Solved Hi - TrojanZeroAccessinf - please bail me out!

Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi Broni

Thank you for helping me

Below are the logs from MBAM, GMER and DDS

Awaiting your instructions - thanks again

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.09.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark :: MARK-PC [administrator]
Protection: Enabled
09/09/2012 17:13:42
mbam-log-2012-09-09 (17-13-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207433
Time elapsed: 8 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Data: C:\Users\Mark\AppData\Roaming\csrss.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:50370 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Files Detected: 5
C:\Users\Mark\Downloads\Zwinky (1).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Mark\Downloads\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Mark\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
(end)

2012/09/09 17:11:37 +0100 MARK-PC Mark MESSAGE Starting protection
2012/09/09 17:11:39 +0100 MARK-PC Mark MESSAGE Protection started successfully
2012/09/09 17:11:42 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 17:11:44 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
2012/09/09 17:11:47 +0100 MARK-PC Mark MESSAGE Starting database refresh
2012/09/09 17:11:47 +0100 MARK-PC Mark MESSAGE Stopping IP protection
2012/09/09 17:11:49 +0100 MARK-PC Mark MESSAGE IP Protection stopped
2012/09/09 17:11:51 +0100 MARK-PC Mark MESSAGE Database refreshed successfully
2012/09/09 17:11:51 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 17:11:53 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
2012/09/09 17:56:18 +0100 MARK-PC Mark MESSAGE Starting protection
2012/09/09 17:56:20 +0100 MARK-PC Mark MESSAGE Protection started successfully
2012/09/09 17:56:23 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 17:56:25 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
2012/09/09 18:15:57 +0100 MARK-PC Mark MESSAGE Starting protection
2012/09/09 18:15:59 +0100 MARK-PC Mark MESSAGE Protection started successfully
2012/09/09 18:16:02 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 18:16:05 +0100 MARK-PC Mark MESSAGE IP Protection started successfully

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-09 18:34:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.GM4O
Running: lwg7ygib.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kwldypoc.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----



.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Mark at 18:40:19 on 2012-09-09

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.voover.com/

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\20.1.1.2\coIEPlg.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\20.1.1.2\ips\IPSBHO.DLL

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AOL Broadband Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\20.1.1.2\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Power2GoExpress]

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Power2GoExpress8] "c:\program files\cyberlink\power2go8\Power2GoExpress8.exe"

uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup

uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.0; EasyBits GO v1.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; AskTbSPC2/5.9.1.14019)" -"http://www.gamepuma.com/shockwave-games/Driver-s-ED.html"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [HostManager] c:\program files\common files\aol\1219316984\ee\AOLSoftware.exe

mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [CLMLServer_For_P2G8] "c:\program files\cyberlink\power2go8\CLMLSvc_P2G8.exe"

mRun: [CLVirtualDrive] "c:\program files\cyberlink\power2go8\VirtualDrive.exe" /R

mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"

mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-gb\local\search.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 208.67.220.220,208.67.222.222

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{DF935B54-EE05-4BDB-BF19-E742BFB044C4} : DhcpNameServer = 192.168.1.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-09-09 16:11:18 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes

2012-09-09 16:11:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-09 16:11:03 -------- d-----w- c:\programdata\Malwarebytes

2012-09-09 16:11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-09 08:11:27 -------- d-----w- c:\programdata\SMR310

2012-09-09 08:11:09 97440 ----a-w- c:\windows\system32\drivers\SMR310.SYS

2012-09-08 16:16:38 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-08 14:29:41 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-08 14:29:12 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0501000.01A

2012-09-08 14:29:12 -------- d-----w- c:\windows\system32\drivers\NBRTWizard

2012-09-08 14:29:10 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard

2012-09-08 14:19:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-09-08 14:19:07 -------- d-----w- c:\program files\Symantec

2012-09-08 14:18:31 926880 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys

2012-09-08 14:18:31 368288 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys

2012-09-08 14:18:31 350368 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symtdiv.sys

2012-09-08 14:18:31 338592 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys

2012-09-08 14:18:31 32888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtspx.sys

2012-09-08 14:18:31 21400 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymELAM.sys

2012-09-08 14:18:30 585888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys

2012-09-08 14:18:30 175264 ----a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys

2012-09-08 14:18:30 134304 ----a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys

2012-09-08 14:18:19 8942 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymVTcer.dat

2012-09-08 14:18:18 -------- d-----w- c:\windows\system32\drivers\n360\1401010.002

2012-09-08 14:18:18 -------- d-----w- c:\windows\system32\drivers\N360

2012-09-07 21:04:20 -------- d-----w- c:\windows\system32\N360_BACKUP

2012-09-07 19:02:06 -------- d-----w- c:\users\mark\appdata\local\NPE

2012-09-07 18:26:33 -------- d-----w- c:\program files\Norton 360

2012-09-07 18:26:16 -------- d-----w- c:\programdata\NortonInstaller

2012-09-07 18:26:16 -------- d-----w- c:\program files\NortonInstaller

2012-09-07 17:31:23 -------- d-----w- c:\users\mark\Sources

2012-09-07 17:09:30 -------- d-----w- c:\users\mark\appdata\local\NokiaAccount

2012-08-23 09:29:59 -------- d-----w- c:\users\mark\appdata\local\MediaShow

2012-08-23 08:03:17 -------- d-----w- c:\users\mark\appdata\local\Power2Go8

2012-08-22 16:04:14 -------- d-----w- c:\users\mark\appdata\local\MediaServer

2012-08-22 16:04:11 -------- d-----w- c:\programdata\PDVD

2012-08-22 15:59:05 73712 ----a-w- c:\windows\system32\drivers\CLVirtualDrive.sys

2012-08-22 15:58:54 -------- d-----w- c:\program files\common files\CyberLink

2012-08-22 15:54:16 -------- d-----w- c:\users\mark\appdata\local\Cyberlink

2012-08-22 15:51:42 -------- d-----w- c:\programdata\install_clap

2012-08-22 15:47:38 -------- d-----w- c:\programdata\CLSK

.

==================== Find3M ====================

.

2012-09-08 16:21:38 282624 ----a-w- c:\windows\system32\services.exe

2012-08-27 11:10:29 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-27 11:10:29 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-26 05:32:24 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

============= FINISH: 18:43:47.44 ===============
 

 

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Ad-Aware

Ad-Aware Security Toolbar

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11

AIO_Scan

Amazon MP3 Downloader 1.0.4

AOL Broadband Toolbar 5.0

AOL Registration

AOL Toolbar 5.0

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Art Effects for PDR10

µTorrent

BBC iPlayer Desktop

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 7.1

Bonjour

BT Desktop Help

BTHomeHub

BufferChm

C4200

C4200_doccd

c4200_Help

Cards_Calendar_OrderGift_DoMorePlugout

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 3.5.3.139

ConvertXtoDVD 4.1.9.347

Copy

CyberLink LabelPrint 2.5

CyberLink Media Suite 10

CyberLink MediaEspresso 6.5

CyberLink MediaShow 6

CyberLink OEM Share Pack 2

CyberLink Power2Go 8

CyberLink PowerBackup 2.6

CyberLink PowerDirector 10

CyberLink PowerDVD 12

CyberLink PowerDVD Copy 1.5

CyberLink PowerProducer 5.5

CyberLink WaveEditor 2

D3DX10

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

EasyBits Magic Desktop

Enhanced Multimedia Keyboard Solution

eSupportQFolder

Google Chrome

Google Earth

Google Toolbar for Firefox

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToAssist Corporate

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Advisor

HP Customer Experience Enhancements

HP Customer Feedback

HP Easy Setup - Frontend

HP Games

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Product Assistant

HP Smart Web Printing 4.60

HP Solution Center 9.0

HP Update

HPDiagnosticAlert

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

iCloud

Intel(R) Matrix Storage Manager

iTunes

Java Auto Updater

Java(TM) 6 Update 31

Java(TM) SE Runtime Environment 6 Update 1

Junk Mail filter update

LEGO Digital Designer

LightScribe System Software

Malwarebytes Anti-Malware version 1.62.0.1300

MarketingReg

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Home and Student 60 day trial

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVC80_x86

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton 360

Norton Bootable Recovery Tool Wizard

NVIDIA Drivers

OEM Share Pack

OGA Notifier 2.0.0048.0

PC Connectivity Solution

Power2Go

PowerDirector

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

Python 2.5

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RTC Client API v1.2

Safari

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Segoe UI

SmartWebPrinting

Softease Browser

SolutionCenter

Status

TomTom HOME 2.8.1.2218

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Vanilla and Chocolate

VideoToolkit01

Viewpoint Media Player

VLC media player 1.1.11

WebReg

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Hi Broni

I have tried to download RogueKiller as above but keep getting the following message

'RogueKiller.exe / Winlogon.exe / Winlogon.com is unsafe to download and was blocked by SmartScreen Filter'
 
Thanks Broni

Here are the logs from RogueKiller and aswMBR

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mark [Admin rights]
Mode : Scan -- Date : 09/09/2012 19:57:19
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-AJR0M.exe" /REG /REGSVRMODE) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}\U --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x820D15C3 -> HOOKED (Unknown @ 0x88096C88)
SSDT[14] : NtAlertThread @ 0x8204A255 -> HOOKED (Unknown @ 0x88096D68)
SSDT[18] : NtAllocateVirtualMemory @ 0x820864FB -> HOOKED (Unknown @ 0x87FE56E0)
SSDT[21] : NtAlpcConnectPort @ 0x82028887 -> HOOKED (Unknown @ 0x87ED0F70)
SSDT[42] : NtAssignProcessToJobObject @ 0x81FFBB43 -> HOOKED (Unknown @ 0x88096430)
SSDT[67] : NtCreateMutant @ 0x8205E812 -> HOOKED (Unknown @ 0x880969D8)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x81FFE35A -> HOOKED (Unknown @ 0x88096150)
SSDT[78] : NtCreateThread @ 0x820CFBE0 -> HOOKED (Unknown @ 0x87FE5BE8)
SSDT[116] : NtDebugActiveProcess @ 0x820A2D22 -> HOOKED (Unknown @ 0x88096510)
SSDT[129] : NtDuplicateObject @ 0x82036551 -> HOOKED (Unknown @ 0x87FE58B0)
SSDT[147] : NtFreeVirtualMemory @ 0x81EC2F1D -> HOOKED (Unknown @ 0x87FE5498)
SSDT[156] : NtImpersonateAnonymousToken @ 0x81FF8F12 -> HOOKED (Unknown @ 0x88096AC8)
SSDT[158] : NtImpersonateThread @ 0x8200E54F -> HOOKED (Unknown @ 0x88096BA8)
SSDT[165] : NtLoadDriver @ 0x81FA9DEE -> HOOKED (Unknown @ 0x87ED0BB8)
SSDT[177] : NtMapViewOfSection @ 0x8204E89A -> HOOKED (Unknown @ 0x87FE5398)
SSDT[184] : NtOpenEvent @ 0x82037DCF -> HOOKED (Unknown @ 0x880968F8)
SSDT[194] : NtOpenProcess @ 0x8205EFAE -> HOOKED (Unknown @ 0x87FE5A90)
SSDT[195] : NtOpenProcessToken @ 0x8203FA2E -> HOOKED (Unknown @ 0x87FE57D0)
SSDT[197] : NtOpenSection @ 0x8204F66D -> HOOKED (Unknown @ 0x88096738)
SSDT[201] : NtOpenThread @ 0x8205A4FF -> HOOKED (Unknown @ 0x87FE59A0)
SSDT[210] : NtProtectVirtualMemory @ 0x820582E2 -> HOOKED (Unknown @ 0x88096340)
SSDT[282] : NtResumeThread @ 0x82059B4A -> HOOKED (Unknown @ 0x88096E48)
SSDT[289] : NtSetContextThread @ 0x820D106F -> HOOKED (Unknown @ 0x87FE50E8)
SSDT[305] : NtSetInformationProcess @ 0x820528C8 -> HOOKED (Unknown @ 0x87FE51C8)
SSDT[317] : NtSetSystemInformation @ 0x82024EEB -> HOOKED (Unknown @ 0x880965F0)
SSDT[330] : NtSuspendProcess @ 0x820D14FF -> HOOKED (Unknown @ 0x88096818)
SSDT[331] : NtSuspendThread @ 0x81FD892B -> HOOKED (Unknown @ 0x88096F28)
SSDT[334] : NtTerminateProcess @ 0x8202F143 -> HOOKED (Unknown @ 0x87FE5CE8)
SSDT[335] : unknown @ 0x8205A534 -> HOOKED (Unknown @ 0x87FE5048)
SSDT[348] : NtUnmapViewOfSection @ 0x8204EB5D -> HOOKED (Unknown @ 0x87FE52B8)
SSDT[358] : NtWriteVirtualMemory @ 0x8204B92D -> HOOKED (Unknown @ 0x87FE5588)
SSDT[382] : NtCreateThreadEx @ 0x82059FE9 -> HOOKED (Unknown @ 0x88096240)
S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x87159640)
S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x87ED0D70)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x87158390)
S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x880B5998)
S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x8882C7E8)
S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8882CF78)
S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8882C580)
S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8882C4B0)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x880AEAC0)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x86F49C80)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 832a299e0aa7d5dab4d1a2c09a18e8e4
[BSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466441 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955273095 | Size: 10495 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-09 20:00:57
-----------------------------
20:00:57.184 OS Version: Windows 6.0.6002 Service Pack 2
20:00:57.184 Number of processors: 4 586 0xF0B
20:00:57.194 ComputerName: MARK-PC UserName: Mark
20:00:59.611 Initialize success
20:02:02.360 AVAST engine defs: 12090900
20:02:19.004 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:02:19.004 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
20:02:19.036 Disk 0 MBR read successfully
20:02:19.036 Disk 0 MBR scan
20:02:19.036 Disk 0 unknown MBR code
20:02:19.051 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466441 MB offset 63
20:02:19.082 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10495 MB offset 955273095
20:02:19.082 Disk 0 scanning sectors +976768065
20:02:19.145 Disk 0 scanning C:\Windows\system32\drivers
20:02:37.163 Service scanning
20:03:10.682 Modules scanning
20:03:41.794 Disk 0 trace - called modules:
20:03:41.832 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:03:41.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86645340]
20:03:41.844 3 CLASSPNP.SYS[8b1ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8546e030]
20:03:45.086 AVAST engine scan C:\Windows
20:03:57.401 AVAST engine scan C:\Windows\system32
20:10:16.470 AVAST engine scan C:\Windows\system32\drivers
20:11:01.373 AVAST engine scan C:\Users\Mark
20:12:40.023 File: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000324 **INFECTED** Win32:Adware-gen [Adw]
20:17:44.605 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
20:17:44.615 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Hi Broni

Here's the TDSSKiller log - in 2 parts due to size

20:36:08.0845 7096 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:36:10.0879 7096 ============================================================
20:36:10.0879 7096 Current date / time: 2012/09/09 20:36:10.0879
20:36:10.0879 7096 SystemInfo:
20:36:10.0879 7096
20:36:10.0879 7096 OS Version: 6.0.6002 ServicePack: 2.0
20:36:10.0879 7096 Product type: Workstation
20:36:10.0879 7096 ComputerName: MARK-PC
20:36:10.0879 7096 UserName: Mark
20:36:10.0879 7096 Windows directory: C:\Windows
20:36:10.0879 7096 System windows directory: C:\Windows
20:36:10.0879 7096 Processor architecture: Intel x86
20:36:10.0879 7096 Number of processors: 4
20:36:10.0879 7096 Page size: 0x1000
20:36:10.0879 7096 Boot type: Normal boot
20:36:10.0879 7096 ============================================================
20:36:13.0845 7096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:36:13.0915 7096 ============================================================
20:36:13.0915 7096 \Device\Harddisk0\DR0:
20:36:13.0925 7096 MBR partitions:
20:36:13.0925 7096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38F04F48
20:36:13.0925 7096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38F04F87, BlocksNum 0x147FCBA
20:36:13.0925 7096 ============================================================
20:36:14.0075 7096 C: <-> \Device\Harddisk0\DR0\Partition1
20:36:14.0165 7096 D: <-> \Device\Harddisk0\DR0\Partition2
20:36:14.0235 7096 ============================================================
20:36:14.0255 7096 Initialize success
20:36:14.0255 7096 ============================================================
20:37:34.0660 6292 ============================================================
20:37:34.0660 6292 Scan started
20:37:34.0660 6292 Mode: Manual;
20:37:34.0660 6292 ============================================================
20:37:38.0123 6292 ================ Scan system memory ========================
20:37:38.0123 6292 System memory - ok
20:37:38.0123 6292 ================ Scan services =============================
20:37:38.0903 6292 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:37:38.0919 6292 ACPI - ok
20:37:39.0044 6292 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:37:39.0044 6292 AdobeARMservice - ok
20:37:39.0137 6292 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:37:39.0137 6292 AdobeFlashPlayerUpdateSvc - ok
20:37:39.0215 6292 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:37:39.0215 6292 adp94xx - ok
20:37:39.0293 6292 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:37:39.0309 6292 adpahci - ok
20:37:39.0356 6292 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:37:39.0356 6292 adpu160m - ok
20:37:39.0402 6292 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:37:39.0402 6292 adpu320 - ok
20:37:39.0496 6292 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:37:39.0496 6292 AeLookupSvc - ok
20:37:39.0636 6292 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:37:39.0652 6292 AFD - ok
20:37:39.0699 6292 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:37:39.0714 6292 agp440 - ok
20:37:39.0777 6292 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:37:39.0777 6292 aic78xx - ok
20:37:39.0824 6292 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:37:39.0839 6292 ALG - ok
20:37:39.0870 6292 [ C392B591746961B60F89FE1CBCA7B4FB ] aliide C:\Windows\system32\drivers\aliide.sys
20:37:39.0870 6292 aliide - ok
20:37:39.0886 6292 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:37:39.0886 6292 amdagp - ok
20:37:39.0917 6292 [ F5F8D2885D1DF33C74764EA2C06C0028 ] amdide C:\Windows\system32\drivers\amdide.sys
20:37:39.0917 6292 amdide - ok
20:37:39.0933 6292 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:37:39.0933 6292 AmdK7 - ok
20:37:39.0980 6292 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:37:40.0011 6292 AmdK8 - ok
20:37:40.0104 6292 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
20:37:40.0104 6292 AOL ACS - ok
20:37:40.0136 6292 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:37:40.0136 6292 Appinfo - ok
20:37:40.0198 6292 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:37:40.0229 6292 Apple Mobile Device - ok
20:37:40.0245 6292 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
20:37:40.0245 6292 arc - ok
20:37:40.0307 6292 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:37:40.0307 6292 arcsas - ok
20:37:40.0354 6292 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:37:40.0354 6292 AsyncMac - ok
20:37:40.0370 6292 [ BFD3DF48C9ED81934FE21E8E3CFC2496 ] atapi C:\Windows\system32\drivers\atapi.sys
20:37:40.0385 6292 atapi - ok
20:37:40.0448 6292 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:37:40.0448 6292 AudioEndpointBuilder - ok
20:37:40.0448 6292 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:37:40.0463 6292 Audiosrv - ok
20:37:40.0494 6292 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:37:40.0494 6292 Beep - ok
20:37:40.0510 6292 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:37:40.0526 6292 BFE - ok
20:37:41.0477 6292 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
20:37:41.0493 6292 BHDrvx86 - ok
20:37:41.0508 6292 blbdrive - ok
20:37:41.0618 6292 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:37:41.0649 6292 Bonjour Service - ok
20:37:41.0727 6292 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:37:41.0727 6292 bowser - ok
20:37:41.0758 6292 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:37:41.0758 6292 BrFiltLo - ok
20:37:41.0789 6292 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:37:41.0789 6292 BrFiltUp - ok
20:37:41.0820 6292 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:37:41.0820 6292 Browser - ok
20:37:41.0867 6292 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:37:41.0867 6292 Brserid - ok
20:37:41.0914 6292 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:37:41.0945 6292 BrSerWdm - ok
20:37:41.0976 6292 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:37:41.0976 6292 BrUsbMdm - ok
20:37:41.0992 6292 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:37:41.0992 6292 BrUsbSer - ok
20:37:42.0023 6292 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:37:42.0023 6292 BTHMODEM - ok
20:37:42.0148 6292 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_N360 C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys
20:37:42.0148 6292 ccSet_N360 - ok
20:37:42.0210 6292 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:37:42.0210 6292 cdfs - ok
20:37:42.0288 6292 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:37:42.0288 6292 cdrom - ok
20:37:42.0398 6292 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:37:42.0398 6292 CertPropSvc - ok
20:37:42.0507 6292 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
20:37:42.0507 6292 circlass - ok
20:37:42.0585 6292 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:37:42.0585 6292 CLFS - ok
20:37:42.0912 6292 [ 2BD10F37E6122D91697A13EF17B18087 ] CLHNServiceForPowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
20:37:42.0944 6292 CLHNServiceForPowerDVD12 - ok
20:37:43.0022 6292 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:43.0053 6292 clr_optimization_v2.0.50727_32 - ok
20:37:43.0256 6292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:37:43.0318 6292 clr_optimization_v4.0.30319_32 - ok
20:37:43.0396 6292 [ 657C94FAC8C4B5CE0AA338A361E01E87 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
20:37:43.0396 6292 CLVirtualDrive - ok
20:37:43.0412 6292 [ 78D56FE738F63D7FEFCC7B396C5DCB67 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:37:43.0412 6292 cmdide - ok
20:37:43.0443 6292 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:37:43.0443 6292 Compbatt - ok
20:37:43.0443 6292 COMSysApp - ok
20:37:43.0458 6292 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:37:43.0474 6292 crcdisk - ok
20:37:43.0505 6292 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:37:43.0505 6292 Crusoe - ok
20:37:43.0568 6292 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:37:43.0568 6292 CryptSvc - ok
20:37:43.0630 6292 [ 8EB5F4EA0EC0535A18CEE819E2A8DB86 ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
20:37:43.0646 6292 CyberLink PowerDVD 12 Media Server Monitor Service - ok
20:37:43.0692 6292 [ DD9374D59CF4C850C4B211B498676CD2 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
20:37:43.0692 6292 CyberLink PowerDVD 12 Media Server Service - ok
20:37:43.0770 6292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:37:43.0786 6292 DcomLaunch - ok
20:37:43.0833 6292 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:37:43.0864 6292 DfsC - ok
20:37:44.0098 6292 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:37:44.0129 6292 DFSR - ok
20:37:44.0160 6292 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:37:44.0160 6292 Dhcp - ok
20:37:44.0254 6292 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:37:44.0285 6292 disk - ok
20:37:44.0363 6292 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:37:44.0394 6292 Dnscache - ok
20:37:44.0426 6292 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:37:44.0426 6292 dot3svc - ok
20:37:44.0504 6292 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:37:44.0504 6292 Dot4 - ok
20:37:44.0535 6292 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:37:44.0535 6292 Dot4Print - ok
20:37:44.0566 6292 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:37:44.0566 6292 dot4usb - ok
20:37:44.0597 6292 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:37:44.0597 6292 DPS - ok
20:37:44.0644 6292 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:37:44.0644 6292 drmkaud - ok
20:37:44.0925 6292 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:37:44.0956 6292 DXGKrnl - ok
20:37:45.0034 6292 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:37:45.0034 6292 E1G60 - ok
20:37:45.0081 6292 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:37:45.0081 6292 EapHost - ok
20:37:45.0159 6292 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:37:45.0190 6292 Ecache - ok
20:37:45.0268 6292 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:37:45.0268 6292 eeCtrl - ok
20:37:45.0330 6292 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:37:45.0330 6292 ehRecvr - ok
20:37:45.0362 6292 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:37:45.0377 6292 ehSched - ok
20:37:45.0393 6292 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:37:45.0393 6292 ehstart - ok
20:37:45.0440 6292 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:37:45.0455 6292 elxstor - ok
20:37:45.0549 6292 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:37:45.0564 6292 EMDMgmt - ok
20:37:45.0596 6292 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:37:45.0596 6292 EraserUtilRebootDrv - ok
20:37:45.0658 6292 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:37:45.0658 6292 EventSystem - ok
20:37:45.0752 6292 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:37:45.0767 6292 exfat - ok
20:37:45.0798 6292 [ 9F5984873CDEA9BA1A0689DABF931E13 ] ezntsvc C:\Windows\system32\ezNTSvc.exe
20:37:45.0798 6292 ezntsvc - ok
20:37:45.0908 6292 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:37:45.0923 6292 fastfat - ok
20:37:45.0970 6292 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:37:45.0970 6292 fdc - ok
20:37:46.0032 6292 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:37:46.0032 6292 fdPHost - ok
20:37:46.0079 6292 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:37:46.0079 6292 FDResPub - ok
20:37:46.0126 6292 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:37:46.0157 6292 FileInfo - ok
20:37:46.0188 6292 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:37:46.0188 6292 Filetrace - ok
20:37:46.0204 6292 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:37:46.0204 6292 flpydisk - ok
20:37:46.0344 6292 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:37:46.0376 6292 FltMgr - ok
20:37:46.0547 6292 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:37:46.0563 6292 FontCache - ok
20:37:46.0656 6292 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:37:46.0688 6292 FontCache3.0.0.0 - ok
20:37:46.0719 6292 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:37:46.0719 6292 fssfltr - ok
20:37:47.0171 6292 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:37:47.0202 6292 fsssvc - ok
20:37:47.0296 6292 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
20:37:47.0327 6292 FsUsbExDisk - ok
20:37:47.0374 6292 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:37:47.0374 6292 Fs_Rec - ok
20:37:47.0405 6292 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:37:47.0405 6292 gagp30kx - ok
20:37:47.0546 6292 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
20:37:47.0561 6292 GamesAppService - ok
20:37:47.0608 6292 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:37:47.0608 6292 GEARAspiWDM - ok
20:37:47.0733 6292 [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
20:37:47.0764 6292 GoToAssist - ok
20:37:47.0811 6292 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:37:47.0826 6292 gpsvc - ok
20:37:47.0998 6292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:37:47.0998 6292 gupdate - ok
20:37:48.0029 6292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:37:48.0029 6292 gupdatem - ok
20:37:48.0045 6292 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:37:48.0045 6292 gusvc - ok
20:37:48.0123 6292 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:37:48.0123 6292 HDAudBus - ok
20:37:48.0154 6292 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:37:48.0154 6292 HidBth - ok
20:37:48.0201 6292 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:37:48.0232 6292 HidIr - ok
20:37:48.0263 6292 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:37:48.0263 6292 hidserv - ok
20:37:48.0294 6292 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:37:48.0294 6292 HidUsb - ok
20:37:48.0326 6292 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:37:48.0357 6292 hkmsvc - ok
20:37:48.0435 6292 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
20:37:48.0466 6292 HP Health Check Service - ok
20:37:48.0513 6292 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:37:48.0528 6292 HpCISSs - ok
20:37:48.0638 6292 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:37:48.0638 6292 hpqcxs08 - ok
20:37:48.0716 6292 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:37:48.0716 6292 hpqddsvc - ok
20:37:48.0809 6292 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:37:48.0825 6292 HTTP - ok
20:37:48.0856 6292 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:37:48.0856 6292 i2omp - ok
20:37:48.0903 6292 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:37:48.0903 6292 i8042prt - ok
20:37:48.0934 6292 [ 11A220EB53F1D42B8AF0AD1210B8241D ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
20:37:48.0950 6292 IAANTMON - ok
20:37:48.0965 6292 [ 25C3D5F66A74A7BDDECA56085F040D2E ] iaStor C:\Windows\system32\drivers\iastor.sys
20:37:48.0965 6292 iaStor - ok
20:37:48.0996 6292 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:37:49.0012 6292 iaStorV - ok
20:37:49.0090 6292 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:37:49.0106 6292 idsvc - ok
20:37:49.0340 6292 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20120907.001\IDSvix86.sys
20:37:49.0355 6292 IDSVix86 - ok
20:37:49.0371 6292 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:37:49.0371 6292 iirsp - ok
20:37:49.0449 6292 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:37:49.0464 6292 IKEEXT - ok
20:37:49.0574 6292 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:37:49.0589 6292 IntcAzAudAddService - ok
20:37:49.0620 6292 [ E08FB545EDA9D1E3CA689B4B3F6E4C22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:37:49.0620 6292 intelide - ok
20:37:49.0652 6292 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:37:49.0652 6292 intelppm - ok
20:37:49.0683 6292 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:37:49.0683 6292 IPBusEnum - ok
20:37:49.0730 6292 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:37:49.0730 6292 IpFilterDriver - ok
20:37:49.0730 6292 IpInIp - ok
20:37:49.0761 6292 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:37:49.0761 6292 IPMIDRV - ok
20:37:49.0808 6292 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:37:49.0808 6292 IPNAT - ok
20:37:49.0854 6292 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:37:49.0870 6292 iPod Service - ok
20:37:49.0901 6292 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:37:49.0901 6292 IRENUM - ok
20:37:49.0932 6292 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:37:49.0932 6292 isapnp - ok
20:37:49.0979 6292 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:37:49.0979 6292 iScsiPrt - ok
20:37:49.0995 6292 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:37:50.0010 6292 iteatapi - ok
20:37:50.0042 6292 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:37:50.0042 6292 iteraid - ok
20:37:50.0057 6292 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:37:50.0073 6292 kbdclass - ok
20:37:50.0088 6292 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:37:50.0088 6292 kbdhid - ok
20:37:50.0120 6292 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:37:50.0120 6292 KeyIso - ok
20:37:50.0151 6292 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:37:50.0151 6292 KSecDD - ok
20:37:50.0182 6292 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:37:50.0198 6292 KtmRm - ok
20:37:50.0260 6292 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:37:50.0260 6292 LanmanServer - ok
20:37:50.0385 6292 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:37:50.0385 6292 LanmanWorkstation - ok
20:37:50.0931 6292 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
20:37:50.0978 6292 Lavasoft Ad-Aware Service - ok
20:37:51.0040 6292 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:37:51.0040 6292 Lavasoft Kernexplorer - ok
20:37:51.0118 6292 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
20:37:51.0118 6292 Lbd - ok
20:37:51.0165 6292 [ 4B142775DAD98274C58F3B5893376C20 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:37:51.0165 6292 LightScribeService - ok
20:37:51.0212 6292 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:37:51.0212 6292 lltdio - ok
20:37:51.0258 6292 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:37:51.0258 6292 lltdsvc - ok
20:37:51.0321 6292 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:37:51.0321 6292 lmhosts - ok
20:37:51.0368 6292 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:37:51.0399 6292 LSI_FC - ok
20:37:51.0430 6292 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:37:51.0430 6292 LSI_SAS - ok
20:37:51.0461 6292 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:37:51.0461 6292 LSI_SCSI - ok
20:37:51.0492 6292 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:37:51.0492 6292 luafv - ok
20:37:51.0524 6292 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:37:51.0524 6292 MBAMProtector - ok
20:37:51.0602 6292 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:37:51.0602 6292 MBAMService - ok
20:37:51.0664 6292 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:37:51.0680 6292 Mcx2Svc - ok
20:37:51.0711 6292 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
20:37:51.0711 6292 megasas - ok
20:37:51.0726 6292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:37:51.0726 6292 MMCSS - ok
20:37:51.0758 6292 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:37:51.0758 6292 Modem - ok
20:37:51.0789 6292 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
 
Hi Broni

Part 2 of TDSSKiller log

20:37:51.0789 6292 monitor - ok
20:37:51.0804 6292 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:37:51.0804 6292 mouclass - ok
20:37:51.0851 6292 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:37:51.0851 6292 mouhid - ok
20:37:51.0882 6292 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:37:51.0882 6292 MountMgr - ok
20:37:51.0914 6292 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
20:37:51.0914 6292 mpio - ok
20:37:51.0960 6292 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:37:51.0976 6292 mpsdrv - ok
20:37:52.0054 6292 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:37:52.0054 6292 MpsSvc - ok
20:37:52.0085 6292 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:37:52.0085 6292 Mraid35x - ok
20:37:52.0210 6292 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:37:52.0210 6292 MREMP50 - ok
20:37:52.0210 6292 MREMPR5 - ok
20:37:52.0226 6292 MRENDIS5 - ok
20:37:52.0272 6292 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:37:52.0288 6292 MRESP50 - ok
20:37:52.0366 6292 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:37:52.0366 6292 MRxDAV - ok
20:37:52.0444 6292 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:37:52.0460 6292 mrxsmb - ok
20:37:52.0522 6292 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:37:52.0522 6292 mrxsmb10 - ok
20:37:52.0553 6292 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:37:52.0553 6292 mrxsmb20 - ok
20:37:52.0584 6292 [ D537C241DB604FA86E46328DA0FD83D6 ] msahci C:\Windows\system32\drivers\msahci.sys
20:37:52.0600 6292 msahci - ok
20:37:52.0631 6292 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:37:52.0631 6292 msdsm - ok
20:37:52.0662 6292 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:37:52.0662 6292 MSDTC - ok
20:37:52.0709 6292 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:37:52.0709 6292 Msfs - ok
20:37:52.0725 6292 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:37:52.0725 6292 msisadrv - ok
20:37:52.0756 6292 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:37:52.0787 6292 MSiSCSI - ok
20:37:52.0787 6292 msiserver - ok
20:37:52.0818 6292 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:37:52.0818 6292 MSKSSRV - ok
20:37:52.0850 6292 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:37:52.0850 6292 MSPCLOCK - ok
20:37:52.0865 6292 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:37:52.0865 6292 MSPQM - ok
20:37:52.0928 6292 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:37:52.0928 6292 MsRPC - ok
20:37:52.0959 6292 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:37:52.0974 6292 mssmbios - ok
20:37:52.0990 6292 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:37:52.0990 6292 MSTEE - ok
20:37:53.0052 6292 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:37:53.0052 6292 Mup - ok
20:37:53.0364 6292 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files\Norton 360\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
20:37:53.0380 6292 N360 - ok
20:37:53.0458 6292 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:37:53.0474 6292 napagent - ok
20:37:53.0552 6292 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:37:53.0552 6292 NativeWifiP - ok
20:37:53.0692 6292 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20120908.009\NAVENG.SYS
20:37:53.0692 6292 NAVENG - ok
20:37:53.0786 6292 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20120908.009\NAVEX15.SYS
20:37:53.0801 6292 NAVEX15 - ok
20:37:53.0879 6292 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:37:53.0879 6292 NDIS - ok
20:37:53.0910 6292 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:37:53.0926 6292 NdisTapi - ok
20:37:53.0942 6292 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:37:53.0942 6292 Ndisuio - ok
20:37:54.0004 6292 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:37:54.0020 6292 NdisWan - ok
20:37:54.0051 6292 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:37:54.0051 6292 NDProxy - ok
20:37:54.0098 6292 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:37:54.0098 6292 Net Driver HPZ12 - ok
20:37:54.0113 6292 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:37:54.0113 6292 NetBIOS - ok
20:37:54.0222 6292 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:37:54.0222 6292 netbt - ok
20:37:54.0254 6292 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:37:54.0254 6292 Netlogon - ok
20:37:54.0300 6292 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:37:54.0316 6292 Netman - ok
20:37:54.0394 6292 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:37:54.0410 6292 netprofm - ok
20:37:54.0472 6292 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:54.0488 6292 NetTcpPortSharing - ok
20:37:54.0566 6292 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:37:54.0581 6292 nfrd960 - ok
20:37:54.0597 6292 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:37:54.0597 6292 NlaSvc - ok
20:37:54.0706 6292 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:37:54.0706 6292 Npfs - ok
20:37:54.0737 6292 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:37:54.0737 6292 nsi - ok
20:37:54.0800 6292 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:37:54.0815 6292 nsiproxy - ok
20:37:54.0971 6292 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:37:54.0987 6292 Ntfs - ok
20:37:55.0190 6292 [ 4A6A8C2882EA29F7CAE995E82C259EEB ] ntk_PowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys
20:37:55.0205 6292 ntk_PowerDVD12 - ok
20:37:55.0236 6292 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:37:55.0236 6292 ntrigdigi - ok
20:37:55.0268 6292 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:37:55.0268 6292 Null - ok
20:37:55.0767 6292 [ 351265910A8EF5FC6CC4535A00054049 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:55.0907 6292 nvlddmkm - ok
20:37:55.0985 6292 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:37:55.0985 6292 nvraid - ok
20:37:56.0032 6292 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:37:56.0032 6292 nvstor - ok
20:37:56.0079 6292 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:37:56.0079 6292 nv_agp - ok
20:37:56.0079 6292 NwlnkFlt - ok
20:37:56.0094 6292 NwlnkFwd - ok
20:37:56.0188 6292 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:37:56.0188 6292 ohci1394 - ok
20:37:56.0250 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:37:56.0266 6292 p2pimsvc - ok
20:37:56.0282 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:37:56.0282 6292 p2psvc - ok
20:37:56.0297 6292 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:37:56.0297 6292 Parport - ok
20:37:56.0344 6292 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:37:56.0344 6292 partmgr - ok
20:37:56.0375 6292 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:37:56.0375 6292 Parvdm - ok
20:37:56.0422 6292 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:37:56.0422 6292 PcaSvc - ok
20:37:56.0453 6292 [ C96C14987F167F461266A6C6028B698B ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
20:37:56.0469 6292 pcCMService - ok
20:37:56.0516 6292 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:37:56.0516 6292 pccsmcfd - ok
20:37:56.0609 6292 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:37:56.0609 6292 pci - ok
20:37:56.0640 6292 [ A88FF9E32AAA9AF398AE89B9A082870B ] pciide C:\Windows\system32\drivers\pciide.sys
20:37:56.0672 6292 pciide - ok
20:37:56.0718 6292 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:37:56.0718 6292 pcmcia - ok
20:37:56.0765 6292 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
20:37:56.0781 6292 pcouffin - ok
20:37:56.0796 6292 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:37:56.0812 6292 PEAUTH - ok
20:37:56.0890 6292 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:37:56.0906 6292 pla - ok
20:37:56.0968 6292 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:37:56.0984 6292 PlugPlay - ok
20:37:57.0030 6292 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:37:57.0030 6292 Pml Driver HPZ12 - ok
20:37:57.0046 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:37:57.0046 6292 PNRPAutoReg - ok
20:37:57.0062 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:37:57.0077 6292 PNRPsvc - ok
20:37:57.0093 6292 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:37:57.0093 6292 PolicyAgent - ok
20:37:57.0124 6292 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:37:57.0124 6292 PptpMiniport - ok
20:37:57.0155 6292 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
20:37:57.0155 6292 Processor - ok
20:37:57.0233 6292 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:37:57.0233 6292 ProfSvc - ok
20:37:57.0280 6292 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:37:57.0280 6292 ProtectedStorage - ok
20:37:57.0311 6292 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
20:37:57.0311 6292 Ps2 - ok
20:37:57.0374 6292 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:37:57.0389 6292 PSched - ok
20:37:57.0452 6292 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:37:57.0452 6292 ql2300 - ok
20:37:57.0483 6292 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:37:57.0498 6292 ql40xx - ok
20:37:57.0530 6292 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:37:57.0530 6292 QWAVE - ok
20:37:57.0561 6292 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:37:57.0561 6292 QWAVEdrv - ok
20:37:57.0592 6292 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:37:57.0592 6292 RasAcd - ok
20:37:57.0608 6292 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:37:57.0623 6292 RasAuto - ok
20:37:57.0639 6292 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:57.0639 6292 Rasl2tp - ok
20:37:57.0701 6292 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:37:57.0717 6292 RasMan - ok
20:37:57.0795 6292 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:57.0795 6292 RasPppoe - ok
20:37:57.0857 6292 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:37:57.0873 6292 RasSstp - ok
20:37:57.0935 6292 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:37:57.0935 6292 rdbss - ok
20:37:57.0966 6292 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:57.0966 6292 RDPCDD - ok
20:37:58.0013 6292 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:37:58.0013 6292 rdpdr - ok
20:37:58.0013 6292 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:37:58.0013 6292 RDPENCDD - ok
20:37:58.0076 6292 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:37:58.0107 6292 RDPWD - ok
20:37:58.0122 6292 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:37:58.0122 6292 RemoteAccess - ok
20:37:58.0185 6292 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:37:58.0216 6292 RemoteRegistry - ok
20:37:58.0263 6292 [ 7728B6AEDC83BC0DEFD0A53371D4613B ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:37:58.0263 6292 RichVideo - ok
20:37:58.0325 6292 RimUsb - ok
20:37:58.0341 6292 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
20:37:58.0341 6292 RimVSerPort - ok
20:37:58.0388 6292 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:37:58.0388 6292 ROOTMODEM - ok
20:37:58.0403 6292 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:37:58.0403 6292 RpcLocator - ok
20:37:58.0544 6292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:37:58.0544 6292 RpcSs - ok
20:37:58.0590 6292 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:37:58.0590 6292 rspndr - ok
20:37:58.0622 6292 [ C347A3CDE57077056E7E73D3498F7D7D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:37:58.0637 6292 RTL8169 - ok
20:37:58.0637 6292 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:37:58.0637 6292 SamSs - ok
20:37:58.0684 6292 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:37:58.0700 6292 sbp2port - ok
20:37:58.0778 6292 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:37:58.0793 6292 SCardSvr - ok
20:37:58.0934 6292 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:37:58.0949 6292 Schedule - ok
20:37:58.0965 6292 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:37:58.0965 6292 SCPolicySvc - ok
20:37:58.0996 6292 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:37:59.0012 6292 SDRSVC - ok
20:37:59.0043 6292 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:37:59.0043 6292 secdrv - ok
20:37:59.0043 6292 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:37:59.0058 6292 seclogon - ok
20:37:59.0058 6292 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:37:59.0074 6292 SENS - ok
20:37:59.0090 6292 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:37:59.0090 6292 Serenum - ok
20:37:59.0105 6292 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:37:59.0121 6292 Serial - ok
20:37:59.0152 6292 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:37:59.0152 6292 sermouse - ok
20:37:59.0292 6292 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:37:59.0308 6292 ServiceLayer - ok
20:37:59.0339 6292 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:37:59.0355 6292 SessionEnv - ok
20:37:59.0386 6292 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:37:59.0386 6292 sffdisk - ok
20:37:59.0433 6292 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:37:59.0448 6292 sffp_mmc - ok
20:37:59.0464 6292 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:37:59.0464 6292 sffp_sd - ok
20:37:59.0480 6292 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:37:59.0480 6292 sfloppy - ok
20:37:59.0542 6292 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:37:59.0558 6292 ShellHWDetection - ok
20:37:59.0573 6292 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:37:59.0573 6292 sisagp - ok
20:37:59.0589 6292 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:37:59.0589 6292 SiSRaid2 - ok
20:37:59.0604 6292 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:37:59.0620 6292 SiSRaid4 - ok
20:37:59.0745 6292 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:37:59.0823 6292 slsvc - ok
20:37:59.0916 6292 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:37:59.0932 6292 SLUINotify - ok
20:37:59.0994 6292 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:38:00.0010 6292 Smb - ok
20:38:00.0041 6292 [ C62609CFB5A0E0EDD791E53487C48168 ] SMR310 C:\Windows\system32\drivers\SMR310.SYS
20:38:00.0041 6292 SMR310 - ok
20:38:00.0072 6292 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:38:00.0072 6292 SNMPTRAP - ok
20:38:00.0104 6292 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:38:00.0104 6292 spldr - ok
20:38:00.0166 6292 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:38:00.0166 6292 Spooler - ok
20:38:00.0353 6292 [ 5CAC2130C217FF7DDBE6D59AC6131F1D ] SRTSP C:\Windows\system32\drivers\N360\1401010.002\SRTSP.SYS
20:38:00.0369 6292 SRTSP - ok
20:38:00.0384 6292 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\N360\1401010.002\SRTSPX.SYS
20:38:00.0384 6292 SRTSPX - ok
20:38:00.0462 6292 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:38:00.0462 6292 srv - ok
20:38:00.0525 6292 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:38:00.0540 6292 srv2 - ok
20:38:00.0556 6292 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:38:00.0556 6292 srvnet - ok
20:38:00.0587 6292 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:38:00.0587 6292 SSDPSRV - ok
20:38:00.0618 6292 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:38:00.0634 6292 SstpSvc - ok
20:38:00.0681 6292 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
20:38:00.0681 6292 StarOpen - ok
20:38:00.0759 6292 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:38:00.0821 6292 stisvc - ok
20:38:00.0837 6292 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:38:00.0837 6292 swenum - ok
20:38:00.0899 6292 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:38:00.0915 6292 swprv - ok
20:38:00.0946 6292 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:38:00.0946 6292 Symc8xx - ok
20:38:00.0993 6292 [ 0004CCDD046A873CFF06427B06BE0B28 ] SymDS C:\Windows\system32\drivers\N360\1401010.002\SYMDS.SYS
20:38:01.0008 6292 SymDS - ok
20:38:01.0242 6292 [ 4C24298500C31E84F5FDFAE6339902CD ] SymEFA C:\Windows\system32\drivers\N360\1401010.002\SYMEFA.SYS
20:38:01.0274 6292 SymEFA - ok
20:38:01.0320 6292 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
20:38:01.0320 6292 SymEvent - ok
20:38:01.0336 6292 SymIMMP - ok
20:38:01.0430 6292 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1401010.002\Ironx86.SYS
20:38:01.0445 6292 SymIRON - ok
20:38:01.0586 6292 [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv C:\Windows\system32\drivers\N360\1401010.002\SYMTDIV.SYS
20:38:01.0617 6292 SYMTDIv - ok
20:38:01.0648 6292 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:38:01.0664 6292 Sym_hi - ok
20:38:01.0664 6292 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:38:01.0679 6292 Sym_u3 - ok
20:38:01.0726 6292 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:38:01.0742 6292 SysMain - ok
20:38:01.0788 6292 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:38:01.0804 6292 TabletInputService - ok
20:38:01.0851 6292 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:38:01.0882 6292 TapiSrv - ok
20:38:01.0898 6292 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:38:01.0913 6292 TBS - ok
20:38:01.0944 6292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:38:01.0960 6292 Tcpip - ok
20:38:01.0976 6292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:38:01.0991 6292 Tcpip6 - ok
20:38:02.0038 6292 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:38:02.0069 6292 tcpipreg - ok
20:38:02.0100 6292 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:38:02.0100 6292 TDPIPE - ok
20:38:02.0132 6292 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:38:02.0132 6292 TDTCP - ok
20:38:02.0178 6292 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:38:02.0178 6292 tdx - ok
20:38:02.0241 6292 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:38:02.0241 6292 TermDD - ok
20:38:02.0319 6292 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:38:02.0319 6292 TermService - ok
20:38:02.0334 6292 TfFsMon - ok
20:38:02.0334 6292 TfNetMon - ok
20:38:02.0334 6292 TfSysMon - ok
20:38:02.0381 6292 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:38:02.0381 6292 Themes - ok
20:38:02.0428 6292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:38:02.0428 6292 THREADORDER - ok
20:38:02.0522 6292 [ 39BD95A9FE72AAF5C675AD146BE456A9 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
20:38:02.0522 6292 TomTomHOMEService - ok
20:38:02.0553 6292 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:38:02.0553 6292 TrkWks - ok
20:38:02.0678 6292 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:38:02.0709 6292 TrustedInstaller - ok
20:38:02.0756 6292 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:38:02.0756 6292 tssecsrv - ok
20:38:02.0818 6292 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:38:02.0818 6292 tunmp - ok
20:38:02.0865 6292 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:38:02.0865 6292 tunnel - ok
20:38:02.0943 6292 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:38:02.0958 6292 uagp35 - ok
20:38:03.0005 6292 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:38:03.0021 6292 udfs - ok
20:38:03.0052 6292 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:38:03.0052 6292 UI0Detect - ok
20:38:03.0083 6292 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:38:03.0083 6292 uliagpkx - ok
20:38:03.0114 6292 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:38:03.0114 6292 uliahci - ok
20:38:03.0130 6292 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:38:03.0146 6292 UlSata - ok
20:38:03.0161 6292 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:38:03.0161 6292 ulsata2 - ok
20:38:03.0208 6292 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:38:03.0208 6292 umbus - ok
20:38:03.0239 6292 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:38:03.0239 6292 upnphost - ok
20:38:03.0270 6292 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:38:03.0270 6292 USBAAPL - ok
20:38:03.0286 6292 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:38:03.0286 6292 usbccgp - ok
20:38:03.0317 6292 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:38:03.0317 6292 usbcir - ok
20:38:03.0348 6292 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:38:03.0348 6292 usbehci - ok
20:38:03.0489 6292 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:38:03.0520 6292 usbhub - ok
20:38:03.0536 6292 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:38:03.0536 6292 usbohci - ok
20:38:03.0582 6292 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:38:03.0582 6292 usbprint - ok
20:38:03.0614 6292 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:38:03.0614 6292 usbscan - ok
20:38:03.0629 6292 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:38:03.0629 6292 USBSTOR - ok
20:38:03.0660 6292 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:38:03.0660 6292 usbuhci - ok
20:38:03.0723 6292 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:38:03.0754 6292 UxSms - ok
20:38:03.0801 6292 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:38:03.0816 6292 vds - ok
20:38:03.0879 6292 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:38:03.0879 6292 vga - ok
20:38:03.0910 6292 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:38:03.0910 6292 VgaSave - ok
20:38:03.0941 6292 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:38:03.0941 6292 viaagp - ok
20:38:03.0957 6292 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:38:03.0957 6292 ViaC7 - ok
20:38:03.0972 6292 [ F2EB2E6E21B008695D3D28E69937DA9C ] viaide C:\Windows\system32\drivers\viaide.sys
20:38:03.0972 6292 viaide - ok
20:38:04.0004 6292 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:38:04.0004 6292 volmgr - ok
20:38:04.0175 6292 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:38:04.0206 6292 volmgrx - ok
20:38:04.0253 6292 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:38:04.0269 6292 volsnap - ok
20:38:04.0300 6292 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:38:04.0316 6292 vsmraid - ok
20:38:04.0378 6292 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:38:04.0394 6292 VSS - ok
20:38:04.0550 6292 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:38:04.0596 6292 W32Time - ok
20:38:04.0628 6292 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:38:04.0628 6292 WacomPen - ok
20:38:04.0659 6292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:38:04.0674 6292 Wanarp - ok
20:38:04.0674 6292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:38:04.0674 6292 Wanarpv6 - ok
20:38:04.0706 6292 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\Windows\system32\DRIVERS\wanatw4.sys
20:38:04.0706 6292 wanatw - ok
20:38:04.0721 6292 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:38:04.0721 6292 wcncsvc - ok
20:38:04.0752 6292 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:38:04.0752 6292 WcsPlugInService - ok
20:38:04.0784 6292 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
20:38:04.0784 6292 Wd - ok
20:38:04.0893 6292 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:38:04.0924 6292 Wdf01000 - ok
20:38:04.0971 6292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:38:04.0971 6292 WdiServiceHost - ok
20:38:04.0986 6292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:38:04.0986 6292 WdiSystemHost - ok
20:38:05.0064 6292 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:38:05.0064 6292 WebClient - ok
20:38:05.0127 6292 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:38:05.0158 6292 Wecsvc - ok
20:38:05.0205 6292 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:38:05.0205 6292 wercplsupport - ok
20:38:05.0267 6292 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:38:05.0267 6292 WerSvc - ok
20:38:05.0283 6292 WinHttpAutoProxySvc - ok
20:38:05.0361 6292 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:38:05.0376 6292 Winmgmt - ok
20:38:05.0642 6292 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:38:05.0688 6292 WinRM - ok
20:38:05.0829 6292 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:38:05.0844 6292 Wlansvc - ok
20:38:06.0624 6292 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:38:06.0640 6292 wlidsvc - ok
20:38:06.0687 6292 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:38:06.0687 6292 WmiAcpi - ok
20:38:06.0749 6292 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:38:06.0765 6292 wmiApSrv - ok
20:38:06.0843 6292 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:38:06.0858 6292 WMPNetworkSvc - ok
20:38:06.0905 6292 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:38:06.0936 6292 WPCSvc - ok
20:38:07.0030 6292 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:38:07.0061 6292 WPDBusEnum - ok
20:38:07.0139 6292 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:38:07.0170 6292 WpdUsb - ok
20:38:07.0451 6292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:38:07.0467 6292 WPFFontCache_v0400 - ok
20:38:07.0545 6292 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:38:07.0560 6292 ws2ifsl - ok
20:38:07.0607 6292 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:38:07.0638 6292 wscsvc - ok
20:38:07.0638 6292 WSearch - ok
20:38:07.0701 6292 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:38:07.0701 6292 WUDFRd - ok
20:38:07.0732 6292 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:38:07.0732 6292 wudfsvc - ok
20:38:07.0857 6292 [ 74EC37B9EAF9FCA015B933A526825C7A ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
20:38:07.0857 6292 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
20:38:07.0872 6292 ================ Scan global ===============================
20:38:07.0935 6292 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:38:07.0997 6292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:38:08.0013 6292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:38:08.0184 6292 [ 1C5A8277AA91E44684772C950C892AE2 ] C:\Windows\system32\services.exe
20:38:08.0216 6292 [Global] - ok
20:38:08.0216 6292 ================ Scan MBR ==================================
20:38:08.0247 6292 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
20:38:09.0885 6292 \Device\Harddisk0\DR0 - ok
20:38:09.0885 6292 ================ Scan VBR ==================================
20:38:09.0916 6292 [ FD92C1663E26233F86DFB030E2D665E3 ] \Device\Harddisk0\DR0\Partition1
20:38:09.0947 6292 \Device\Harddisk0\DR0\Partition1 - ok
20:38:09.0978 6292 [ 1CF2E19327585DDCD223A5063A1FD7F5 ] \Device\Harddisk0\DR0\Partition2
20:38:10.0025 6292 \Device\Harddisk0\DR0\Partition2 - ok
20:38:10.0025 6292 ============================================================
20:38:10.0025 6292 Scan finished
20:38:10.0025 6292 ============================================================
20:38:10.0088 8096 Detected object count: 0

20:38:10.0088 8096 Actual detected object count: 0
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Hi Broni - thanks for your help

Have followed your instructions but am not making any progress - unable to run FRST from flashdrive - all I can see is a page of symbols

Shall I leave computer running ?

Thanks again
 
Hi Broni - thanks

I'm here - In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.

When I press Enter all I can see is a page full of symbols and random letters - FRST doesn't appear to be running - the disclaimer doesn't appear
 
Hi Broni

I'm having a nightmare - I've tried using a different flashdrive - no success
My computer is now shutting down / restarting / shutting down / restarting automatically
Help!
 
Hi Broni

In between the computer shutting down / restarting I managed to try another attempt to run FRST - after pressing Enter at 'In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter' , I still get a page of symblos / random letters - but I can see in the top line: ' this program cannot be run in DOS mode '
 
Hi Broni

I noticed an error message which pointed at Norton 360 causing a problem - I uninstalled Norton

My apologies for not following your instructions but the computer has stabilized and is not continually shutting down / restarting

Awaiting your advice

Thanks for your help
 
Are you booting to System Recovery Options or you're trying to boot to Windows?

Do you have Vista DVD?
 
Hi Broni

I have been booting to System Recovery Options after tapping F8 to get the Advanced Boot Options - I could see the FRST file on my flash in the 'OPEN' box but couldn't run it by typing F:\FRST. However, I was able to run FRST by right clicking on the file in the 'OPEN' box and then running it.

I do not have Vista DVD

Here are the two logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2012
Ran by SYSTEM at 15-09-2012 10:03:29
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1219316984\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1988608 2012-07-04] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-10-02] (Google)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-14] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Run: [Power2GoExpress] [x]
HKU\Mark\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-03-09] (TomTom)
HKU\Mark\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-11-19] (Google Inc.)
HKU\Mark\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
HKU\Mark\...\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.0; EasyBits GO v1.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; AskTbSPC2/5.9.1.14019)" -"http://www.gamepuma.com/shockwave-games/Driver-s-ED.html" [460216 2008-11-24] (Adobe Systems, Inc.)
HKU\Mark\...\Policies\system: [DisableLockWorkstation] 0
HKU\Mark\...\Policies\system: [DisableChangePassword] 0
HKU\Mark\...\Winlogon: [Shell] explorer.exe [x]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 208.67.220.220,208.67.222.222
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services ================================

2 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 ezntsvc; C:\Windows\system32\ezNTSvc.exe [33792 2008-08-21] (EasyBits Software Corp.)
2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-22] (Lavasoft Limited)
2 NCO; "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe" /s "NCO" /m "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

==================== Drivers =================================

1 ccSet_NST; C:\Windows\system32\drivers\NST\7DC06030.002\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-11-03] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-11-03] (Lavasoft AB)
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-04-12] (VSO Software)
0 SMR310; C:\Windows\System32\drivers\SMR310.SYS [97440 2012-09-09] (Symantec Corporation)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2011-05-31] ()
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Windows\System32\Drivers\NST
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Program Files\Norton Identity Safe
2012-09-13 10:54 - 2012-09-13 10:55 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:51 - 2012-09-13 14:02 - 00000000 ____D C:\NBRT
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:16 - 2012-09-13 10:17 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:57 - 2012-09-13 07:58 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:23 - 2012-09-13 01:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:20 - 2012-09-13 00:21 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\Application Data\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\SMR310
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\Application Data\SMR310
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:52 - 2012-09-08 09:55 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 08:16 - 2012-09-08 08:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizard
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Program Files\Norton Bootable Recovery Tool Wizard
2012-09-08 06:29 - 2012-07-25 21:32 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:12 - 2012-09-09 00:11 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:52 - 2012-09-13 10:36 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-07 13:04 - 2012-09-07 13:04 - 00000000 ____D C:\Windows\System32\N360_BACKUP
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\AppData\Local\NPE
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Mozilla
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\My Documents\Symantec
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\Documents\Symantec
2012-09-07 10:09 - 2012-09-08 06:27 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-09-07 09:31 - 2012-09-07 10:47 - 00000000 ____D C:\Users\Mark\Sources
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\AppData\Local\NokiaAccount
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\My Documents\NPS
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\Documents\NPS
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaShow
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\AppData\Local\Power2Go8
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\PDVD
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Application Data\PDVD
2012-08-22 07:58 - 2012-08-22 07:58 - 00000000 ____D C:\Program Files\Common Files\CyberLink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\AppData\Local\Cyberlink
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\install_clap
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\Application Data\install_clap
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\CLSK
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\Application Data\CLSK
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps


============ 3 Months Modified Files ========================

2012-09-15 00:54 - 2006-11-02 05:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-15 00:54 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 00:54 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-15 00:54 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-15 00:44 - 2009-12-26 12:14 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-15 00:43 - 2012-07-25 01:00 - 00023867 ____A C:\aaw7boot.log
2012-09-15 00:35 - 2012-07-24 11:30 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
2012-09-15 00:25 - 2009-12-26 12:14 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-14 14:34 - 2012-03-30 23:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-14 11:36 - 2012-07-24 11:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 12:04 - 2008-08-20 02:58 - 01635992 ____A C:\Windows\PFRO.log
2012-09-13 10:55 - 2012-09-13 10:54 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:54 - 2008-09-17 10:15 - 271553641 ____A C:\Windows\MEMORY.DMP
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:36 - 2012-09-08 05:52 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:17 - 2012-09-13 10:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:50 - 2006-11-02 04:47 - 00070656 _____ C:\Windows\System32\umstartup.etl
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:58 - 2012-09-13 07:57 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:24 - 2012-09-13 01:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:21 - 2012-09-13 00:20 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-12 01:54 - 2011-11-26 04:25 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-09-12 01:54 - 2011-11-26 04:25 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\Application Data\wklnhst.dat
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\AppData\Roaming\wklnhst.dat
2012-09-12 01:14 - 2009-02-22 12:11 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-08 06:12 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 23:52 - 2011-10-21 04:58 - 00009024 ____A C:\Windows\IE9_main.log
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-08 23:28 - 2006-11-02 04:47 - 00285328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-08 12:58 - 2006-11-02 02:22 - 59506688 ____A C:\Windows\System32\config\software_previous
2012-09-08 12:58 - 2006-11-02 02:22 - 18874368 ____A C:\Windows\System32\config\system_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\components_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:55 - 2012-09-08 09:52 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 08:21 - 2009-09-24 08:59 - 00282624 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:51 - 2008-08-20 03:14 - 00095736 ____A C:\Windows\DPINST.LOG
2012-09-08 05:50 - 2006-11-02 02:23 - 00000324 ____A C:\Windows\win.ini
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-08 03:40 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2012-09-08 03:40 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-09-01 13:35 - 2009-04-10 07:49 - 00001057 ____A C:\Users\Mark\Application Data\vso_ts_preview.xml
2012-09-01 13:35 - 2009-04-10 07:49 - 00001057 ____A C:\Users\Mark\AppData\Roaming\vso_ts_preview.xml
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-27 03:10 - 2012-03-30 23:50 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-27 03:10 - 2011-06-17 23:55 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps
2012-07-31 08:07 - 2006-11-02 04:52 - 00069228 ____A C:\Windows\setupact.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\Application Data\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\All Users\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\Application Data\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\Application Data\Rim.DesktopHelper.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\My Documents\carpark cardiff.wps
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\Documents\carpark cardiff.wps
2012-07-30 09:57 - 2008-04-28 06:04 - 01215626 ____A C:\Windows\WindowsUpdate.log
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\My Documents\sara 429.xlr
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\Documents\sara 429.xlr
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\My Documents\Nirvana.p2g
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\Documents\Nirvana.p2g
2012-07-25 21:32 - 2012-09-08 06:29 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-07-25 21:32 - 2010-11-16 12:17 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-07-24 11:45 - 2012-07-24 11:22 - 00020969 ____A C:\INSTALLHELPER.LOG
2012-07-24 11:45 - 2012-07-24 11:22 - 00003982 ____A C:\alotserviceruntime.log
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\My Documents\Asda socket set.wps
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\Documents\Asda socket set.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\My Documents\Ryanair cancellation.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\Documents\Ryanair cancellation.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\My Documents\apodo flight.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\Documents\apodo flight.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\My Documents\Holiday Inn Kenilworth.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\Documents\Holiday Inn Kenilworth.wps
2012-06-18 08:56 - 2012-06-18 08:56 - 00018944 ____A C:\Users\Mark\My Documents\Sara letter homework.wps
2012-06-18 08:56 - 2012-06-18 08:56 - 00018944 ____A C:\Users\Mark\Documents\Sara letter homework.wps


ZeroAccess:
C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}
C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}\U

ZeroAccess:
C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}
C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-03 05:44:39
Restore point made on: 2012-09-04 02:27:04
Restore point made on: 2012-09-05 03:23:05
Restore point made on: 2012-09-06 02:47:45
Restore point made on: 2012-09-07 00:00:45
Restore point made on: 2012-09-07 08:50:18
Restore point made on: 2012-09-07 08:51:24
Restore point made on: 2012-09-07 09:12:39
Restore point made on: 2012-09-07 09:49:41
Restore point made on: 2012-09-07 09:52:26
Restore point made on: 2012-09-07 09:55:16
Restore point made on: 2012-09-08 04:55:28
Restore point made on: 2012-09-08 05:31:03
Restore point made on: 2012-09-08 05:31:59
Restore point made on: 2012-09-08 05:32:57
Restore point made on: 2012-09-08 05:33:43
Restore point made on: 2012-09-08 05:35:25
Restore point made on: 2012-09-08 05:36:31
Restore point made on: 2012-09-08 05:37:37
Restore point made on: 2012-09-08 05:39:00
Restore point made on: 2012-09-08 05:39:59
Restore point made on: 2012-09-08 05:42:24
Restore point made on: 2012-09-08 05:43:53
Restore point made on: 2012-09-08 05:45:12
Restore point made on: 2012-09-08 05:46:13
Restore point made on: 2012-09-08 05:47:35
Restore point made on: 2012-09-08 05:48:31
Restore point made on: 2012-09-08 05:49:35
Restore point made on: 2012-09-08 13:57:43
Restore point made on: 2012-09-09 07:12:43
Restore point made on: 2012-09-09 07:16:55
Restore point made on: 2012-09-10 01:47:13
Restore point made on: 2012-09-11 23:50:00
Restore point made on: 2012-09-13 12:17:53
Restore point made on: 2012-09-14 09:16:37
Restore point made on: 2012-09-14 09:20:38

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.5 MB
Available physical RAM: 3492.7 MB
Total Pagefile: 3762.31 MB
Available Pagefile: 3565.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.14 MB

==================== Partitions ============================

1 Drive c: (HP) (Fixed) (Total:455.51 GB) (Free:182.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.25 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Cruzer) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 Online 1912 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 456 GB 32 KB
Partition 2 Primary 10 GB 456 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C HP NTFS Partition 456 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D FACTORY_IMA NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 65 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 F Cruzer FAT Removable 1908 MB Healthy

==================================================================================

Last Boot: 2012-09-15 00:51

==================== End Of Log =============================





Farbar Recovery Scan Tool (x86) Version: 12-09-2012
Ran by SYSTEM at 2012-09-15 10:18:12
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-24 08:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-08-29 04:32] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

=== End Of Search ===

Thanks Broni

Awaiting your instructions
 
Good job :)

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    392 bytes · Views: 2
Thanks Broni

Here's the Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2012
Ran by SYSTEM at 2012-09-15 18:52:44 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2} moved successfully.
C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
Good :)

Create new restore point before proceeding with the following....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Back