also @ TechSpot: Bill Gates is once again the richest person in the world

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Hi - TrojanZeroAccessinf - please bail me out!

Discussion in 'Virus and Malware Removal' started by Tobydog, Sep 9, 2012.

Post New Reply

Page 1 of 4

Tobydog Newcomer, in training Posts: 44

TrojanZeroAccessinf - Norton didn't get anywhere near this badboy !

Tobydog, Sep 9, 2012

#1
Broni Malware Annihilator Posts: 39,231 +175
Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni, Sep 9, 2012

#2
Tobydog Newcomer, in training Posts: 44

Hi Broni

Thank you for helping me

Below are the logs from MBAM, GMER and DDS

Awaiting your instructions - thanks again

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.09.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark :: MARK-PC [administrator]
Protection: Enabled
09/09/2012 17:13:42
mbam-log-2012-09-09 (17-13-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207433
Time elapsed: 8 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\gxvxc (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Data: C:\Users\Mark\AppData\Roaming\csrss.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:50370 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Files Detected: 5
C:\Users\Mark\Downloads\Zwinky (1).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Mark\Downloads\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Mark\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
(end)

2012/09/09 17:11:37 +0100 MARK-PC Mark MESSAGE Starting protection
2012/09/09 17:11:39 +0100 MARK-PC Mark MESSAGE Protection started successfully
2012/09/09 17:11:42 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 17:11:44 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
2012/09/09 17:11:47 +0100 MARK-PC Mark MESSAGE Starting database refresh
2012/09/09 17:11:47 +0100 MARK-PC Mark MESSAGE Stopping IP protection
2012/09/09 17:11:49 +0100 MARK-PC Mark MESSAGE IP Protection stopped
2012/09/09 17:11:51 +0100 MARK-PC Mark MESSAGE Database refreshed successfully
2012/09/09 17:11:51 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 17:11:53 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
2012/09/09 17:56:18 +0100 MARK-PC Mark MESSAGE Starting protection
2012/09/09 17:56:20 +0100 MARK-PC Mark MESSAGE Protection started successfully
2012/09/09 17:56:23 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 17:56:25 +0100 MARK-PC Mark MESSAGE IP Protection started successfully
2012/09/09 18:15:57 +0100 MARK-PC Mark MESSAGE Starting protection
2012/09/09 18:15:59 +0100 MARK-PC Mark MESSAGE Protection started successfully
2012/09/09 18:16:02 +0100 MARK-PC Mark MESSAGE Starting IP protection
2012/09/09 18:16:05 +0100 MARK-PC Mark MESSAGE IP Protection started successfully

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-09 18:34:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.GM4O
Running: lwg7ygib.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kwldypoc.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Mark at 18:40:19 on 2012-09-09

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.voover.com/

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\20.1.1.2\coIEPlg.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\20.1.1.2\ips\IPSBHO.DLL

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AOL Broadband Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol broadband toolbar 5.0\aoltb.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\20.1.1.2\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Power2GoExpress]

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Power2GoExpress8] "c:\program files\cyberlink\power2go8\Power2GoExpress8.exe"

uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup

uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.0; EasyBits GO v1.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; AskTbSPC2/5.9.1.14019)" -"http://www.gamepuma.com/shockwave-games/Driver-s-ED.html"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [HostManager] c:\program files\common files\aol\1219316984\ee\AOLSoftware.exe

mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [CLMLServer_For_P2G8] "c:\program files\cyberlink\power2go8\CLMLSvc_P2G8.exe"

mRun: [CLVirtualDrive] "c:\program files\cyberlink\power2go8\VirtualDrive.exe" /R

mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"

mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-gb\local\search.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 208.67.220.220,208.67.222.222

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{DF935B54-EE05-4BDB-BF19-E742BFB044C4} : DhcpNameServer = 192.168.1.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-09-09 16:11:18 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes

2012-09-09 16:11:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-09 16:11:03 -------- d-----w- c:\programdata\Malwarebytes

2012-09-09 16:11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-09 08:11:27 -------- d-----w- c:\programdata\SMR310

2012-09-09 08:11:09 97440 ----a-w- c:\windows\system32\drivers\SMR310.SYS

2012-09-08 16:16:38 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-08 14:29:41 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-08 14:29:12 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0501000.01A

2012-09-08 14:29:12 -------- d-----w- c:\windows\system32\drivers\NBRTWizard

2012-09-08 14:29:10 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard

2012-09-08 14:19:07 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-09-08 14:19:07 -------- d-----w- c:\program files\Symantec

2012-09-08 14:18:31 926880 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys

2012-09-08 14:18:31 368288 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys

2012-09-08 14:18:31 350368 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symtdiv.sys

2012-09-08 14:18:31 338592 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys

2012-09-08 14:18:31 32888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtspx.sys

2012-09-08 14:18:31 21400 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymELAM.sys

2012-09-08 14:18:30 585888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys

2012-09-08 14:18:30 175264 ----a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys

2012-09-08 14:18:30 134304 ----a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys

2012-09-08 14:18:19 8942 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymVTcer.dat

2012-09-08 14:18:18 -------- d-----w- c:\windows\system32\drivers\n360\1401010.002

2012-09-08 14:18:18 -------- d-----w- c:\windows\system32\drivers\N360

2012-09-07 21:04:20 -------- d-----w- c:\windows\system32\N360_BACKUP

2012-09-07 19:02:06 -------- d-----w- c:\users\mark\appdata\local\NPE

2012-09-07 18:26:33 -------- d-----w- c:\program files\Norton 360

2012-09-07 18:26:16 -------- d-----w- c:\programdata\NortonInstaller

2012-09-07 18:26:16 -------- d-----w- c:\program files\NortonInstaller

2012-09-07 17:31:23 -------- d-----w- c:\users\mark\Sources

2012-09-07 17:09:30 -------- d-----w- c:\users\mark\appdata\local\NokiaAccount

2012-08-23 09:29:59 -------- d-----w- c:\users\mark\appdata\local\MediaShow

2012-08-23 08:03:17 -------- d-----w- c:\users\mark\appdata\local\Power2Go8

2012-08-22 16:04:14 -------- d-----w- c:\users\mark\appdata\local\MediaServer

2012-08-22 16:04:11 -------- d-----w- c:\programdata\PDVD

2012-08-22 15:59:05 73712 ----a-w- c:\windows\system32\drivers\CLVirtualDrive.sys

2012-08-22 15:58:54 -------- d-----w- c:\program files\common files\CyberLink

2012-08-22 15:54:16 -------- d-----w- c:\users\mark\appdata\local\Cyberlink

2012-08-22 15:51:42 -------- d-----w- c:\programdata\install_clap

2012-08-22 15:47:38 -------- d-----w- c:\programdata\CLSK

.

==================== Find3M ====================

.

2012-09-08 16:21:38 282624 ----a-w- c:\windows\system32\services.exe

2012-08-27 11:10:29 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-27 11:10:29 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-26 05:32:24 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

============= FINISH: 18:43:47.44 ===============
　

　

　

　

　

　

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Ad-Aware

Ad-Aware Security Toolbar

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11

AIO_Scan

Amazon MP3 Downloader 1.0.4

AOL Broadband Toolbar 5.0

AOL Registration

AOL Toolbar 5.0

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Art Effects for PDR10

µTorrent

BBC iPlayer Desktop

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 7.1

Bonjour

BT Desktop Help

BTHomeHub

BufferChm

C4200

C4200_doccd

c4200_Help

Cards_Calendar_OrderGift_DoMorePlugout

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 3.5.3.139

ConvertXtoDVD 4.1.9.347

Copy

CyberLink LabelPrint 2.5

CyberLink Media Suite 10

CyberLink MediaEspresso 6.5

CyberLink MediaShow 6

CyberLink OEM Share Pack 2

CyberLink Power2Go 8

CyberLink PowerBackup 2.6

CyberLink PowerDirector 10

CyberLink PowerDVD 12

CyberLink PowerDVD Copy 1.5

CyberLink PowerProducer 5.5

CyberLink WaveEditor 2

D3DX10

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

EasyBits Magic Desktop

Enhanced Multimedia Keyboard Solution

eSupportQFolder

Google Chrome

Google Earth

Google Toolbar for Firefox

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToAssist Corporate

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Advisor

HP Customer Experience Enhancements

HP Customer Feedback

HP Easy Setup - Frontend

HP Games

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Product Assistant

HP Smart Web Printing 4.60

HP Solution Center 9.0

HP Update

HPDiagnosticAlert

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

iCloud

Intel(R) Matrix Storage Manager

iTunes

Java Auto Updater

Java(TM) 6 Update 31

Java(TM) SE Runtime Environment 6 Update 1

Junk Mail filter update

LEGO Digital Designer

LightScribe System Software

Malwarebytes Anti-Malware version 1.62.0.1300

MarketingReg

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Home and Student 60 day trial

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVC80_x86

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton 360

Norton Bootable Recovery Tool Wizard

NVIDIA Drivers

OEM Share Pack

OGA Notifier 2.0.0048.0

PC Connectivity Solution

Power2Go

PowerDirector

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

Python 2.5

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RTC Client API v1.2

Safari

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Segoe UI

SmartWebPrinting

Softease Browser

SolutionCenter

Status

TomTom HOME 2.8.1.2218

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Vanilla and Chocolate

VideoToolkit01

Viewpoint Media Player

VLC media player 1.1.11

WebReg

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Tobydog, Sep 9, 2012

#3
Broni Malware Annihilator Posts: 39,231 +175
Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Broni, Sep 9, 2012

#4
Tobydog Newcomer, in training Posts: 44

Hi Broni

I have tried to download RogueKiller as above but keep getting the following message

'RogueKiller.exe / Winlogon.exe / Winlogon.com is unsafe to download and was blocked by SmartScreen Filter'

Tobydog, Sep 9, 2012

#5

Broni Malware Annihilator Posts: 39,231 +175

Turn SmartScreen Filter off: http://support.microsoft.com/kb/930168

Broni, Sep 9, 2012

#6

Tobydog Newcomer, in training Posts: 44

Thanks Broni

Here are the logs from RogueKiller and aswMBR

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mark [Admin rights]
Mode : Scan -- Date : 09/09/2012 19:57:19
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-AJR0M.exe" /REG /REGSVRMODE) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}\U --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x820D15C3 -> HOOKED (Unknown @ 0x88096C88)
SSDT[14] : NtAlertThread @ 0x8204A255 -> HOOKED (Unknown @ 0x88096D68)
SSDT[18] : NtAllocateVirtualMemory @ 0x820864FB -> HOOKED (Unknown @ 0x87FE56E0)
SSDT[21] : NtAlpcConnectPort @ 0x82028887 -> HOOKED (Unknown @ 0x87ED0F70)
SSDT[42] : NtAssignProcessToJobObject @ 0x81FFBB43 -> HOOKED (Unknown @ 0x88096430)
SSDT[67] : NtCreateMutant @ 0x8205E812 -> HOOKED (Unknown @ 0x880969D8)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x81FFE35A -> HOOKED (Unknown @ 0x88096150)
SSDT[78] : NtCreateThread @ 0x820CFBE0 -> HOOKED (Unknown @ 0x87FE5BE8)
SSDT[116] : NtDebugActiveProcess @ 0x820A2D22 -> HOOKED (Unknown @ 0x88096510)
SSDT[129] : NtDuplicateObject @ 0x82036551 -> HOOKED (Unknown @ 0x87FE58B0)
SSDT[147] : NtFreeVirtualMemory @ 0x81EC2F1D -> HOOKED (Unknown @ 0x87FE5498)
SSDT[156] : NtImpersonateAnonymousToken @ 0x81FF8F12 -> HOOKED (Unknown @ 0x88096AC8)
SSDT[158] : NtImpersonateThread @ 0x8200E54F -> HOOKED (Unknown @ 0x88096BA8)
SSDT[165] : NtLoadDriver @ 0x81FA9DEE -> HOOKED (Unknown @ 0x87ED0BB8)
SSDT[177] : NtMapViewOfSection @ 0x8204E89A -> HOOKED (Unknown @ 0x87FE5398)
SSDT[184] : NtOpenEvent @ 0x82037DCF -> HOOKED (Unknown @ 0x880968F8)
SSDT[194] : NtOpenProcess @ 0x8205EFAE -> HOOKED (Unknown @ 0x87FE5A90)
SSDT[195] : NtOpenProcessToken @ 0x8203FA2E -> HOOKED (Unknown @ 0x87FE57D0)
SSDT[197] : NtOpenSection @ 0x8204F66D -> HOOKED (Unknown @ 0x88096738)
SSDT[201] : NtOpenThread @ 0x8205A4FF -> HOOKED (Unknown @ 0x87FE59A0)
SSDT[210] : NtProtectVirtualMemory @ 0x820582E2 -> HOOKED (Unknown @ 0x88096340)
SSDT[282] : NtResumeThread @ 0x82059B4A -> HOOKED (Unknown @ 0x88096E48)
SSDT[289] : NtSetContextThread @ 0x820D106F -> HOOKED (Unknown @ 0x87FE50E8)
SSDT[305] : NtSetInformationProcess @ 0x820528C8 -> HOOKED (Unknown @ 0x87FE51C8)
SSDT[317] : NtSetSystemInformation @ 0x82024EEB -> HOOKED (Unknown @ 0x880965F0)
SSDT[330] : NtSuspendProcess @ 0x820D14FF -> HOOKED (Unknown @ 0x88096818)
SSDT[331] : NtSuspendThread @ 0x81FD892B -> HOOKED (Unknown @ 0x88096F28)
SSDT[334] : NtTerminateProcess @ 0x8202F143 -> HOOKED (Unknown @ 0x87FE5CE8)
SSDT[335] : unknown @ 0x8205A534 -> HOOKED (Unknown @ 0x87FE5048)
SSDT[348] : NtUnmapViewOfSection @ 0x8204EB5D -> HOOKED (Unknown @ 0x87FE52B8)
SSDT[358] : NtWriteVirtualMemory @ 0x8204B92D -> HOOKED (Unknown @ 0x87FE5588)
SSDT[382] : NtCreateThreadEx @ 0x82059FE9 -> HOOKED (Unknown @ 0x88096240)
S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x87159640)
S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x87ED0D70)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x87158390)
S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x880B5998)
S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x8882C7E8)
S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8882CF78)
S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8882C580)
S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8882C4B0)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x880AEAC0)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x86F49C80)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 832a299e0aa7d5dab4d1a2c09a18e8e4
[BSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466441 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955273095 | Size: 10495 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-09 20:00:57
-----------------------------
20:00:57.184 OS Version: Windows 6.0.6002 Service Pack 2
20:00:57.184 Number of processors: 4 586 0xF0B
20:00:57.194 ComputerName: MARK-PC UserName: Mark
20:00:59.611 Initialize success
20:02:02.360 AVAST engine defs: 12090900
20:02:19.004 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:02:19.004 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
20:02:19.036 Disk 0 MBR read successfully
20:02:19.036 Disk 0 MBR scan
20:02:19.036 Disk 0 unknown MBR code
20:02:19.051 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466441 MB offset 63
20:02:19.082 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10495 MB offset 955273095
20:02:19.082 Disk 0 scanning sectors +976768065
20:02:19.145 Disk 0 scanning C:\Windows\system32\drivers
20:02:37.163 Service scanning
20:03:10.682 Modules scanning
20:03:41.794 Disk 0 trace - called modules:
20:03:41.832 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:03:41.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86645340]
20:03:41.844 3 CLASSPNP.SYS[8b1ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8546e030]
20:03:45.086 AVAST engine scan C:\Windows
20:03:57.401 AVAST engine scan C:\Windows\system32
20:10:16.470 AVAST engine scan C:\Windows\system32\drivers
20:11:01.373 AVAST engine scan C:\Users\Mark
20:12:40.023 File: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000324 **INFECTED** Win32:Adware-gen [Adw]
20:17:44.605 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
20:17:44.615 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

Tobydog, Sep 9, 2012

#7
Broni Malware Annihilator Posts: 39,231 +175
Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Sep 9, 2012

#8
Tobydog Newcomer, in training Posts: 44

Hi Broni

Here's the TDSSKiller log - in 2 parts due to size

20:36:08.0845 7096 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:36:10.0879 7096 ============================================================
20:36:10.0879 7096 Current date / time: 2012/09/09 20:36:10.0879
20:36:10.0879 7096 SystemInfo:
20:36:10.0879 7096
20:36:10.0879 7096 OS Version: 6.0.6002 ServicePack: 2.0
20:36:10.0879 7096 Product type: Workstation
20:36:10.0879 7096 ComputerName: MARK-PC
20:36:10.0879 7096 UserName: Mark
20:36:10.0879 7096 Windows directory: C:\Windows
20:36:10.0879 7096 System windows directory: C:\Windows
20:36:10.0879 7096 Processor architecture: Intel x86
20:36:10.0879 7096 Number of processors: 4
20:36:10.0879 7096 Page size: 0x1000
20:36:10.0879 7096 Boot type: Normal boot
20:36:10.0879 7096 ============================================================
20:36:13.0845 7096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:36:13.0915 7096 ============================================================
20:36:13.0915 7096 \Device\Harddisk0\DR0:
20:36:13.0925 7096 MBR partitions:
20:36:13.0925 7096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38F04F48
20:36:13.0925 7096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38F04F87, BlocksNum 0x147FCBA
20:36:13.0925 7096 ============================================================
20:36:14.0075 7096 C: <-> \Device\Harddisk0\DR0\Partition1
20:36:14.0165 7096 D: <-> \Device\Harddisk0\DR0\Partition2
20:36:14.0235 7096 ============================================================
20:36:14.0255 7096 Initialize success
20:36:14.0255 7096 ============================================================
20:37:34.0660 6292 ============================================================
20:37:34.0660 6292 Scan started
20:37:34.0660 6292 Mode: Manual;
20:37:34.0660 6292 ============================================================
20:37:38.0123 6292 ================ Scan system memory ========================
20:37:38.0123 6292 System memory - ok
20:37:38.0123 6292 ================ Scan services =============================
20:37:38.0903 6292 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:37:38.0919 6292 ACPI - ok
20:37:39.0044 6292 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:37:39.0044 6292 AdobeARMservice - ok
20:37:39.0137 6292 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:37:39.0137 6292 AdobeFlashPlayerUpdateSvc - ok
20:37:39.0215 6292 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:37:39.0215 6292 adp94xx - ok
20:37:39.0293 6292 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:37:39.0309 6292 adpahci - ok
20:37:39.0356 6292 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:37:39.0356 6292 adpu160m - ok
20:37:39.0402 6292 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:37:39.0402 6292 adpu320 - ok
20:37:39.0496 6292 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:37:39.0496 6292 AeLookupSvc - ok
20:37:39.0636 6292 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:37:39.0652 6292 AFD - ok
20:37:39.0699 6292 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:37:39.0714 6292 agp440 - ok
20:37:39.0777 6292 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:37:39.0777 6292 aic78xx - ok
20:37:39.0824 6292 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:37:39.0839 6292 ALG - ok
20:37:39.0870 6292 [ C392B591746961B60F89FE1CBCA7B4FB ] aliide C:\Windows\system32\drivers\aliide.sys
20:37:39.0870 6292 aliide - ok
20:37:39.0886 6292 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:37:39.0886 6292 amdagp - ok
20:37:39.0917 6292 [ F5F8D2885D1DF33C74764EA2C06C0028 ] amdide C:\Windows\system32\drivers\amdide.sys
20:37:39.0917 6292 amdide - ok
20:37:39.0933 6292 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:37:39.0933 6292 AmdK7 - ok
20:37:39.0980 6292 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:37:40.0011 6292 AmdK8 - ok
20:37:40.0104 6292 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
20:37:40.0104 6292 AOL ACS - ok
20:37:40.0136 6292 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:37:40.0136 6292 Appinfo - ok
20:37:40.0198 6292 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:37:40.0229 6292 Apple Mobile Device - ok
20:37:40.0245 6292 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
20:37:40.0245 6292 arc - ok
20:37:40.0307 6292 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:37:40.0307 6292 arcsas - ok
20:37:40.0354 6292 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:37:40.0354 6292 AsyncMac - ok
20:37:40.0370 6292 [ BFD3DF48C9ED81934FE21E8E3CFC2496 ] atapi C:\Windows\system32\drivers\atapi.sys
20:37:40.0385 6292 atapi - ok
20:37:40.0448 6292 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:37:40.0448 6292 AudioEndpointBuilder - ok
20:37:40.0448 6292 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:37:40.0463 6292 Audiosrv - ok
20:37:40.0494 6292 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:37:40.0494 6292 Beep - ok
20:37:40.0510 6292 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:37:40.0526 6292 BFE - ok
20:37:41.0477 6292 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
20:37:41.0493 6292 BHDrvx86 - ok
20:37:41.0508 6292 blbdrive - ok
20:37:41.0618 6292 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:37:41.0649 6292 Bonjour Service - ok
20:37:41.0727 6292 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:37:41.0727 6292 bowser - ok
20:37:41.0758 6292 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:37:41.0758 6292 BrFiltLo - ok
20:37:41.0789 6292 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:37:41.0789 6292 BrFiltUp - ok
20:37:41.0820 6292 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:37:41.0820 6292 Browser - ok
20:37:41.0867 6292 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:37:41.0867 6292 Brserid - ok
20:37:41.0914 6292 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:37:41.0945 6292 BrSerWdm - ok
20:37:41.0976 6292 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:37:41.0976 6292 BrUsbMdm - ok
20:37:41.0992 6292 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:37:41.0992 6292 BrUsbSer - ok
20:37:42.0023 6292 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:37:42.0023 6292 BTHMODEM - ok
20:37:42.0148 6292 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_N360 C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys
20:37:42.0148 6292 ccSet_N360 - ok
20:37:42.0210 6292 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:37:42.0210 6292 cdfs - ok
20:37:42.0288 6292 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:37:42.0288 6292 cdrom - ok
20:37:42.0398 6292 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:37:42.0398 6292 CertPropSvc - ok
20:37:42.0507 6292 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
20:37:42.0507 6292 circlass - ok
20:37:42.0585 6292 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:37:42.0585 6292 CLFS - ok
20:37:42.0912 6292 [ 2BD10F37E6122D91697A13EF17B18087 ] CLHNServiceForPowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
20:37:42.0944 6292 CLHNServiceForPowerDVD12 - ok
20:37:43.0022 6292 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:43.0053 6292 clr_optimization_v2.0.50727_32 - ok
20:37:43.0256 6292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:37:43.0318 6292 clr_optimization_v4.0.30319_32 - ok
20:37:43.0396 6292 [ 657C94FAC8C4B5CE0AA338A361E01E87 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
20:37:43.0396 6292 CLVirtualDrive - ok
20:37:43.0412 6292 [ 78D56FE738F63D7FEFCC7B396C5DCB67 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:37:43.0412 6292 cmdide - ok
20:37:43.0443 6292 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:37:43.0443 6292 Compbatt - ok
20:37:43.0443 6292 COMSysApp - ok
20:37:43.0458 6292 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:37:43.0474 6292 crcdisk - ok
20:37:43.0505 6292 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:37:43.0505 6292 Crusoe - ok
20:37:43.0568 6292 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:37:43.0568 6292 CryptSvc - ok
20:37:43.0630 6292 [ 8EB5F4EA0EC0535A18CEE819E2A8DB86 ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
20:37:43.0646 6292 CyberLink PowerDVD 12 Media Server Monitor Service - ok
20:37:43.0692 6292 [ DD9374D59CF4C850C4B211B498676CD2 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
20:37:43.0692 6292 CyberLink PowerDVD 12 Media Server Service - ok
20:37:43.0770 6292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:37:43.0786 6292 DcomLaunch - ok
20:37:43.0833 6292 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:37:43.0864 6292 DfsC - ok
20:37:44.0098 6292 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:37:44.0129 6292 DFSR - ok
20:37:44.0160 6292 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:37:44.0160 6292 Dhcp - ok
20:37:44.0254 6292 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:37:44.0285 6292 disk - ok
20:37:44.0363 6292 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:37:44.0394 6292 Dnscache - ok
20:37:44.0426 6292 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:37:44.0426 6292 dot3svc - ok
20:37:44.0504 6292 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:37:44.0504 6292 Dot4 - ok
20:37:44.0535 6292 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:37:44.0535 6292 Dot4Print - ok
20:37:44.0566 6292 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:37:44.0566 6292 dot4usb - ok
20:37:44.0597 6292 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:37:44.0597 6292 DPS - ok
20:37:44.0644 6292 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:37:44.0644 6292 drmkaud - ok
20:37:44.0925 6292 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:37:44.0956 6292 DXGKrnl - ok
20:37:45.0034 6292 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:37:45.0034 6292 E1G60 - ok
20:37:45.0081 6292 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:37:45.0081 6292 EapHost - ok
20:37:45.0159 6292 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:37:45.0190 6292 Ecache - ok
20:37:45.0268 6292 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:37:45.0268 6292 eeCtrl - ok
20:37:45.0330 6292 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:37:45.0330 6292 ehRecvr - ok
20:37:45.0362 6292 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:37:45.0377 6292 ehSched - ok
20:37:45.0393 6292 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:37:45.0393 6292 ehstart - ok
20:37:45.0440 6292 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:37:45.0455 6292 elxstor - ok
20:37:45.0549 6292 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:37:45.0564 6292 EMDMgmt - ok
20:37:45.0596 6292 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:37:45.0596 6292 EraserUtilRebootDrv - ok
20:37:45.0658 6292 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:37:45.0658 6292 EventSystem - ok
20:37:45.0752 6292 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:37:45.0767 6292 exfat - ok
20:37:45.0798 6292 [ 9F5984873CDEA9BA1A0689DABF931E13 ] ezntsvc C:\Windows\system32\ezNTSvc.exe
20:37:45.0798 6292 ezntsvc - ok
20:37:45.0908 6292 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:37:45.0923 6292 fastfat - ok
20:37:45.0970 6292 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:37:45.0970 6292 fdc - ok
20:37:46.0032 6292 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:37:46.0032 6292 fdPHost - ok
20:37:46.0079 6292 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:37:46.0079 6292 FDResPub - ok
20:37:46.0126 6292 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:37:46.0157 6292 FileInfo - ok
20:37:46.0188 6292 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:37:46.0188 6292 Filetrace - ok
20:37:46.0204 6292 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:37:46.0204 6292 flpydisk - ok
20:37:46.0344 6292 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:37:46.0376 6292 FltMgr - ok
20:37:46.0547 6292 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:37:46.0563 6292 FontCache - ok
20:37:46.0656 6292 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:37:46.0688 6292 FontCache3.0.0.0 - ok
20:37:46.0719 6292 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:37:46.0719 6292 fssfltr - ok
20:37:47.0171 6292 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:37:47.0202 6292 fsssvc - ok
20:37:47.0296 6292 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
20:37:47.0327 6292 FsUsbExDisk - ok
20:37:47.0374 6292 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:37:47.0374 6292 Fs_Rec - ok
20:37:47.0405 6292 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:37:47.0405 6292 gagp30kx - ok
20:37:47.0546 6292 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
20:37:47.0561 6292 GamesAppService - ok
20:37:47.0608 6292 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:37:47.0608 6292 GEARAspiWDM - ok
20:37:47.0733 6292 [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
20:37:47.0764 6292 GoToAssist - ok
20:37:47.0811 6292 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:37:47.0826 6292 gpsvc - ok
20:37:47.0998 6292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:37:47.0998 6292 gupdate - ok
20:37:48.0029 6292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:37:48.0029 6292 gupdatem - ok
20:37:48.0045 6292 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:37:48.0045 6292 gusvc - ok
20:37:48.0123 6292 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:37:48.0123 6292 HDAudBus - ok
20:37:48.0154 6292 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:37:48.0154 6292 HidBth - ok
20:37:48.0201 6292 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:37:48.0232 6292 HidIr - ok
20:37:48.0263 6292 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:37:48.0263 6292 hidserv - ok
20:37:48.0294 6292 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:37:48.0294 6292 HidUsb - ok
20:37:48.0326 6292 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:37:48.0357 6292 hkmsvc - ok
20:37:48.0435 6292 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
20:37:48.0466 6292 HP Health Check Service - ok
20:37:48.0513 6292 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:37:48.0528 6292 HpCISSs - ok
20:37:48.0638 6292 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:37:48.0638 6292 hpqcxs08 - ok
20:37:48.0716 6292 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:37:48.0716 6292 hpqddsvc - ok
20:37:48.0809 6292 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:37:48.0825 6292 HTTP - ok
20:37:48.0856 6292 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:37:48.0856 6292 i2omp - ok
20:37:48.0903 6292 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:37:48.0903 6292 i8042prt - ok
20:37:48.0934 6292 [ 11A220EB53F1D42B8AF0AD1210B8241D ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
20:37:48.0950 6292 IAANTMON - ok
20:37:48.0965 6292 [ 25C3D5F66A74A7BDDECA56085F040D2E ] iaStor C:\Windows\system32\drivers\iastor.sys
20:37:48.0965 6292 iaStor - ok
20:37:48.0996 6292 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:37:49.0012 6292 iaStorV - ok
20:37:49.0090 6292 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:37:49.0106 6292 idsvc - ok
20:37:49.0340 6292 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20120907.001\IDSvix86.sys
20:37:49.0355 6292 IDSVix86 - ok
20:37:49.0371 6292 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:37:49.0371 6292 iirsp - ok
20:37:49.0449 6292 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:37:49.0464 6292 IKEEXT - ok
20:37:49.0574 6292 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:37:49.0589 6292 IntcAzAudAddService - ok
20:37:49.0620 6292 [ E08FB545EDA9D1E3CA689B4B3F6E4C22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:37:49.0620 6292 intelide - ok
20:37:49.0652 6292 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:37:49.0652 6292 intelppm - ok
20:37:49.0683 6292 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:37:49.0683 6292 IPBusEnum - ok
20:37:49.0730 6292 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:37:49.0730 6292 IpFilterDriver - ok
20:37:49.0730 6292 IpInIp - ok
20:37:49.0761 6292 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:37:49.0761 6292 IPMIDRV - ok
20:37:49.0808 6292 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:37:49.0808 6292 IPNAT - ok
20:37:49.0854 6292 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:37:49.0870 6292 iPod Service - ok
20:37:49.0901 6292 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:37:49.0901 6292 IRENUM - ok
20:37:49.0932 6292 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:37:49.0932 6292 isapnp - ok
20:37:49.0979 6292 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:37:49.0979 6292 iScsiPrt - ok
20:37:49.0995 6292 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:37:50.0010 6292 iteatapi - ok
20:37:50.0042 6292 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:37:50.0042 6292 iteraid - ok
20:37:50.0057 6292 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:37:50.0073 6292 kbdclass - ok
20:37:50.0088 6292 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:37:50.0088 6292 kbdhid - ok
20:37:50.0120 6292 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:37:50.0120 6292 KeyIso - ok
20:37:50.0151 6292 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:37:50.0151 6292 KSecDD - ok
20:37:50.0182 6292 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:37:50.0198 6292 KtmRm - ok
20:37:50.0260 6292 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:37:50.0260 6292 LanmanServer - ok
20:37:50.0385 6292 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:37:50.0385 6292 LanmanWorkstation - ok
20:37:50.0931 6292 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
20:37:50.0978 6292 Lavasoft Ad-Aware Service - ok
20:37:51.0040 6292 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:37:51.0040 6292 Lavasoft Kernexplorer - ok
20:37:51.0118 6292 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
20:37:51.0118 6292 Lbd - ok
20:37:51.0165 6292 [ 4B142775DAD98274C58F3B5893376C20 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:37:51.0165 6292 LightScribeService - ok
20:37:51.0212 6292 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:37:51.0212 6292 lltdio - ok
20:37:51.0258 6292 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:37:51.0258 6292 lltdsvc - ok
20:37:51.0321 6292 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:37:51.0321 6292 lmhosts - ok
20:37:51.0368 6292 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:37:51.0399 6292 LSI_FC - ok
20:37:51.0430 6292 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:37:51.0430 6292 LSI_SAS - ok
20:37:51.0461 6292 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:37:51.0461 6292 LSI_SCSI - ok
20:37:51.0492 6292 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:37:51.0492 6292 luafv - ok
20:37:51.0524 6292 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:37:51.0524 6292 MBAMProtector - ok
20:37:51.0602 6292 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:37:51.0602 6292 MBAMService - ok
20:37:51.0664 6292 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:37:51.0680 6292 Mcx2Svc - ok
20:37:51.0711 6292 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
20:37:51.0711 6292 megasas - ok
20:37:51.0726 6292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:37:51.0726 6292 MMCSS - ok
20:37:51.0758 6292 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:37:51.0758 6292 Modem - ok
20:37:51.0789 6292 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

Tobydog, Sep 9, 2012

#9
Tobydog Newcomer, in training Posts: 44

Hi Broni

Part 2 of TDSSKiller log

20:37:51.0789 6292 monitor - ok
20:37:51.0804 6292 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:37:51.0804 6292 mouclass - ok
20:37:51.0851 6292 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:37:51.0851 6292 mouhid - ok
20:37:51.0882 6292 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:37:51.0882 6292 MountMgr - ok
20:37:51.0914 6292 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
20:37:51.0914 6292 mpio - ok
20:37:51.0960 6292 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:37:51.0976 6292 mpsdrv - ok
20:37:52.0054 6292 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:37:52.0054 6292 MpsSvc - ok
20:37:52.0085 6292 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:37:52.0085 6292 Mraid35x - ok
20:37:52.0210 6292 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:37:52.0210 6292 MREMP50 - ok
20:37:52.0210 6292 MREMPR5 - ok
20:37:52.0226 6292 MRENDIS5 - ok
20:37:52.0272 6292 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:37:52.0288 6292 MRESP50 - ok
20:37:52.0366 6292 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:37:52.0366 6292 MRxDAV - ok
20:37:52.0444 6292 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:37:52.0460 6292 mrxsmb - ok
20:37:52.0522 6292 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:37:52.0522 6292 mrxsmb10 - ok
20:37:52.0553 6292 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:37:52.0553 6292 mrxsmb20 - ok
20:37:52.0584 6292 [ D537C241DB604FA86E46328DA0FD83D6 ] msahci C:\Windows\system32\drivers\msahci.sys
20:37:52.0600 6292 msahci - ok
20:37:52.0631 6292 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:37:52.0631 6292 msdsm - ok
20:37:52.0662 6292 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:37:52.0662 6292 MSDTC - ok
20:37:52.0709 6292 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:37:52.0709 6292 Msfs - ok
20:37:52.0725 6292 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:37:52.0725 6292 msisadrv - ok
20:37:52.0756 6292 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:37:52.0787 6292 MSiSCSI - ok
20:37:52.0787 6292 msiserver - ok
20:37:52.0818 6292 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:37:52.0818 6292 MSKSSRV - ok
20:37:52.0850 6292 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:37:52.0850 6292 MSPCLOCK - ok
20:37:52.0865 6292 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:37:52.0865 6292 MSPQM - ok
20:37:52.0928 6292 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:37:52.0928 6292 MsRPC - ok
20:37:52.0959 6292 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:37:52.0974 6292 mssmbios - ok
20:37:52.0990 6292 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:37:52.0990 6292 MSTEE - ok
20:37:53.0052 6292 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:37:53.0052 6292 Mup - ok
20:37:53.0364 6292 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files\Norton 360\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
20:37:53.0380 6292 N360 - ok
20:37:53.0458 6292 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:37:53.0474 6292 napagent - ok
20:37:53.0552 6292 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:37:53.0552 6292 NativeWifiP - ok
20:37:53.0692 6292 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20120908.009\NAVENG.SYS
20:37:53.0692 6292 NAVENG - ok
20:37:53.0786 6292 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20120908.009\NAVEX15.SYS
20:37:53.0801 6292 NAVEX15 - ok
20:37:53.0879 6292 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:37:53.0879 6292 NDIS - ok
20:37:53.0910 6292 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:37:53.0926 6292 NdisTapi - ok
20:37:53.0942 6292 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:37:53.0942 6292 Ndisuio - ok
20:37:54.0004 6292 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:37:54.0020 6292 NdisWan - ok
20:37:54.0051 6292 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:37:54.0051 6292 NDProxy - ok
20:37:54.0098 6292 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:37:54.0098 6292 Net Driver HPZ12 - ok
20:37:54.0113 6292 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:37:54.0113 6292 NetBIOS - ok
20:37:54.0222 6292 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:37:54.0222 6292 netbt - ok
20:37:54.0254 6292 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:37:54.0254 6292 Netlogon - ok
20:37:54.0300 6292 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:37:54.0316 6292 Netman - ok
20:37:54.0394 6292 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:37:54.0410 6292 netprofm - ok
20:37:54.0472 6292 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:54.0488 6292 NetTcpPortSharing - ok
20:37:54.0566 6292 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:37:54.0581 6292 nfrd960 - ok
20:37:54.0597 6292 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:37:54.0597 6292 NlaSvc - ok
20:37:54.0706 6292 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:37:54.0706 6292 Npfs - ok
20:37:54.0737 6292 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:37:54.0737 6292 nsi - ok
20:37:54.0800 6292 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:37:54.0815 6292 nsiproxy - ok
20:37:54.0971 6292 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:37:54.0987 6292 Ntfs - ok
20:37:55.0190 6292 [ 4A6A8C2882EA29F7CAE995E82C259EEB ] ntk_PowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys
20:37:55.0205 6292 ntk_PowerDVD12 - ok
20:37:55.0236 6292 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:37:55.0236 6292 ntrigdigi - ok
20:37:55.0268 6292 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:37:55.0268 6292 Null - ok
20:37:55.0767 6292 [ 351265910A8EF5FC6CC4535A00054049 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:55.0907 6292 nvlddmkm - ok
20:37:55.0985 6292 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:37:55.0985 6292 nvraid - ok
20:37:56.0032 6292 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:37:56.0032 6292 nvstor - ok
20:37:56.0079 6292 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:37:56.0079 6292 nv_agp - ok
20:37:56.0079 6292 NwlnkFlt - ok
20:37:56.0094 6292 NwlnkFwd - ok
20:37:56.0188 6292 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:37:56.0188 6292 ohci1394 - ok
20:37:56.0250 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:37:56.0266 6292 p2pimsvc - ok
20:37:56.0282 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:37:56.0282 6292 p2psvc - ok
20:37:56.0297 6292 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:37:56.0297 6292 Parport - ok
20:37:56.0344 6292 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:37:56.0344 6292 partmgr - ok
20:37:56.0375 6292 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:37:56.0375 6292 Parvdm - ok
20:37:56.0422 6292 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:37:56.0422 6292 PcaSvc - ok
20:37:56.0453 6292 [ C96C14987F167F461266A6C6028B698B ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
20:37:56.0469 6292 pcCMService - ok
20:37:56.0516 6292 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:37:56.0516 6292 pccsmcfd - ok
20:37:56.0609 6292 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:37:56.0609 6292 pci - ok
20:37:56.0640 6292 [ A88FF9E32AAA9AF398AE89B9A082870B ] pciide C:\Windows\system32\drivers\pciide.sys
20:37:56.0672 6292 pciide - ok
20:37:56.0718 6292 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:37:56.0718 6292 pcmcia - ok
20:37:56.0765 6292 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
20:37:56.0781 6292 pcouffin - ok
20:37:56.0796 6292 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:37:56.0812 6292 PEAUTH - ok
20:37:56.0890 6292 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:37:56.0906 6292 pla - ok
20:37:56.0968 6292 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:37:56.0984 6292 PlugPlay - ok
20:37:57.0030 6292 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:37:57.0030 6292 Pml Driver HPZ12 - ok
20:37:57.0046 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:37:57.0046 6292 PNRPAutoReg - ok
20:37:57.0062 6292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:37:57.0077 6292 PNRPsvc - ok
20:37:57.0093 6292 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:37:57.0093 6292 PolicyAgent - ok
20:37:57.0124 6292 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:37:57.0124 6292 PptpMiniport - ok
20:37:57.0155 6292 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
20:37:57.0155 6292 Processor - ok
20:37:57.0233 6292 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:37:57.0233 6292 ProfSvc - ok
20:37:57.0280 6292 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:37:57.0280 6292 ProtectedStorage - ok
20:37:57.0311 6292 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
20:37:57.0311 6292 Ps2 - ok
20:37:57.0374 6292 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:37:57.0389 6292 PSched - ok
20:37:57.0452 6292 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:37:57.0452 6292 ql2300 - ok
20:37:57.0483 6292 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:37:57.0498 6292 ql40xx - ok
20:37:57.0530 6292 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:37:57.0530 6292 QWAVE - ok
20:37:57.0561 6292 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:37:57.0561 6292 QWAVEdrv - ok
20:37:57.0592 6292 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:37:57.0592 6292 RasAcd - ok
20:37:57.0608 6292 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:37:57.0623 6292 RasAuto - ok
20:37:57.0639 6292 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:57.0639 6292 Rasl2tp - ok
20:37:57.0701 6292 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:37:57.0717 6292 RasMan - ok
20:37:57.0795 6292 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:57.0795 6292 RasPppoe - ok
20:37:57.0857 6292 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:37:57.0873 6292 RasSstp - ok
20:37:57.0935 6292 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:37:57.0935 6292 rdbss - ok
20:37:57.0966 6292 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:57.0966 6292 RDPCDD - ok
20:37:58.0013 6292 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:37:58.0013 6292 rdpdr - ok
20:37:58.0013 6292 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:37:58.0013 6292 RDPENCDD - ok
20:37:58.0076 6292 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:37:58.0107 6292 RDPWD - ok
20:37:58.0122 6292 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:37:58.0122 6292 RemoteAccess - ok
20:37:58.0185 6292 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:37:58.0216 6292 RemoteRegistry - ok
20:37:58.0263 6292 [ 7728B6AEDC83BC0DEFD0A53371D4613B ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:37:58.0263 6292 RichVideo - ok
20:37:58.0325 6292 RimUsb - ok
20:37:58.0341 6292 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
20:37:58.0341 6292 RimVSerPort - ok
20:37:58.0388 6292 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:37:58.0388 6292 ROOTMODEM - ok
20:37:58.0403 6292 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:37:58.0403 6292 RpcLocator - ok
20:37:58.0544 6292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:37:58.0544 6292 RpcSs - ok
20:37:58.0590 6292 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:37:58.0590 6292 rspndr - ok
20:37:58.0622 6292 [ C347A3CDE57077056E7E73D3498F7D7D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:37:58.0637 6292 RTL8169 - ok
20:37:58.0637 6292 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:37:58.0637 6292 SamSs - ok
20:37:58.0684 6292 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:37:58.0700 6292 sbp2port - ok
20:37:58.0778 6292 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:37:58.0793 6292 SCardSvr - ok
20:37:58.0934 6292 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:37:58.0949 6292 Schedule - ok
20:37:58.0965 6292 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:37:58.0965 6292 SCPolicySvc - ok
20:37:58.0996 6292 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:37:59.0012 6292 SDRSVC - ok
20:37:59.0043 6292 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:37:59.0043 6292 secdrv - ok
20:37:59.0043 6292 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:37:59.0058 6292 seclogon - ok
20:37:59.0058 6292 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:37:59.0074 6292 SENS - ok
20:37:59.0090 6292 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:37:59.0090 6292 Serenum - ok
20:37:59.0105 6292 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:37:59.0121 6292 Serial - ok
20:37:59.0152 6292 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:37:59.0152 6292 sermouse - ok
20:37:59.0292 6292 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:37:59.0308 6292 ServiceLayer - ok
20:37:59.0339 6292 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:37:59.0355 6292 SessionEnv - ok
20:37:59.0386 6292 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:37:59.0386 6292 sffdisk - ok
20:37:59.0433 6292 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:37:59.0448 6292 sffp_mmc - ok
20:37:59.0464 6292 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:37:59.0464 6292 sffp_sd - ok
20:37:59.0480 6292 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:37:59.0480 6292 sfloppy - ok
20:37:59.0542 6292 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:37:59.0558 6292 ShellHWDetection - ok
20:37:59.0573 6292 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:37:59.0573 6292 sisagp - ok
20:37:59.0589 6292 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:37:59.0589 6292 SiSRaid2 - ok
20:37:59.0604 6292 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:37:59.0620 6292 SiSRaid4 - ok
20:37:59.0745 6292 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:37:59.0823 6292 slsvc - ok
20:37:59.0916 6292 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:37:59.0932 6292 SLUINotify - ok
20:37:59.0994 6292 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:38:00.0010 6292 Smb - ok
20:38:00.0041 6292 [ C62609CFB5A0E0EDD791E53487C48168 ] SMR310 C:\Windows\system32\drivers\SMR310.SYS
20:38:00.0041 6292 SMR310 - ok
20:38:00.0072 6292 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:38:00.0072 6292 SNMPTRAP - ok
20:38:00.0104 6292 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:38:00.0104 6292 spldr - ok
20:38:00.0166 6292 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:38:00.0166 6292 Spooler - ok
20:38:00.0353 6292 [ 5CAC2130C217FF7DDBE6D59AC6131F1D ] SRTSP C:\Windows\system32\drivers\N360\1401010.002\SRTSP.SYS
20:38:00.0369 6292 SRTSP - ok
20:38:00.0384 6292 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\N360\1401010.002\SRTSPX.SYS
20:38:00.0384 6292 SRTSPX - ok
20:38:00.0462 6292 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:38:00.0462 6292 srv - ok
20:38:00.0525 6292 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:38:00.0540 6292 srv2 - ok
20:38:00.0556 6292 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:38:00.0556 6292 srvnet - ok
20:38:00.0587 6292 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:38:00.0587 6292 SSDPSRV - ok
20:38:00.0618 6292 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:38:00.0634 6292 SstpSvc - ok
20:38:00.0681 6292 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
20:38:00.0681 6292 StarOpen - ok
20:38:00.0759 6292 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:38:00.0821 6292 stisvc - ok
20:38:00.0837 6292 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:38:00.0837 6292 swenum - ok
20:38:00.0899 6292 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:38:00.0915 6292 swprv - ok
20:38:00.0946 6292 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:38:00.0946 6292 Symc8xx - ok
20:38:00.0993 6292 [ 0004CCDD046A873CFF06427B06BE0B28 ] SymDS C:\Windows\system32\drivers\N360\1401010.002\SYMDS.SYS
20:38:01.0008 6292 SymDS - ok
20:38:01.0242 6292 [ 4C24298500C31E84F5FDFAE6339902CD ] SymEFA C:\Windows\system32\drivers\N360\1401010.002\SYMEFA.SYS
20:38:01.0274 6292 SymEFA - ok
20:38:01.0320 6292 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
20:38:01.0320 6292 SymEvent - ok
20:38:01.0336 6292 SymIMMP - ok
20:38:01.0430 6292 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1401010.002\Ironx86.SYS
20:38:01.0445 6292 SymIRON - ok
20:38:01.0586 6292 [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv C:\Windows\system32\drivers\N360\1401010.002\SYMTDIV.SYS
20:38:01.0617 6292 SYMTDIv - ok
20:38:01.0648 6292 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:38:01.0664 6292 Sym_hi - ok
20:38:01.0664 6292 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:38:01.0679 6292 Sym_u3 - ok
20:38:01.0726 6292 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:38:01.0742 6292 SysMain - ok
20:38:01.0788 6292 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:38:01.0804 6292 TabletInputService - ok
20:38:01.0851 6292 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:38:01.0882 6292 TapiSrv - ok
20:38:01.0898 6292 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:38:01.0913 6292 TBS - ok
20:38:01.0944 6292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:38:01.0960 6292 Tcpip - ok
20:38:01.0976 6292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:38:01.0991 6292 Tcpip6 - ok
20:38:02.0038 6292 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:38:02.0069 6292 tcpipreg - ok
20:38:02.0100 6292 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:38:02.0100 6292 TDPIPE - ok
20:38:02.0132 6292 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:38:02.0132 6292 TDTCP - ok
20:38:02.0178 6292 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:38:02.0178 6292 tdx - ok
20:38:02.0241 6292 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:38:02.0241 6292 TermDD - ok
20:38:02.0319 6292 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:38:02.0319 6292 TermService - ok
20:38:02.0334 6292 TfFsMon - ok
20:38:02.0334 6292 TfNetMon - ok
20:38:02.0334 6292 TfSysMon - ok
20:38:02.0381 6292 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:38:02.0381 6292 Themes - ok
20:38:02.0428 6292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:38:02.0428 6292 THREADORDER - ok
20:38:02.0522 6292 [ 39BD95A9FE72AAF5C675AD146BE456A9 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
20:38:02.0522 6292 TomTomHOMEService - ok
20:38:02.0553 6292 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:38:02.0553 6292 TrkWks - ok
20:38:02.0678 6292 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:38:02.0709 6292 TrustedInstaller - ok
20:38:02.0756 6292 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:38:02.0756 6292 tssecsrv - ok
20:38:02.0818 6292 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:38:02.0818 6292 tunmp - ok
20:38:02.0865 6292 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:38:02.0865 6292 tunnel - ok
20:38:02.0943 6292 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:38:02.0958 6292 uagp35 - ok
20:38:03.0005 6292 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:38:03.0021 6292 udfs - ok
20:38:03.0052 6292 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:38:03.0052 6292 UI0Detect - ok
20:38:03.0083 6292 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:38:03.0083 6292 uliagpkx - ok
20:38:03.0114 6292 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:38:03.0114 6292 uliahci - ok
20:38:03.0130 6292 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:38:03.0146 6292 UlSata - ok
20:38:03.0161 6292 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:38:03.0161 6292 ulsata2 - ok
20:38:03.0208 6292 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:38:03.0208 6292 umbus - ok
20:38:03.0239 6292 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:38:03.0239 6292 upnphost - ok
20:38:03.0270 6292 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:38:03.0270 6292 USBAAPL - ok
20:38:03.0286 6292 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:38:03.0286 6292 usbccgp - ok
20:38:03.0317 6292 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:38:03.0317 6292 usbcir - ok
20:38:03.0348 6292 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:38:03.0348 6292 usbehci - ok
20:38:03.0489 6292 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:38:03.0520 6292 usbhub - ok
20:38:03.0536 6292 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:38:03.0536 6292 usbohci - ok
20:38:03.0582 6292 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:38:03.0582 6292 usbprint - ok
20:38:03.0614 6292 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:38:03.0614 6292 usbscan - ok
20:38:03.0629 6292 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:38:03.0629 6292 USBSTOR - ok
20:38:03.0660 6292 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:38:03.0660 6292 usbuhci - ok
20:38:03.0723 6292 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:38:03.0754 6292 UxSms - ok
20:38:03.0801 6292 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:38:03.0816 6292 vds - ok
20:38:03.0879 6292 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:38:03.0879 6292 vga - ok
20:38:03.0910 6292 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:38:03.0910 6292 VgaSave - ok
20:38:03.0941 6292 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:38:03.0941 6292 viaagp - ok
20:38:03.0957 6292 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:38:03.0957 6292 ViaC7 - ok
20:38:03.0972 6292 [ F2EB2E6E21B008695D3D28E69937DA9C ] viaide C:\Windows\system32\drivers\viaide.sys
20:38:03.0972 6292 viaide - ok
20:38:04.0004 6292 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:38:04.0004 6292 volmgr - ok
20:38:04.0175 6292 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:38:04.0206 6292 volmgrx - ok
20:38:04.0253 6292 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:38:04.0269 6292 volsnap - ok
20:38:04.0300 6292 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:38:04.0316 6292 vsmraid - ok
20:38:04.0378 6292 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:38:04.0394 6292 VSS - ok
20:38:04.0550 6292 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:38:04.0596 6292 W32Time - ok
20:38:04.0628 6292 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:38:04.0628 6292 WacomPen - ok
20:38:04.0659 6292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:38:04.0674 6292 Wanarp - ok
20:38:04.0674 6292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:38:04.0674 6292 Wanarpv6 - ok
20:38:04.0706 6292 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\Windows\system32\DRIVERS\wanatw4.sys
20:38:04.0706 6292 wanatw - ok
20:38:04.0721 6292 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:38:04.0721 6292 wcncsvc - ok
20:38:04.0752 6292 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:38:04.0752 6292 WcsPlugInService - ok
20:38:04.0784 6292 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
20:38:04.0784 6292 Wd - ok
20:38:04.0893 6292 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:38:04.0924 6292 Wdf01000 - ok
20:38:04.0971 6292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:38:04.0971 6292 WdiServiceHost - ok
20:38:04.0986 6292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:38:04.0986 6292 WdiSystemHost - ok
20:38:05.0064 6292 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:38:05.0064 6292 WebClient - ok
20:38:05.0127 6292 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:38:05.0158 6292 Wecsvc - ok
20:38:05.0205 6292 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:38:05.0205 6292 wercplsupport - ok
20:38:05.0267 6292 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:38:05.0267 6292 WerSvc - ok
20:38:05.0283 6292 WinHttpAutoProxySvc - ok
20:38:05.0361 6292 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:38:05.0376 6292 Winmgmt - ok
20:38:05.0642 6292 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:38:05.0688 6292 WinRM - ok
20:38:05.0829 6292 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:38:05.0844 6292 Wlansvc - ok
20:38:06.0624 6292 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:38:06.0640 6292 wlidsvc - ok
20:38:06.0687 6292 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:38:06.0687 6292 WmiAcpi - ok
20:38:06.0749 6292 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:38:06.0765 6292 wmiApSrv - ok
20:38:06.0843 6292 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:38:06.0858 6292 WMPNetworkSvc - ok
20:38:06.0905 6292 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:38:06.0936 6292 WPCSvc - ok
20:38:07.0030 6292 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:38:07.0061 6292 WPDBusEnum - ok
20:38:07.0139 6292 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:38:07.0170 6292 WpdUsb - ok
20:38:07.0451 6292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:38:07.0467 6292 WPFFontCache_v0400 - ok
20:38:07.0545 6292 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:38:07.0560 6292 ws2ifsl - ok
20:38:07.0607 6292 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:38:07.0638 6292 wscsvc - ok
20:38:07.0638 6292 WSearch - ok
20:38:07.0701 6292 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:38:07.0701 6292 WUDFRd - ok
20:38:07.0732 6292 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:38:07.0732 6292 wudfsvc - ok
20:38:07.0857 6292 [ 74EC37B9EAF9FCA015B933A526825C7A ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
20:38:07.0857 6292 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
20:38:07.0872 6292 ================ Scan global ===============================
20:38:07.0935 6292 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:38:07.0997 6292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:38:08.0013 6292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:38:08.0184 6292 [ 1C5A8277AA91E44684772C950C892AE2 ] C:\Windows\system32\services.exe
20:38:08.0216 6292 [Global] - ok
20:38:08.0216 6292 ================ Scan MBR ==================================
20:38:08.0247 6292 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
20:38:09.0885 6292 \Device\Harddisk0\DR0 - ok
20:38:09.0885 6292 ================ Scan VBR ==================================
20:38:09.0916 6292 [ FD92C1663E26233F86DFB030E2D665E3 ] \Device\Harddisk0\DR0\Partition1
20:38:09.0947 6292 \Device\Harddisk0\DR0\Partition1 - ok
20:38:09.0978 6292 [ 1CF2E19327585DDCD223A5063A1FD7F5 ] \Device\Harddisk0\DR0\Partition2
20:38:10.0025 6292 \Device\Harddisk0\DR0\Partition2 - ok
20:38:10.0025 6292 ============================================================
20:38:10.0025 6292 Scan finished
20:38:10.0025 6292 ============================================================
20:38:10.0088 8096 Detected object count: 0

20:38:10.0088 8096 Actual detected object count: 0

Tobydog, Sep 9, 2012

#10
Broni Malware Annihilator Posts: 39,231 +175
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
Broni, Sep 9, 2012

#11
Tobydog Newcomer, in training Posts: 44

Hi Broni - thanks for your help

Have followed your instructions but am not making any progress - unable to run FRST from flashdrive - all I can see is a page of symbols

Shall I leave computer running ?

Thanks again

Tobydog, Sep 11, 2012

#12
Broni Malware Annihilator Posts: 39,231 +175

At what exact point are you stuck?

Broni, Sep 11, 2012

#13
Tobydog Newcomer, in training Posts: 44

Hi Broni - thanks

I'm here - In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.

When I press Enter all I can see is a page full of symbols and random letters - FRST doesn't appear to be running - the disclaimer doesn't appear

Tobydog, Sep 12, 2012

#14
Tobydog Newcomer, in training Posts: 44

Hi Broni

Should I send you a screenshot of what I can see ?

Tobydog, Sep 12, 2012

#15
Broni Malware Annihilator Posts: 39,231 +175

Try different flash drive.

Broni, Sep 12, 2012

#16
Tobydog Newcomer, in training Posts: 44

Hi Broni

I'm having a nightmare - I've tried using a different flashdrive - no success
My computer is now shutting down / restarting / shutting down / restarting automatically
Help!

Tobydog, Sep 13, 2012

#17
Tobydog Newcomer, in training Posts: 44

Hi Broni

In between the computer shutting down / restarting I managed to try another attempt to run FRST - after pressing Enter at 'In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter' , I still get a page of symblos / random letters - but I can see in the top line: ' this program cannot be run in DOS mode '

Tobydog, Sep 13, 2012

#18
Tobydog Newcomer, in training Posts: 44

Hi Broni

I noticed an error message which pointed at Norton 360 causing a problem - I uninstalled Norton

My apologies for not following your instructions but the computer has stabilized and is not continually shutting down / restarting

Awaiting your advice

Thanks for your help

Tobydog, Sep 13, 2012

#19
Broni Malware Annihilator Posts: 39,231 +175

Are you booting to System Recovery Options or you're trying to boot to Windows?

Do you have Vista DVD?

Broni, Sep 13, 2012

#20

Page 1 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.