    20:37:49.0340 6292 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20120907.001\IDSvix86.sys
    20:37:49.0355 6292 IDSVix86 - ok
    20:37:49.0371 6292 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    20:37:49.0371 6292 iirsp - ok
    20:37:49.0449 6292 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    20:37:49.0464 6292 IKEEXT - ok
    20:37:49.0574 6292 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    20:37:49.0589 6292 IntcAzAudAddService - ok
    20:37:49.0620 6292 [ E08FB545EDA9D1E3CA689B4B3F6E4C22 ] intelide C:\Windows\system32\drivers\intelide.sys
    20:37:49.0620 6292 intelide - ok
    20:37:49.0652 6292 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:37:49.0652 6292 intelppm - ok
    20:37:49.0683 6292 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:37:49.0683 6292 IPBusEnum - ok
    20:37:49.0730 6292 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:37:49.0730 6292 IpFilterDriver - ok
    20:37:49.0730 6292 IpInIp - ok
    20:37:49.0761 6292 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    20:37:49.0761 6292 IPMIDRV - ok
    20:37:49.0808 6292 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    20:37:49.0808 6292 IPNAT - ok
    20:37:49.0854 6292 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:37:49.0870 6292 iPod Service - ok
    20:37:49.0901 6292 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:37:49.0901 6292 IRENUM - ok
    20:37:49.0932 6292 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    20:37:49.0932 6292 isapnp - ok
    20:37:49.0979 6292 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    20:37:49.0979 6292 iScsiPrt - ok
    20:37:49.0995 6292 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    20:37:50.0010 6292 iteatapi - ok
    20:37:50.0042 6292 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    20:37:50.0042 6292 iteraid - ok
    20:37:50.0057 6292 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    20:37:50.0073 6292 kbdclass - ok
    20:37:50.0088 6292 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    20:37:50.0088 6292 kbdhid - ok
    20:37:50.0120 6292 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    20:37:50.0120 6292 KeyIso - ok
    20:37:50.0151 6292 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:37:50.0151 6292 KSecDD - ok
    20:37:50.0182 6292 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:37:50.0198 6292 KtmRm - ok
    20:37:50.0260 6292 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    20:37:50.0260 6292 LanmanServer - ok
    20:37:50.0385 6292 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:37:50.0385 6292 LanmanWorkstation - ok
    20:37:50.0931 6292 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    20:37:50.0978 6292 Lavasoft Ad-Aware Service - ok
    20:37:51.0040 6292 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    20:37:51.0040 6292 Lavasoft Kernexplorer - ok
    20:37:51.0118 6292 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
    20:37:51.0118 6292 Lbd - ok
    20:37:51.0165 6292 [ 4B142775DAD98274C58F3B5893376C20 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    20:37:51.0165 6292 LightScribeService - ok
    20:37:51.0212 6292 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:37:51.0212 6292 lltdio - ok
    20:37:51.0258 6292 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:37:51.0258 6292 lltdsvc - ok
    20:37:51.0321 6292 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:37:51.0321 6292 lmhosts - ok
    20:37:51.0368 6292 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    20:37:51.0399 6292 LSI_FC - ok
    20:37:51.0430 6292 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    20:37:51.0430 6292 LSI_SAS - ok
    20:37:51.0461 6292 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    20:37:51.0461 6292 LSI_SCSI - ok
    20:37:51.0492 6292 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    20:37:51.0492 6292 luafv - ok
    20:37:51.0524 6292 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    20:37:51.0524 6292 MBAMProtector - ok
    20:37:51.0602 6292 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    20:37:51.0602 6292 MBAMService - ok
    20:37:51.0664 6292 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:37:51.0680 6292 Mcx2Svc - ok
    20:37:51.0711 6292 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
    20:37:51.0711 6292 megasas - ok
    20:37:51.0726 6292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    20:37:51.0726 6292 MMCSS - ok
    20:37:51.0758 6292 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    20:37:51.0758 6292 Modem - ok
    20:37:51.0789 6292 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
  10. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    Part 2 of TDSSKiller log

    20:37:51.0789 6292 monitor - ok
    20:37:51.0804 6292 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    20:37:51.0804 6292 mouclass - ok
    20:37:51.0851 6292 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:37:51.0851 6292 mouhid - ok
    20:37:51.0882 6292 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    20:37:51.0882 6292 MountMgr - ok
    20:37:51.0914 6292 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
    20:37:51.0914 6292 mpio - ok
    20:37:51.0960 6292 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:37:51.0976 6292 mpsdrv - ok
    20:37:52.0054 6292 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    20:37:52.0054 6292 MpsSvc - ok
    20:37:52.0085 6292 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    20:37:52.0085 6292 Mraid35x - ok
    20:37:52.0210 6292 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    20:37:52.0210 6292 MREMP50 - ok
    20:37:52.0210 6292 MREMPR5 - ok
    20:37:52.0226 6292 MRENDIS5 - ok
    20:37:52.0272 6292 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    20:37:52.0288 6292 MRESP50 - ok
    20:37:52.0366 6292 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:37:52.0366 6292 MRxDAV - ok
    20:37:52.0444 6292 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:37:52.0460 6292 mrxsmb - ok
    20:37:52.0522 6292 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:37:52.0522 6292 mrxsmb10 - ok
    20:37:52.0553 6292 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:37:52.0553 6292 mrxsmb20 - ok
    20:37:52.0584 6292 [ D537C241DB604FA86E46328DA0FD83D6 ] msahci C:\Windows\system32\drivers\msahci.sys
    20:37:52.0600 6292 msahci - ok
    20:37:52.0631 6292 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    20:37:52.0631 6292 msdsm - ok
    20:37:52.0662 6292 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    20:37:52.0662 6292 MSDTC - ok
    20:37:52.0709 6292 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:37:52.0709 6292 Msfs - ok
    20:37:52.0725 6292 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    20:37:52.0725 6292 msisadrv - ok
    20:37:52.0756 6292 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:37:52.0787 6292 MSiSCSI - ok
    20:37:52.0787 6292 msiserver - ok
    20:37:52.0818 6292 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:37:52.0818 6292 MSKSSRV - ok
    20:37:52.0850 6292 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:37:52.0850 6292 MSPCLOCK - ok
    20:37:52.0865 6292 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:37:52.0865 6292 MSPQM - ok
    20:37:52.0928 6292 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:37:52.0928 6292 MsRPC - ok
    20:37:52.0959 6292 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    20:37:52.0974 6292 mssmbios - ok
    20:37:52.0990 6292 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:37:52.0990 6292 MSTEE - ok
    20:37:53.0052 6292 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    20:37:53.0052 6292 Mup - ok
    20:37:53.0364 6292 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files\Norton 360\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
    20:37:53.0380 6292 N360 - ok
    20:37:53.0458 6292 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    20:37:53.0474 6292 napagent - ok
    20:37:53.0552 6292 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:37:53.0552 6292 NativeWifiP - ok
    20:37:53.0692 6292 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20120908.009\NAVENG.SYS
    20:37:53.0692 6292 NAVENG - ok
    20:37:53.0786 6292 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20120908.009\NAVEX15.SYS
    20:37:53.0801 6292 NAVEX15 - ok
    20:37:53.0879 6292 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:37:53.0879 6292 NDIS - ok
    20:37:53.0910 6292 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:37:53.0926 6292 NdisTapi - ok
    20:37:53.0942 6292 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:37:53.0942 6292 Ndisuio - ok
    20:37:54.0004 6292 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:37:54.0020 6292 NdisWan - ok
    20:37:54.0051 6292 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:37:54.0051 6292 NDProxy - ok
    20:37:54.0098 6292 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    20:37:54.0098 6292 Net Driver HPZ12 - ok
    20:37:54.0113 6292 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:37:54.0113 6292 NetBIOS - ok
    20:37:54.0222 6292 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    20:37:54.0222 6292 netbt - ok
    20:37:54.0254 6292 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    20:37:54.0254 6292 Netlogon - ok
    20:37:54.0300 6292 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    20:37:54.0316 6292 Netman - ok
    20:37:54.0394 6292 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    20:37:54.0410 6292 netprofm - ok
    20:37:54.0472 6292 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:37:54.0488 6292 NetTcpPortSharing - ok
    20:37:54.0566 6292 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    20:37:54.0581 6292 nfrd960 - ok
    20:37:54.0597 6292 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:37:54.0597 6292 NlaSvc - ok
    20:37:54.0706 6292 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:37:54.0706 6292 Npfs - ok
    20:37:54.0737 6292 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    20:37:54.0737 6292 nsi - ok
    20:37:54.0800 6292 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:37:54.0815 6292 nsiproxy - ok
    20:37:54.0971 6292 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:37:54.0987 6292 Ntfs - ok
    20:37:55.0190 6292 [ 4A6A8C2882EA29F7CAE995E82C259EEB ] ntk_PowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys
    20:37:55.0205 6292 ntk_PowerDVD12 - ok
    20:37:55.0236 6292 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    20:37:55.0236 6292 ntrigdigi - ok
    20:37:55.0268 6292 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    20:37:55.0268 6292 Null - ok
    20:37:55.0767 6292 [ 351265910A8EF5FC6CC4535A00054049 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:37:55.0907 6292 nvlddmkm - ok
    20:37:55.0985 6292 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:37:55.0985 6292 nvraid - ok
    20:37:56.0032 6292 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:37:56.0032 6292 nvstor - ok
    20:37:56.0079 6292 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    20:37:56.0079 6292 nv_agp - ok
    20:37:56.0079 6292 NwlnkFlt - ok
    20:37:56.0094 6292 NwlnkFwd - ok
    20:37:56.0188 6292 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    20:37:56.0188 6292 ohci1394 - ok
    20:37:56.0250 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    20:37:56.0266 6292 p2pimsvc - ok
    20:37:56.0282 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    20:37:56.0282 6292 p2psvc - ok
    20:37:56.0297 6292 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    20:37:56.0297 6292 Parport - ok
    20:37:56.0344 6292 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:37:56.0344 6292 partmgr - ok
    20:37:56.0375 6292 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    20:37:56.0375 6292 Parvdm - ok
    20:37:56.0422 6292 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:37:56.0422 6292 PcaSvc - ok
    20:37:56.0453 6292 [ C96C14987F167F461266A6C6028B698B ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
    20:37:56.0469 6292 pcCMService - ok
    20:37:56.0516 6292 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
    20:37:56.0516 6292 pccsmcfd - ok
    20:37:56.0609 6292 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    20:37:56.0609 6292 pci - ok
    20:37:56.0640 6292 [ A88FF9E32AAA9AF398AE89B9A082870B ] pciide C:\Windows\system32\drivers\pciide.sys
    20:37:56.0672 6292 pciide - ok
    20:37:56.0718 6292 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    20:37:56.0718 6292 pcmcia - ok
    20:37:56.0765 6292 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
    20:37:56.0781 6292 pcouffin - ok
    20:37:56.0796 6292 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:37:56.0812 6292 PEAUTH - ok
    20:37:56.0890 6292 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    20:37:56.0906 6292 pla - ok
    20:37:56.0968 6292 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:37:56.0984 6292 PlugPlay - ok
    20:37:57.0030 6292 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    20:37:57.0030 6292 Pml Driver HPZ12 - ok
    20:37:57.0046 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    20:37:57.0046 6292 PNRPAutoReg - ok
    20:37:57.0062 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    20:37:57.0077 6292 PNRPsvc - ok
    20:37:57.0093 6292 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:37:57.0093 6292 PolicyAgent - ok
    20:37:57.0124 6292 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:37:57.0124 6292 PptpMiniport - ok
    20:37:57.0155 6292 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
    20:37:57.0155 6292 Processor - ok
    20:37:57.0233 6292 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    20:37:57.0233 6292 ProfSvc - ok
    20:37:57.0280 6292 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:37:57.0280 6292 ProtectedStorage - ok
    20:37:57.0311 6292 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
    20:37:57.0311 6292 Ps2 - ok
    20:37:57.0374 6292 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    20:37:57.0389 6292 PSched - ok
    20:37:57.0452 6292 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    20:37:57.0452 6292 ql2300 - ok
    20:37:57.0483 6292 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    20:37:57.0498 6292 ql40xx - ok
    20:37:57.0530 6292 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    20:37:57.0530 6292 QWAVE - ok
    20:37:57.0561 6292 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:37:57.0561 6292 QWAVEdrv - ok
    20:37:57.0592 6292 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:37:57.0592 6292 RasAcd - ok
    20:37:57.0608 6292 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    20:37:57.0623 6292 RasAuto - ok
    20:37:57.0639 6292 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:37:57.0639 6292 Rasl2tp - ok
    20:37:57.0701 6292 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    20:37:57.0717 6292 RasMan - ok
    20:37:57.0795 6292 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:37:57.0795 6292 RasPppoe - ok
    20:37:57.0857 6292 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:37:57.0873 6292 RasSstp - ok
    20:37:57.0935 6292 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:37:57.0935 6292 rdbss - ok
    20:37:57.0966 6292 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:37:57.0966 6292 RDPCDD - ok
    20:37:58.0013 6292 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    20:37:58.0013 6292 rdpdr - ok
    20:37:58.0013 6292 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:37:58.0013 6292 RDPENCDD - ok
    20:37:58.0076 6292 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:37:58.0107 6292 RDPWD - ok
    20:37:58.0122 6292 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:37:58.0122 6292 RemoteAccess - ok
    20:37:58.0185 6292 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:37:58.0216 6292 RemoteRegistry - ok
    20:37:58.0263 6292 [ 7728B6AEDC83BC0DEFD0A53371D4613B ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    20:37:58.0263 6292 RichVideo - ok
    20:37:58.0325 6292 RimUsb - ok
    20:37:58.0341 6292 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
    20:37:58.0341 6292 RimVSerPort - ok
    20:37:58.0388 6292 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    20:37:58.0388 6292 ROOTMODEM - ok
    20:37:58.0403 6292 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    20:37:58.0403 6292 RpcLocator - ok
    20:37:58.0544 6292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    20:37:58.0544 6292 RpcSs - ok
    20:37:58.0590 6292 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:37:58.0590 6292 rspndr - ok
    20:37:58.0622 6292 [ C347A3CDE57077056E7E73D3498F7D7D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
    20:37:58.0637 6292 RTL8169 - ok
    20:37:58.0637 6292 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    20:37:58.0637 6292 SamSs - ok
    20:37:58.0684 6292 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    20:37:58.0700 6292 sbp2port - ok
    20:37:58.0778 6292 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:37:58.0793 6292 SCardSvr - ok
    20:37:58.0934 6292 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    20:37:58.0949 6292 Schedule - ok
    20:37:58.0965 6292 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:37:58.0965 6292 SCPolicySvc - ok
    20:37:58.0996 6292 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:37:59.0012 6292 SDRSVC - ok
    20:37:59.0043 6292 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:37:59.0043 6292 secdrv - ok
    20:37:59.0043 6292 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    20:37:59.0058 6292 seclogon - ok
    20:37:59.0058 6292 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    20:37:59.0074 6292 SENS - ok
    20:37:59.0090 6292 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    20:37:59.0090 6292 Serenum - ok
    20:37:59.0105 6292 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    20:37:59.0121 6292 Serial - ok
    20:37:59.0152 6292 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    20:37:59.0152 6292 sermouse - ok
    20:37:59.0292 6292 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    20:37:59.0308 6292 ServiceLayer - ok
    20:37:59.0339 6292 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    20:37:59.0355 6292 SessionEnv - ok
    20:37:59.0386 6292 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    20:37:59.0386 6292 sffdisk - ok
    20:37:59.0433 6292 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    20:37:59.0448 6292 sffp_mmc - ok
    20:37:59.0464 6292 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    20:37:59.0464 6292 sffp_sd - ok
    20:37:59.0480 6292 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    20:37:59.0480 6292 sfloppy - ok
    20:37:59.0542 6292 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:37:59.0558 6292 ShellHWDetection - ok
    20:37:59.0573 6292 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    20:37:59.0573 6292 sisagp - ok
    20:37:59.0589 6292 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    20:37:59.0589 6292 SiSRaid2 - ok
    20:37:59.0604 6292 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    20:37:59.0620 6292 SiSRaid4 - ok
    20:37:59.0745 6292 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    20:37:59.0823 6292 slsvc - ok
    20:37:59.0916 6292 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    20:37:59.0932 6292 SLUINotify - ok
    20:37:59.0994 6292 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:38:00.0010 6292 Smb - ok
    20:38:00.0041 6292 [ C62609CFB5A0E0EDD791E53487C48168 ] SMR310 C:\Windows\system32\drivers\SMR310.SYS
    20:38:00.0041 6292 SMR310 - ok
    20:38:00.0072 6292 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:38:00.0072 6292 SNMPTRAP - ok
    20:38:00.0104 6292 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    20:38:00.0104 6292 spldr - ok
    20:38:00.0166 6292 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    20:38:00.0166 6292 Spooler - ok
    20:38:00.0353 6292 [ 5CAC2130C217FF7DDBE6D59AC6131F1D ] SRTSP C:\Windows\system32\drivers\N360\1401010.002\SRTSP.SYS
    20:38:00.0369 6292 SRTSP - ok
    20:38:00.0384 6292 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\N360\1401010.002\SRTSPX.SYS
    20:38:00.0384 6292 SRTSPX - ok
    20:38:00.0462 6292 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:38:00.0462 6292 srv - ok
    20:38:00.0525 6292 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:38:00.0540 6292 srv2 - ok
    20:38:00.0556 6292 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:38:00.0556 6292 srvnet - ok
    20:38:00.0587 6292 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:38:00.0587 6292 SSDPSRV - ok
    20:38:00.0618 6292 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:38:00.0634 6292 SstpSvc - ok
    20:38:00.0681 6292 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
    20:38:00.0681 6292 StarOpen - ok
    20:38:00.0759 6292 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    20:38:00.0821 6292 stisvc - ok
    20:38:00.0837 6292 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    20:38:00.0837 6292 swenum - ok
    20:38:00.0899 6292 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    20:38:00.0915 6292 swprv - ok
    20:38:00.0946 6292 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    20:38:00.0946 6292 Symc8xx - ok
    20:38:00.0993 6292 [ 0004CCDD046A873CFF06427B06BE0B28 ] SymDS C:\Windows\system32\drivers\N360\1401010.002\SYMDS.SYS
    20:38:01.0008 6292 SymDS - ok
    20:38:01.0242 6292 [ 4C24298500C31E84F5FDFAE6339902CD ] SymEFA C:\Windows\system32\drivers\N360\1401010.002\SYMEFA.SYS
    20:38:01.0274 6292 SymEFA - ok
    20:38:01.0320 6292 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
    20:38:01.0320 6292 SymEvent - ok
    20:38:01.0336 6292 SymIMMP - ok
    20:38:01.0430 6292 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1401010.002\Ironx86.SYS
    20:38:01.0445 6292 SymIRON - ok
    20:38:01.0586 6292 [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv C:\Windows\system32\drivers\N360\1401010.002\SYMTDIV.SYS
    20:38:01.0617 6292 SYMTDIv - ok
    20:38:01.0648 6292 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    20:38:01.0664 6292 Sym_hi - ok
    20:38:01.0664 6292 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    20:38:01.0679 6292 Sym_u3 - ok
    20:38:01.0726 6292 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    20:38:01.0742 6292 SysMain - ok
    20:38:01.0788 6292 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:38:01.0804 6292 TabletInputService - ok
    20:38:01.0851 6292 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:38:01.0882 6292 TapiSrv - ok
    20:38:01.0898 6292 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    20:38:01.0913 6292 TBS - ok
    20:38:01.0944 6292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:38:01.0960 6292 Tcpip - ok
    20:38:01.0976 6292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:38:01.0991 6292 Tcpip6 - ok
    20:38:02.0038 6292 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:38:02.0069 6292 tcpipreg - ok
    20:38:02.0100 6292 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:38:02.0100 6292 TDPIPE - ok
    20:38:02.0132 6292 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:38:02.0132 6292 TDTCP - ok
    20:38:02.0178 6292 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:38:02.0178 6292 tdx - ok
    20:38:02.0241 6292 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    20:38:02.0241 6292 TermDD - ok
    20:38:02.0319 6292 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    20:38:02.0319 6292 TermService - ok
    20:38:02.0334 6292 TfFsMon - ok
    20:38:02.0334 6292 TfNetMon - ok
    20:38:02.0334 6292 TfSysMon - ok
    20:38:02.0381 6292 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    20:38:02.0381 6292 Themes - ok
    20:38:02.0428 6292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    20:38:02.0428 6292 THREADORDER - ok
    20:38:02.0522 6292 [ 39BD95A9FE72AAF5C675AD146BE456A9 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    20:38:02.0522 6292 TomTomHOMEService - ok
    20:38:02.0553 6292 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    20:38:02.0553 6292 TrkWks - ok
    20:38:02.0678 6292 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:38:02.0709 6292 TrustedInstaller - ok
    20:38:02.0756 6292 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:38:02.0756 6292 tssecsrv - ok
    20:38:02.0818 6292 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    20:38:02.0818 6292 tunmp - ok
    20:38:02.0865 6292 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:38:02.0865 6292 tunnel - ok
    20:38:02.0943 6292 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    20:38:02.0958 6292 uagp35 - ok
    20:38:03.0005 6292 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:38:03.0021 6292 udfs - ok
    20:38:03.0052 6292 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:38:03.0052 6292 UI0Detect - ok
    20:38:03.0083 6292 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    20:38:03.0083 6292 uliagpkx - ok
    20:38:03.0114 6292 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
    20:38:03.0114 6292 uliahci - ok
    20:38:03.0130 6292 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    20:38:03.0146 6292 UlSata - ok
    20:38:03.0161 6292 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    20:38:03.0161 6292 ulsata2 - ok
    20:38:03.0208 6292 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    20:38:03.0208 6292 umbus - ok
    20:38:03.0239 6292 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    20:38:03.0239 6292 upnphost - ok
    20:38:03.0270 6292 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    20:38:03.0270 6292 USBAAPL - ok
    20:38:03.0286 6292 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    20:38:03.0286 6292 usbccgp - ok
    20:38:03.0317 6292 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    20:38:03.0317 6292 usbcir - ok
    20:38:03.0348 6292 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    20:38:03.0348 6292 usbehci - ok
    20:38:03.0489 6292 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    20:38:03.0520 6292 usbhub - ok
    20:38:03.0536 6292 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
    20:38:03.0536 6292 usbohci - ok
    20:38:03.0582 6292 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:38:03.0582 6292 usbprint - ok
    20:38:03.0614 6292 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    20:38:03.0614 6292 usbscan - ok
    20:38:03.0629 6292 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:38:03.0629 6292 USBSTOR - ok
    20:38:03.0660 6292 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    20:38:03.0660 6292 usbuhci - ok
    20:38:03.0723 6292 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    20:38:03.0754 6292 UxSms - ok
    20:38:03.0801 6292 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    20:38:03.0816 6292 vds - ok
    20:38:03.0879 6292 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:38:03.0879 6292 vga - ok
    20:38:03.0910 6292 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:38:03.0910 6292 VgaSave - ok
    20:38:03.0941 6292 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
    20:38:03.0941 6292 viaagp - ok
    20:38:03.0957 6292 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    20:38:03.0957 6292 ViaC7 - ok
    20:38:03.0972 6292 [ F2EB2E6E21B008695D3D28E69937DA9C ] viaide C:\Windows\system32\drivers\viaide.sys
    20:38:03.0972 6292 viaide - ok
    20:38:04.0004 6292 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    20:38:04.0004 6292 volmgr - ok
    20:38:04.0175 6292 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:38:04.0206 6292 volmgrx - ok
    20:38:04.0253 6292 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    20:38:04.0269 6292 volsnap - ok
    20:38:04.0300 6292 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    20:38:04.0316 6292 vsmraid - ok
    20:38:04.0378 6292 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    20:38:04.0394 6292 VSS - ok
    20:38:04.0550 6292 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    20:38:04.0596 6292 W32Time - ok
    20:38:04.0628 6292 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    20:38:04.0628 6292 WacomPen - ok
    20:38:04.0659 6292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    20:38:04.0674 6292 Wanarp - ok
    20:38:04.0674 6292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:38:04.0674 6292 Wanarpv6 - ok
    20:38:04.0706 6292 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\Windows\system32\DRIVERS\wanatw4.sys
    20:38:04.0706 6292 wanatw - ok
    20:38:04.0721 6292 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:38:04.0721 6292 wcncsvc - ok
    20:38:04.0752 6292 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:38:04.0752 6292 WcsPlugInService - ok
    20:38:04.0784 6292 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
    20:38:04.0784 6292 Wd - ok
    20:38:04.0893 6292 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:38:04.0924 6292 Wdf01000 - ok
    20:38:04.0971 6292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:38:04.0971 6292 WdiServiceHost - ok
    20:38:04.0986 6292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:38:04.0986 6292 WdiSystemHost - ok
    20:38:05.0064 6292 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    20:38:05.0064 6292 WebClient - ok
    20:38:05.0127 6292 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:38:05.0158 6292 Wecsvc - ok
    20:38:05.0205 6292 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:38:05.0205 6292 wercplsupport - ok
    20:38:05.0267 6292 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:38:05.0267 6292 WerSvc - ok
    20:38:05.0283 6292 WinHttpAutoProxySvc - ok
    20:38:05.0361 6292 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:38:05.0376 6292 Winmgmt - ok
    20:38:05.0642 6292 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    20:38:05.0688 6292 WinRM - ok
    20:38:05.0829 6292 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:38:05.0844 6292 Wlansvc - ok
    20:38:06.0624 6292 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:38:06.0640 6292 wlidsvc - ok
    20:38:06.0687 6292 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    20:38:06.0687 6292 WmiAcpi - ok
    20:38:06.0749 6292 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:38:06.0765 6292 wmiApSrv - ok
    20:38:06.0843 6292 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    20:38:06.0858 6292 WMPNetworkSvc - ok
    20:38:06.0905 6292 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:38:06.0936 6292 WPCSvc - ok
    20:38:07.0030 6292 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:38:07.0061 6292 WPDBusEnum - ok
    20:38:07.0139 6292 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    20:38:07.0170 6292 WpdUsb - ok
    20:38:07.0451 6292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    20:38:07.0467 6292 WPFFontCache_v0400 - ok
    20:38:07.0545 6292 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:38:07.0560 6292 ws2ifsl - ok
    20:38:07.0607 6292 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
    20:38:07.0638 6292 wscsvc - ok
    20:38:07.0638 6292 WSearch - ok
    20:38:07.0701 6292 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:38:07.0701 6292 WUDFRd - ok
    20:38:07.0732 6292 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:38:07.0732 6292 wudfsvc - ok
    20:38:07.0857 6292 [ 74EC37B9EAF9FCA015B933A526825C7A ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
    20:38:07.0857 6292 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
    20:38:07.0872 6292 ================ Scan global ===============================
    20:38:07.0935 6292 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    20:38:07.0997 6292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    20:38:08.0013 6292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    20:38:08.0184 6292 [ 1C5A8277AA91E44684772C950C892AE2 ] C:\Windows\system32\services.exe
    20:38:08.0216 6292 [Global] - ok
    20:38:08.0216 6292 ================ Scan MBR ==================================
    20:38:08.0247 6292 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
    20:38:09.0885 6292 \Device\Harddisk0\DR0 - ok
    20:38:09.0885 6292 ================ Scan VBR ==================================
    20:38:09.0916 6292 [ FD92C1663E26233F86DFB030E2D665E3 ] \Device\Harddisk0\DR0\Partition1
    20:38:09.0947 6292 \Device\Harddisk0\DR0\Partition1 - ok
    20:38:09.0978 6292 [ 1CF2E19327585DDCD223A5063A1FD7F5 ] \Device\Harddisk0\DR0\Partition2
    20:38:10.0025 6292 \Device\Harddisk0\DR0\Partition2 - ok
    20:38:10.0025 6292 ============================================================
    20:38:10.0025 6292 Scan finished
    20:38:10.0025 6292 ============================================================
    20:38:10.0088 8096 Detected object count: 0

    20:38:10.0088 8096 Actual detected object count: 0
  11. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  12. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni - thanks for your help

    Have followed your instructions but am not making any progress - unable to run FRST from flashdrive - all I can see is a page of symbols

    Shall I leave computer running ?

    Thanks again
  13. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    At what exact point are you stuck?
  14. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni - thanks

    I'm here - In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.

    When I press Enter all I can see is a page full of symbols and random letters - FRST doesn't appear to be running - the disclaimer doesn't appear
  15. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    Should I send you a screenshot of what I can see ?
  16. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Try different flash drive.
  17. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    I'm having a nightmare - I've tried using a different flashdrive - no success
    My computer is now shutting down / restarting / shutting down / restarting automatically
    Help!
  18. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    In between the computer shutting down / restarting I managed to try another attempt to run FRST - after pressing Enter at 'In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter' , I still get a page of symblos / random letters - but I can see in the top line: ' this program cannot be run in DOS mode '
  19. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    I noticed an error message which pointed at Norton 360 causing a problem - I uninstalled Norton

    My apologies for not following your instructions but the computer has stabilized and is not continually shutting down / restarting

    Awaiting your advice

    Thanks for your help
  20. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Are you booting to System Recovery Options or you're trying to boot to Windows?

    Do you have Vista DVD?
  21. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Hi Broni

    I have been booting to System Recovery Options after tapping F8 to get the Advanced Boot Options - I could see the FRST file on my flash in the 'OPEN' box but couldn't run it by typing F:\FRST. However, I was able to run FRST by right clicking on the file in the 'OPEN' box and then running it.

    I do not have Vista DVD

    Here are the two logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2012
    Ran by SYSTEM at 15-09-2012 10:03:29
    Running from F:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
    HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
    HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
    HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
    HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
    HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1219316984\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
    HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2008-06-02] (Intel Corporation)
    HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-01-10] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8530464 2008-01-10] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-01-10] (NVIDIA Corporation)
    HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1988608 2012-07-04] (Alcatel-Lucent)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-10-02] (Google)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
    HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
    HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-14] (RealNetworks, Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
    HKU\Mark\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
    HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
    HKU\Mark\...\Run: [Power2GoExpress] [x]
    HKU\Mark\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-03-09] (TomTom)
    HKU\Mark\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-11-19] (Google Inc.)
    HKU\Mark\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Mark\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
    HKU\Mark\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
    HKU\Mark\...\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.0; EasyBits GO v1.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; AskTbSPC2/5.9.1.14019)" -"http://www.gamepuma.com/shockwave-games/Driver-s-ED.html" [460216 2008-11-24] (Adobe Systems, Inc.)
    HKU\Mark\...\Policies\system: [DisableLockWorkstation] 0
    HKU\Mark\...\Policies\system: [DisableChangePassword] 0
    HKU\Mark\...\Winlogon: [Shell] explorer.exe [x]
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\Parameters: [NameServer] 208.67.220.220,208.67.222.222
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Services ================================

    2 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
    2 ezntsvc; C:\Windows\system32\ezNTSvc.exe [33792 2008-08-21] (EasyBits Software Corp.)
    2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-22] (Lavasoft Limited)
    2 NCO; "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe" /s "NCO" /m "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
    2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

    ==================== Drivers =================================

    1 ccSet_NST; C:\Windows\system32\drivers\NST\7DC06030.002\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
    3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
    3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-11-03] ()
    0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-11-03] (Lavasoft AB)
    3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-04-12] (VSO Software)
    0 SMR310; C:\Windows\System32\drivers\SMR310.SYS [97440 2012-09-09] (Symantec Corporation)
    1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2011-05-31] ()
    3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
    0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
    3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
    0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

    ==================== NetSvcs (Whitelisted) =================


    ============ One Month Created Files and Folders ==============

    2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
    2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
    2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Windows\System32\Drivers\NST
    2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Program Files\Norton Identity Safe
    2012-09-13 10:54 - 2012-09-13 10:55 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
    2012-09-13 10:51 - 2012-09-13 14:02 - 00000000 ____D C:\NBRT
    2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
    2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
    2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
    2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
    2012-09-13 10:16 - 2012-09-13 10:17 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
    2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
    2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
    2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
    2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
    2012-09-13 07:57 - 2012-09-13 07:58 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
    2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
    2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
    2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
    2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
    2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
    2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
    2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
    2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
    2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
    2012-09-13 01:23 - 2012-09-13 01:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
    2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
    2012-09-13 00:20 - 2012-09-13 00:21 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
    2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
    2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
    2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\CrashDumps
    2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\CrashDumps
    2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
    2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
    2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
    2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
    2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
    2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\Application Data\Malwarebytes
    2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
    2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
    2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\SMR310
    2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\Application Data\SMR310
    2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
    2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
    2012-09-08 09:52 - 2012-09-08 09:55 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-09-08 08:16 - 2012-09-08 08:16 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
    2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizard
    2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Program Files\Norton Bootable Recovery Tool Wizard
    2012-09-08 06:29 - 2012-07-25 21:32 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
    2012-09-08 06:12 - 2012-09-09 00:11 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
    2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
    2012-09-08 05:52 - 2012-09-13 10:36 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
    2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
    2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
    2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
    2012-09-07 13:04 - 2012-09-07 13:04 - 00000000 ____D C:\Windows\System32\N360_BACKUP
    2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\NPE
    2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NPE
    2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\AppData\Local\NPE
    2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
    2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\My Documents\Symantec
    2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\Documents\Symantec
    2012-09-07 10:09 - 2012-09-08 06:27 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2012-09-07 09:31 - 2012-09-07 10:47 - 00000000 ____D C:\Users\Mark\Sources
    2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
    2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\NokiaAccount
    2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NokiaAccount
    2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\AppData\Local\NokiaAccount
    2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
    2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\My Documents\NPS
    2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\Documents\NPS
    2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
    2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
    2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\MediaShow
    2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaShow
    2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaShow
    2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
    2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
    2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Power2Go8
    2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Power2Go8
    2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\AppData\Local\Power2Go8
    2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Public\Documents\CyberLink
    2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\MediaServer
    2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaServer
    2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaServer
    2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\PDVD
    2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Documents\CyberLink
    2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Application Data\PDVD
    2012-08-22 07:58 - 2012-08-22 07:58 - 00000000 ____D C:\Program Files\Common Files\CyberLink
    2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Cyberlink
    2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Cyberlink
    2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\AppData\Local\Cyberlink
    2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\install_clap
    2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\Application Data\install_clap
    2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\CLSK
    2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\Application Data\CLSK
    2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
    2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
    2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
    2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps


    ============ 3 Months Modified Files ========================

    2012-09-15 00:54 - 2006-11-02 05:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-15 00:54 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-15 00:54 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-15 00:54 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-15 00:44 - 2009-12-26 12:14 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-15 00:43 - 2012-07-25 01:00 - 00023867 ____A C:\aaw7boot.log
    2012-09-15 00:35 - 2012-07-24 11:30 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
    2012-09-15 00:25 - 2009-12-26 12:14 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-14 14:34 - 2012-03-30 23:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-14 11:36 - 2012-07-24 11:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
    2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
    2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
    2012-09-13 12:04 - 2008-08-20 02:58 - 01635992 ____A C:\Windows\PFRO.log
    2012-09-13 10:55 - 2012-09-13 10:54 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
    2012-09-13 10:54 - 2008-09-17 10:15 - 271553641 ____A C:\Windows\MEMORY.DMP
    2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
    2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
    2012-09-13 10:36 - 2012-09-08 05:52 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
    2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
    2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
    2012-09-13 10:17 - 2012-09-13 10:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
    2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
    2012-09-13 09:50 - 2006-11-02 04:47 - 00070656 _____ C:\Windows\System32\umstartup.etl
    2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
    2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
    2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
    2012-09-13 07:58 - 2012-09-13 07:57 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
    2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
    2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
    2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
    2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
    2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
    2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
    2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
    2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
    2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
    2012-09-13 01:24 - 2012-09-13 01:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
    2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
    2012-09-13 00:21 - 2012-09-13 00:20 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
    2012-09-12 01:54 - 2011-11-26 04:25 - 00000064 ____A C:\Windows\System32\rp_stats.dat
    2012-09-12 01:54 - 2011-11-26 04:25 - 00000044 ____A C:\Windows\System32\rp_rules.dat
    2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\Application Data\wklnhst.dat
    2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\AppData\Roaming\wklnhst.dat
    2012-09-12 01:14 - 2009-02-22 12:11 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
    2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
    2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
    2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
    2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
    2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
    2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
    2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
    2012-09-09 00:11 - 2012-09-08 06:12 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
    2012-09-08 23:52 - 2011-10-21 04:58 - 00009024 ____A C:\Windows\IE9_main.log
    2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
    2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\GDIPFONTCACHEV1.DAT
    2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-08 23:28 - 2006-11-02 04:47 - 00285328 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-08 12:58 - 2006-11-02 02:22 - 59506688 ____A C:\Windows\System32\config\software_previous
    2012-09-08 12:58 - 2006-11-02 02:22 - 18874368 ____A C:\Windows\System32\config\system_previous
    2012-09-08 12:43 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\components_previous
    2012-09-08 12:43 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
    2012-09-08 09:55 - 2012-09-08 09:52 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-09-08 08:21 - 2009-09-24 08:59 - 00282624 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
    2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
    2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
    2012-09-08 05:51 - 2008-08-20 03:14 - 00095736 ____A C:\Windows\DPINST.LOG
    2012-09-08 05:50 - 2006-11-02 02:23 - 00000324 ____A C:\Windows\win.ini
    2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
    2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
    2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
    2012-09-08 03:40 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
    2012-09-08 03:40 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
    2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
    2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
    2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
    2012-09-01 13:35 - 2009-04-10 07:49 - 00001057 ____A C:\Users\Mark\Application Data\vso_ts_preview.xml
    2012-09-01 13:35 - 2009-04-10 07:49 - 00001057 ____A C:\Users\Mark\AppData\Roaming\vso_ts_preview.xml
    2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-27 03:10 - 2012-03-30 23:50 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-27 03:10 - 2011-06-17 23:55 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
    2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
    2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
    2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
    2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
    2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps
    2012-07-31 08:07 - 2006-11-02 04:52 - 00069228 ____A C:\Windows\setupact.log
    2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\Application Data\Rim.Desktop.HttpServerSetup.log
    2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
    2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\All Users\Desktop\BlackBerry Desktop Software.lnk
    2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\Application Data\Rim.Desktop.Exception.log
    2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
    2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\Application Data\Rim.DesktopHelper.Exception.log
    2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\My Documents\carpark cardiff.wps
    2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\Documents\carpark cardiff.wps
    2012-07-30 09:57 - 2008-04-28 06:04 - 01215626 ____A C:\Windows\WindowsUpdate.log
    2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\My Documents\sara 429.xlr
    2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\Documents\sara 429.xlr
    2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\My Documents\Nirvana.p2g
    2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\Documents\Nirvana.p2g
    2012-07-25 21:32 - 2012-09-08 06:29 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-07-25 21:32 - 2010-11-16 12:17 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
    2012-07-24 11:45 - 2012-07-24 11:22 - 00020969 ____A C:\INSTALLHELPER.LOG
    2012-07-24 11:45 - 2012-07-24 11:22 - 00003982 ____A C:\alotserviceruntime.log
    2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\My Documents\Asda socket set.wps
    2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\Documents\Asda socket set.wps
    2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\My Documents\Ryanair cancellation.wps
    2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\Documents\Ryanair cancellation.wps
    2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\My Documents\apodo flight.wps
    2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\Documents\apodo flight.wps
    2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\My Documents\Holiday Inn Kenilworth.wps
    2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\Documents\Holiday Inn Kenilworth.wps
    2012-06-18 08:56 - 2012-06-18 08:56 - 00018944 ____A C:\Users\Mark\My Documents\Sara letter homework.wps
    2012-06-18 08:56 - 2012-06-18 08:56 - 00018944 ____A C:\Users\Mark\Documents\Sara letter homework.wps


    ZeroAccess:
    C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}
    C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}\U

    ZeroAccess:
    C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}
    C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-03 05:44:39
    Restore point made on: 2012-09-04 02:27:04
    Restore point made on: 2012-09-05 03:23:05
    Restore point made on: 2012-09-06 02:47:45
    Restore point made on: 2012-09-07 00:00:45
    Restore point made on: 2012-09-07 08:50:18
    Restore point made on: 2012-09-07 08:51:24
    Restore point made on: 2012-09-07 09:12:39
    Restore point made on: 2012-09-07 09:49:41
    Restore point made on: 2012-09-07 09:52:26
    Restore point made on: 2012-09-07 09:55:16
    Restore point made on: 2012-09-08 04:55:28
    Restore point made on: 2012-09-08 05:31:03
    Restore point made on: 2012-09-08 05:31:59
    Restore point made on: 2012-09-08 05:32:57
    Restore point made on: 2012-09-08 05:33:43
    Restore point made on: 2012-09-08 05:35:25
    Restore point made on: 2012-09-08 05:36:31
    Restore point made on: 2012-09-08 05:37:37
    Restore point made on: 2012-09-08 05:39:00
    Restore point made on: 2012-09-08 05:39:59
    Restore point made on: 2012-09-08 05:42:24
    Restore point made on: 2012-09-08 05:43:53
    Restore point made on: 2012-09-08 05:45:12
    Restore point made on: 2012-09-08 05:46:13
    Restore point made on: 2012-09-08 05:47:35
    Restore point made on: 2012-09-08 05:48:31
    Restore point made on: 2012-09-08 05:49:35
    Restore point made on: 2012-09-08 13:57:43
    Restore point made on: 2012-09-09 07:12:43
    Restore point made on: 2012-09-09 07:16:55
    Restore point made on: 2012-09-10 01:47:13
    Restore point made on: 2012-09-11 23:50:00
    Restore point made on: 2012-09-13 12:17:53
    Restore point made on: 2012-09-14 09:16:37
    Restore point made on: 2012-09-14 09:20:38

    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 4094.5 MB
    Available physical RAM: 3492.7 MB
    Total Pagefile: 3762.31 MB
    Available Pagefile: 3565.04 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1990.14 MB

    ==================== Partitions ============================

    1 Drive c: (HP) (Fixed) (Total:455.51 GB) (Free:182.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.25 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (Cruzer) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 1528 KB
    Disk 1 Online 1912 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 456 GB 32 KB
    Partition 2 Primary 10 GB 456 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C HP NTFS Partition 456 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 D FACTORY_IMA NTFS Partition 10 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1908 MB 65 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 F Cruzer FAT Removable 1908 MB Healthy

    ==================================================================================

    Last Boot: 2012-09-15 00:51

    ==================== End Of Log =============================





    Farbar Recovery Scan Tool (x86) Version: 12-09-2012
    Ran by SYSTEM at 2012-09-15 10:18:12
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-09-24 08:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-08-29 04:32] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
    [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

    C:\Windows\System32\services.exe
    [2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

    === End Of Search ===

    Thanks Broni

    Awaiting your instructions
  22. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Good job :)

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Attached Files:

  23. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Thanks Broni

    Here's the Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2012
    Ran by SYSTEM at 2012-09-15 18:52:44 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2} moved successfully.
    C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  24. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Good :)

    Create new restore point before proceeding with the following....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  25. Tobydog

    Tobydog Newcomer, in training Topic Starter Posts: 44

    Thanks Broni

    Please tell me more about creating a new restore point


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.