Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image


  • This topic is locked This topic is locked
38 replies to this topic

#1 briansmall

briansmall

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 14 March 2012 - 08:42 AM

When launching particular programs, I'm getting a warning window saying "Whatever Program.* - Bad Image". Then it says the following:
"\\.\globalroot\systemroot\assembly\tmp\U\80000032.@ is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

Running Windows 7.

TDSSKiller didn't detect anything.

Norton 360 has had a few "Backdoor.Trojan" and "Trojan.Gen.2" messages: c:\windows\assembly\temp\u\80000004.@

Ran Norton's NPE.exe, and it didn't fix anything.

MRT hasn't found anything.

Anxious to get this cleaned up.

Thanks, in advance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 15 March 2012 - 01:56 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 March 2012 - 07:26 AM

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by bsmall at 7:04:06 on 2012-03-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.5987 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Charter\Cloud Drive Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\Program Files (x86)\Charter\Cloud Drive Backup\Scheduler\OnlineBackup.SchedulerService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Users\bsmall\AppData\Local\Audiogalaxy\Audiogalaxy.exe
C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe
C:\Users\bsmall\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\bsmall\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Charter\Cloud Drive Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe
C:\Program Files (x86)\Charter\Cloud Drive Backup\vewatch.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\bsmall\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Users\bsmall\AppData\Local\Audiogalaxy\Audiogalaxy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [Audiogalaxy] "C:\Users\bsmall\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup
uRun: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none
uRun: [Google Update] "C:\Users\bsmall\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\bsmall\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Online Backup Auto Update] "C:\Program Files (x86)\Charter\Cloud Drive Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe"
mRun: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Charter\Cloud Drive Backup\vewatch.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\bsmall\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHARTE~1.LNK - C:\Windows\system32\schtasks.exe
StartupFolder: C:\Users\bsmall\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bsmall\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\bsmall\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\bsmall\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
StartupFolder: C:\Users\bsmall\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: Download with Xilisoft YouTube Video Converter - C:\Program Files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - C:\Users\bsmall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - C:\Users\bsmall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
TCP: Interfaces\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34} : DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
TCP: Interfaces\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}\C696E6B6379737 : DhcpNameServer = 66.182.208.5 69.60.160.196
TCP: Interfaces\{C50C78B9-022C-4CA0-8F29-AC858A9CCC9F} : DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Norton Safety Minder BHO: {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll
BHO-X64: Norton Safety Minder BHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [Online Backup Auto Update] "C:\Program Files (x86)\Charter\Cloud Drive Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe"
mRun-x64: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Charter\Cloud Drive Backup\vewatch.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bsmall\AppData\Roaming\Mozilla\Firefox\Profiles\g5dzor37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Twitter
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\bsmall\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\bsmall\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\bsmall\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\bsmall\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\bsmall\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 ntcdrdrv;ntcdrdrv;C:\Windows\system32\DRIVERS\ntcdrdrv.sys --> C:\Windows\system32\DRIVERS\ntcdrdrv.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]
R1 ccSet_NOF;Norton Online Settings Manager;C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys --> C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120313.001\IDSviA64.sys [2012-3-13 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/07 10:18:53];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-2-7 146928]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-6 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;C:\Windows\system32\Drivers\NSMx64\0203000.011\SymRdrS.SYS --> C:\Windows\system32\Drivers\NSMx64\0203000.011\SymRdrS.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-14 22:51:40 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-03-14 10:13:49 -------- d-----w- C:\Users\bsmall\AppData\Local\NPE
2012-03-14 01:40:42 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-14 01:39:35 -------- d-----we C:\Windows\system64
2012-03-13 18:11:29 -------- d-----w- C:\Users\bsmall\AppData\Roaming\Media Finder
2012-03-09 17:18:07 -------- d-----w- C:\Users\bsmall\AppData\Local\Marketing Plan Pro Samples
2012-03-08 17:57:23 -------- d-----w- C:\Users\bsmall\AppData\Roaming\IrfanView
2012-02-21 18:09:00 -------- d-----w- C:\Program Files (x86)\LexarMedia
2012-02-21 16:13:51 -------- d-----w- C:\Users\bsmall\RescuePRO
2012-02-21 16:13:37 -------- d-----w- C:\Program Files (x86)\RescuePRO
2012-02-21 15:40:14 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-02-19 16:12:57 -------- d-----w- C:\TuneUp Duplicates
2012-02-16 14:06:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 14:06:13 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 14:06:10 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 14:06:07 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 14:06:03 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 14:06:03 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 14:04:32 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 14:04:32 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 14:48:14 -------- d-----w- C:\Users\bsmall\AppData\Local\Programs
.
==================== Find3M ====================
.
2012-03-15 12:16:02 26 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-03-13 12:21:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-21 15:40:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-09 02:27:15 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-19 17:57:20 60304 ----a-w- C:\Users\bsmall\g2mdlhlpx.exe
2012-01-04 16:27:05 13844000 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 7:20:25.51 ===============


ATTACH.txt (recommended that I zip it, but you said to copy and post - hope that's correct):

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/14/2010 2:02:50 PM
System Uptime: 3/15/2012 6:55:18 AM (1 hours ago)
.
Motherboard: FOXCONN | | ALOE
Processor: AMD Phenom™ II X4 945 Processor | CPU 1 | 780/200mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
µTorrent
8500A909_eDocs
Active@ KillDisk FREE Suite
ActiveCheck component for HP Active Support Library
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Color Video Profiles AE CS4
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 9.3.3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
AHV content for Acrobat and Flash
Alien Skin Splat! 1.0 Demo
Alien Skin Xenofex 2 Demo
Alien Skin Xenofex 2.0
All-Pro League Scheduler
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Audiogalaxy
Avid Codecs LE
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Blurb Template Creator CS3 v1.1.0.1d5
Bodog Poker
BookSmart® 3.2.2 3.2.2
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
C4700
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Charter Cloud Drive™ Backup
Cisco Network Magic
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Crystal Reports Basic Runtime for Visual Studio 2008
CyberLink DVD Suite Deluxe
D3DX10
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocProc
Dropbox
Duplicate Cleaner 2.1b
DVD Architect Pro 5.0
DVD Architect Pro 5.2
DVD Menu Pack for HP MediaSmart Video
EPSON TWAIN 5
Evernote v. 4.5.3
Extensis Suitcase Fusion 2
Eye Candy 4000
Facebook Video Calling 1.1.1.1
Free YouTube to iPod Converter version 3.10.1.715
Free YouTube to MP3 Converter version 3.10.14.1206
Getting Things Done Outlook Add-In
Google Calendar Sync
Google Chrome
Google Desktop
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 5.1.0.880
GPBaseService2
GPL Ghostscript 8.63
HandBrake 0.9.5
HDR Expose
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP MIE Restore Image Creator
HP Odometer
HP Photo Creations
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Hulu Desktop
HydraVision
iPodCopy
Java Auto Updater
Java™ 6 Update 31
Jing
Junk Mail filter update
LabelPrint
LastPass (uninstall only)
League Scheduler
LexarMedia ImageRescue Software
Lightroom
LightScribe System Software
LinkedIn Outlook Connector
Magic Bullet Editors 2.0 Vegas
Magic FLAC to MP3 Converter 3.71
Malwarebytes Anti-Malware version 1.60.1.1000
Marketing Plan Pro Powered by Duct Tape Marketing
MarketResearch
Microsoft Corporation
Microsoft Live Search Toolbar
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Small Business Edition 2003
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.13)
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Firefox 7.0 (x86 en-US)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Manager
Neat Video v2.2 Demo plug-in for Sony Vegas
Network Magic
Norton 360
Norton Online
Norton Online Backup
Norton Safety Minder
NoteBurner 1.35
Password Recovery for Google (remove only)
PDF Settings
Photoshop Camera Raw
Picasa 3
PictureMover
Pixel Bender Toolkit
Power2Go
PowerDirector
ProShow Producer
PS_AIO_06_C4700_SW_Min
Pure Networks Platform
QuickBooks Pro 2008
QuickTime
QuickTransfer
RAIDXpert
Realtek High Definition Audio Driver
Recovery Manager
RescuePRO 4.0
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.5
SmartDraw 2010
SmartDraw 7
SmartWebPrinting
SolutionCenter
Sony Sound Forge 7.0
Speccy
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
SupportSoft Assisted Service
Symantec Technical Support Web Controls
System Requirements Lab for Intel
Tansee iPhone Transfer SMS 2.7.0.0
Toolbox
Tournament Scheduler
TrayApp
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vegas Pro 9.0
Vertus Fluid Mask 3 3.0.1
virtualPhotographer 1.5.6
Visual Thesaurus 3.0.2
VueScan
WebEx
WebReg
WinAce Archiver
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
WinZip 15.5
Xilisoft YouTube Video Converter
YouSendIt Express
YouSendIt Plug-in for Outlook
YouTube Downloader 2.7
.
==== Event Viewer Messages From Past Week ========
.
3/15/2012 7:18:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
3/15/2012 7:18:15 AM, Error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
3/15/2012 7:03:33 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/15/2012 7:00:04 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/15/2012 6:56:13 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/15/2012 6:56:07 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/15/2012 6:56:07 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/15/2012 6:56:06 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/14/2012 8:55:33 AM, Error: Service Control Manager [7030] - The NetworkLog service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/14/2012 6:20:48 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
3/14/2012 6:07:52 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
3/14/2012 6:07:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
3/14/2012 6:07:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
3/14/2012 5:34:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/14/2012 5:23:16 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
3/14/2012 4:55:51 AM, Error: Ntfs [137] - The default transaction resource manager on volume R: encountered a non-retryable error and could not start. The data contains the error code.
3/14/2012 4:51:53 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/14/2012 11:58:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
3/13/2012 8:11:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KRISTN-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================


Only issues since my initial post were a notice from Norton 360 that the file windows\system32\concerv.dll is the infected file.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 15 March 2012 - 07:43 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 March 2012 - 09:15 AM

ComboFix has run and created the following log. I did have one message from Norton after the computer was rebooted by ComboFix that read: THREAT REQUIRING MANUAL REMOVAL DETECTED: SYSTEM INFECTED: TIDSERV ACTIVITY 2.

ComboFix log:

ComboFix 12-03-15.02 - bsmall 03/15/2012 7:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.5906 [GMT -5:00]
Running from: c:\users\bsmall\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bsmall\AppData\Roaming\.#
c:\users\bsmall\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-14 22:51 . 2012-03-15 14:52 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-03-14 10:13 . 2012-03-14 11:13 -------- d-----w- c:\users\bsmall\AppData\Local\NPE
2012-03-13 18:11 . 2012-03-13 18:15 -------- d-----w- c:\users\bsmall\AppData\Roaming\Media Finder
2012-03-09 17:18 . 2012-03-09 17:18 -------- d-----w- c:\users\bsmall\AppData\Local\Marketing Plan Pro Samples
2012-03-08 17:57 . 2012-03-08 18:02 -------- d-----w- c:\users\bsmall\AppData\Roaming\IrfanView
2012-02-21 18:09 . 2012-02-21 18:09 -------- d-----w- c:\program files (x86)\LexarMedia
2012-02-21 16:13 . 2012-02-21 18:03 -------- d-----w- c:\users\bsmall\RescuePRO
2012-02-21 16:13 . 2012-02-21 18:03 -------- d-----w- c:\program files (x86)\RescuePRO
2012-02-21 15:40 . 2012-02-21 15:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-21 15:40 . 2012-02-21 15:40 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-02-19 16:12 . 2012-02-19 19:19 -------- d-----w- C:\TuneUp Duplicates
2012-02-16 14:06 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 14:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 14:06 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 14:06 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 14:04 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 14:48 . 2012-02-14 14:48 -------- d-----w- c:\users\bsmall\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 12:21 . 2011-05-27 13:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-21 15:40 . 2010-07-19 17:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-09 02:27 . 2011-06-14 13:45 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-19 18:21 . 2012-01-19 18:21 576536 ----a-r- c:\users\bsmall\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-01-04 16:27 . 2012-01-04 16:26 13844000 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2012-01-04 08:58 . 2012-02-16 14:06 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 05:27 . 2012-02-16 14:06 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
.
[7] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\system32\wuauclt.exe
.
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll
.
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2011-12-14 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll
[7] 2011-12-14 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[7] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
.
[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[7] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll
[7] 2011-12-14 . C2FA4DBD6BB91D1AFD7D155120654AB9 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll
[7] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll
[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll
[7] 2011-09-01 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll
[7] 2011-09-01 . 1B2D2D8E611DE70CEB13F104D39814BA . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_770c005a8d972856\wininet.dll
[7] 2011-07-22 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_767f62b1747c3c87\wininet.dll
[7] 2011-07-22 . 1A5A6898E90546B476D4E8A56626FC96 . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20534_none_7708ff7c8d99dc51\wininet.dll
[7] 2011-07-13 . 1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_768731bf7476d491\wininet.dll
[7] 2011-04-22 . 2DCA688631F71722B0B5E57F526BB2EB . 1188864 . . [8.00.7601.17601] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_7ad111182f6f29d5\wininet.dll
[7] 2011-04-22 . BC661E59AE2BC840C6D8165F170DE7DE . 1189376 . . [8.00.7601.21710] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_7b4eddad4895cc39\wininet.dll
[7] 2011-03-07 . AB026A724960570803E90DC370893BD0 . 1188864 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_7a8760522fa622f3\wininet.dll
[7] 2011-03-07 . 93679DC9407BFC602D7E6BFC027455E0 . 1189376 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_7b13fdfb48c10ec2\wininet.dll
[7] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[7] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[7] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
[7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
[7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
.
[7] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[7] 2011-05-14 . CC5CBC069944E7EA70D8674478A70A37 . 837632 . . [6.1.7601.21728] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[7] 2011-05-14 . 166116134C58DC36400DE59ACD64FB39 . 837632 . . [6.1.7601.17617] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[7] 2010-11-20 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
.
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
.
[7] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[7] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll
[7] 2011-12-14 . A29CFD4B9F6F2BBE06C8D64B6D07F1D4 . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_92aef99542575621\mshtml.dll
.
[7] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
.
[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
.
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
.
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[7] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
[7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
[7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
[7] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll
[7] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll
[7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
[7] 2011-09-01 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll
[7] 2011-09-01 . C0FCEE8D760C70DB6EF858BB2262288E . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_1aed64d6d539b720\wininet.dll
[7] 2011-07-22 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll
[7] 2011-07-22 . AA75F065975FCE762FC9BBF5A3C08368 . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20534_none_1aea63f8d53c6b1b\wininet.dll
[7] 2011-07-13 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_1a68963bbc19635b\wininet.dll
[7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[7] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[7] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
.
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
.
[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\SysWOW64\usp10.dll
[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
.
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] .. c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[7] 2011-07-13 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
.
.
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-04-09 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[7] 2011-04-09 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[7] 2010-11-20 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Audiogalaxy"="c:\users\bsmall\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2011-12-13 2955496]
"YouSendIt.exe"="c:\program files (x86)\YouSendIt\Express\YouSendIt.exe" [2011-05-02 198144]
"MusicManager"="c:\users\bsmall\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-02-21 13320704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-10 98304]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2010-08-24 472112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Online Backup Auto Update"="c:\program files (x86)\Charter\Cloud Drive Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2011-06-22 233472]
"Vault Explorer Cache Watcher"="c:\program files (x86)\Charter\Cloud Drive Backup\vewatch.exe" [2011-03-23 28672]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-1-4 13844000]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-1-4 13844000]
.
c:\users\Matt Small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-1-4 13844000]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-1-4 13844000]
.
c:\users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Charter Cloud Drive™ Backup.lnk - c:\windows\system32\schtasks.exe [2011-7-14 285696]
Dropbox.lnk - c:\users\bsmall\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2012-1-23 391008]
sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2011-7-14 1174016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-10-5 6185472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-09 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120315.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/07 10:18];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 01:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 FilesystemWatcher;Filesystem Watcher;c:\program files (x86)\Charter\Cloud Drive Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2011-06-22 24576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 KjsUpdateService;AppLife Update Service;c:\program files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe [2008-08-17 12800]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOF;Norton Online;c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [2011-11-30 138248]
S2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files (x86)\Charter\Cloud Drive Backup\Scheduler\OnlineBackup.SchedulerService.exe [2011-06-22 24576]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 485376]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-06 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000Core.job
- c:\users\bsmall\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 15:39]
.
2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000UA.job
- c:\users\bsmall\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 15:39]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 18:29]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 18:29]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000Core.job
- c:\users\bsmall\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 02:58]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000UA.job
- c:\users\bsmall\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 02:58]
.
2012-02-15 c:\windows\Tasks\HPCeeScheduleForbsmall.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-03-13 c:\windows\Tasks\OnlineBackupManager.job
- c:\program files (x86)\Charter\Cloud Drive Backup\SyncNShare\OnlineBackup.SyncNShare.exe [2011-06-22 00:56]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2012-03-15 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~2\SMARTD~2\Messages\SDNotify.exe [2011-06-13 16:09]
.
2012-03-15 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~2\Messages\SDNotify.exe [2011-06-13 16:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bsmall\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"combofix"="c:\combofix\CF17963.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Ptserlp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\users\bsmall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\bsmall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
LSP: mswsock.dll
TCP: DhcpNameServer = 68.113.206.10 24.217.0.5 71.92.29.130
TCP: Interfaces\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\bsmall\AppData\Roaming\Mozilla\Firefox\Profiles\g5dzor37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Twitter
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOF]
"ImagePath"="\"c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files (x86)\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
c:\program files (x86)\Evernote\Evernote\Evernote.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\SysWOW64\ping.exe
c:\windows\SysWOW64\ping.exe
c:\windows\SysWOW64\ping.exe
.
**************************************************************************
.
Completion time: 2012-03-15 09:11:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-15 14:11
.
Pre-Run: 245,029,523,456 bytes free
Post-Run: 244,963,717,120 bytes free
.
- - End Of File - - 143B7AA4B5B2C006AF52D484D2113AB2

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 15 March 2012 - 01:05 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 March 2012 - 03:17 PM

TDSSKILLER REPORT:

15:13:40.0708 5716 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:13:41.0266 5716 ============================================================
15:13:41.0266 5716 Current date / time: 2012/03/15 15:13:41.0266
15:13:41.0266 5716 SystemInfo:
15:13:41.0266 5716
15:13:41.0266 5716 OS Version: 6.1.7601 ServicePack: 1.0
15:13:41.0266 5716 Product type: Workstation
15:13:41.0266 5716 ComputerName: BSMALL-PC
15:13:41.0266 5716 UserName: bsmall
15:13:41.0266 5716 Windows directory: C:\Windows
15:13:41.0266 5716 System windows directory: C:\Windows
15:13:41.0266 5716 Running under WOW64
15:13:41.0266 5716 Processor architecture: Intel x64
15:13:41.0266 5716 Number of processors: 4
15:13:41.0266 5716 Page size: 0x1000
15:13:41.0266 5716 Boot type: Normal boot
15:13:41.0266 5716 ============================================================
15:13:41.0665 5716 Drive \Device\Harddisk0\DR0 - Size: 0xE8D4A50000 (931.32 Gb), SectorSize: 0x200, Cylinders: 0x1DAE8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:41.0668 5716 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:13:48.0462 5716 Drive \Device\Harddisk2\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:15:47.0822 5716 Drive \Device\Harddisk7\DR7 - Size: 0x3D7E2000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:15:47.0847 5716 \Device\Harddisk0\DR0:
15:15:47.0874 5716 MBR used
15:15:47.0874 5716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:15:47.0874 5716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F54800
15:15:47.0874 5716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72F87000, BlocksNum 0x171D800
15:15:47.0874 5716 \Device\Harddisk1\DR1:
15:15:47.0875 5716 MBR used
15:15:47.0875 5716 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
15:15:47.0875 5716 \Device\Harddisk2\DR2:
15:15:47.0877 5716 MBR used
15:15:47.0877 5716 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
15:15:47.0877 5716 \Device\Harddisk7\DR7:
15:15:47.0879 5716 MBR used
15:15:47.0879 5716 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EBAE1
15:15:48.0350 5716 Initialize success
15:15:48.0350 5716 ============================================================
15:15:55.0341 5204 ============================================================
15:15:55.0341 5204 Scan started
15:15:55.0341 5204 Mode: Manual;
15:15:55.0341 5204 ============================================================
15:15:55.0828 5204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:15:55.0829 5204 1394ohci - ok
15:15:55.0862 5204 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
15:15:55.0863 5204 61883 - ok
15:15:55.0928 5204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:15:55.0931 5204 ACPI - ok
15:15:55.0990 5204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:15:55.0992 5204 AcpiPmi - ok
15:15:56.0042 5204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:15:56.0047 5204 adp94xx - ok
15:15:56.0091 5204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:15:56.0094 5204 adpahci - ok
15:15:56.0153 5204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:15:56.0171 5204 adpu320 - ok
15:15:56.0278 5204 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:15:56.0281 5204 AFD - ok
15:15:56.0365 5204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:15:56.0367 5204 agp440 - ok
15:15:56.0414 5204 ahcix64s (aa3f73ccbf498bd56800f840d75e40e4) C:\Windows\system32\DRIVERS\ahcix64s.sys
15:15:56.0416 5204 ahcix64s - ok
15:15:56.0576 5204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:15:56.0577 5204 aliide - ok
15:15:56.0605 5204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:15:56.0606 5204 amdide - ok
15:15:56.0661 5204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:15:56.0663 5204 AmdK8 - ok
15:15:56.0930 5204 amdkmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:57.0082 5204 amdkmdag - ok
15:15:57.0111 5204 amdkmdap (3d00276750e2d6f35228e12868cf1a46) C:\Windows\system32\DRIVERS\atikmpag.sys
15:15:57.0113 5204 amdkmdap - ok
15:15:57.0141 5204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:15:57.0142 5204 AmdPPM - ok
15:15:57.0209 5204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:15:57.0211 5204 amdsata - ok
15:15:57.0233 5204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:15:57.0236 5204 amdsbs - ok
15:15:57.0251 5204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:15:57.0252 5204 amdxata - ok
15:15:57.0327 5204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:15:57.0328 5204 AppID - ok
15:15:57.0449 5204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:15:57.0451 5204 arc - ok
15:15:57.0476 5204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:15:57.0477 5204 arcsas - ok
15:15:57.0512 5204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:15:57.0513 5204 AsyncMac - ok
15:15:57.0591 5204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:15:57.0592 5204 atapi - ok
15:15:57.0649 5204 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
15:15:57.0664 5204 athr - ok
15:15:57.0707 5204 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
15:15:57.0708 5204 AtiHdmiService - ok
15:15:57.0919 5204 atikmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:57.0970 5204 atikmdag - ok
15:15:58.0014 5204 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:15:58.0015 5204 AtiPcie - ok
15:15:58.0066 5204 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
15:15:58.0068 5204 Avc - ok
15:15:58.0107 5204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:15:58.0112 5204 b06bdrv - ok
15:15:58.0135 5204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:15:58.0138 5204 b57nd60a - ok
15:15:58.0149 5204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:15:58.0150 5204 Beep - ok
15:15:58.0393 5204 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
15:15:58.0399 5204 BHDrvx64 - ok
15:15:58.0432 5204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:15:58.0433 5204 blbdrive - ok
15:15:58.0502 5204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:15:58.0503 5204 bowser - ok
15:15:58.0530 5204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:15:58.0532 5204 BrFiltLo - ok
15:15:58.0547 5204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:15:58.0548 5204 BrFiltUp - ok
15:15:58.0588 5204 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:15:58.0589 5204 BridgeMP - ok
15:15:58.0613 5204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:15:58.0616 5204 Brserid - ok
15:15:58.0630 5204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:15:58.0631 5204 BrSerWdm - ok
15:15:58.0663 5204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:15:58.0664 5204 BrUsbMdm - ok
15:15:58.0688 5204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:15:58.0690 5204 BrUsbSer - ok
15:15:58.0709 5204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:15:58.0710 5204 BTHMODEM - ok
15:15:58.0762 5204 catchme - ok
15:15:58.0872 5204 ccSet_NOF (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys
15:15:58.0873 5204 ccSet_NOF - ok
15:15:58.0926 5204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:15:58.0947 5204 cdfs - ok
15:15:59.0050 5204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:15:59.0051 5204 cdrom - ok
15:15:59.0171 5204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:15:59.0173 5204 circlass - ok
15:15:59.0235 5204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:15:59.0238 5204 CLFS - ok
15:15:59.0314 5204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:15:59.0315 5204 CmBatt - ok
15:15:59.0420 5204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:15:59.0422 5204 cmdide - ok
15:15:59.0491 5204 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:15:59.0494 5204 CNG - ok
15:15:59.0514 5204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:15:59.0515 5204 Compbatt - ok
15:15:59.0595 5204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:15:59.0596 5204 CompositeBus - ok
15:15:59.0721 5204 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
15:15:59.0722 5204 cpudrv64 - ok
15:15:59.0750 5204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:15:59.0751 5204 crcdisk - ok
15:15:59.0826 5204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:15:59.0827 5204 DfsC - ok
15:15:59.0855 5204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:15:59.0856 5204 discache - ok
15:15:59.0900 5204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:15:59.0901 5204 Disk - ok
15:15:59.0954 5204 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:15:59.0955 5204 dot4 - ok
15:16:00.0023 5204 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
15:16:00.0024 5204 Dot4Print - ok
15:16:00.0042 5204 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:16:00.0043 5204 dot4usb - ok
15:16:00.0088 5204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:16:00.0089 5204 drmkaud - ok
15:16:00.0168 5204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:16:00.0173 5204 DXGKrnl - ok
15:16:00.0244 5204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:16:00.0300 5204 ebdrv - ok
15:16:00.0448 5204 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:16:00.0451 5204 eeCtrl - ok
15:16:00.0511 5204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:16:00.0516 5204 elxstor - ok
15:16:00.0574 5204 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:16:00.0575 5204 EraserUtilRebootDrv - ok
15:16:00.0628 5204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:16:00.0630 5204 ErrDev - ok
15:16:00.0660 5204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:16:00.0662 5204 exfat - ok
15:16:00.0680 5204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:16:00.0681 5204 fastfat - ok
15:16:00.0712 5204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:16:00.0713 5204 fdc - ok
15:16:00.0743 5204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:16:00.0744 5204 FileInfo - ok
15:16:00.0783 5204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:16:00.0784 5204 Filetrace - ok
15:16:00.0814 5204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:16:00.0815 5204 flpydisk - ok
15:16:00.0875 5204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:16:00.0876 5204 FltMgr - ok
15:16:00.0903 5204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:16:00.0904 5204 FsDepends - ok
15:16:00.0926 5204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:16:00.0927 5204 Fs_Rec - ok
15:16:00.0993 5204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:16:00.0995 5204 fvevol - ok
15:16:01.0021 5204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:16:01.0022 5204 gagp30kx - ok
15:16:01.0068 5204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:16:01.0069 5204 GEARAspiWDM - ok
15:16:01.0152 5204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:16:01.0154 5204 hcw85cir - ok
15:16:01.0220 5204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:16:01.0221 5204 HDAudBus - ok
15:16:01.0234 5204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:16:01.0235 5204 HidBatt - ok
15:16:01.0266 5204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:16:01.0267 5204 HidBth - ok
15:16:01.0284 5204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:16:01.0286 5204 HidIr - ok
15:16:01.0310 5204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:16:01.0310 5204 HidUsb - ok
15:16:01.0349 5204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:16:01.0351 5204 HpSAMD - ok
15:16:01.0435 5204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:16:01.0441 5204 HTTP - ok
15:16:01.0556 5204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:16:01.0557 5204 hwpolicy - ok
15:16:01.0621 5204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:16:01.0623 5204 i8042prt - ok
15:16:01.0700 5204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:16:01.0719 5204 iaStorV - ok
15:16:01.0947 5204 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120315.002\IDSvia64.sys
15:16:01.0950 5204 IDSVia64 - ok
15:16:01.0986 5204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:16:01.0987 5204 iirsp - ok
15:16:02.0089 5204 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
15:16:02.0102 5204 IntcAzAudAddService - ok
15:16:02.0180 5204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:16:02.0181 5204 intelide - ok
15:16:02.0208 5204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:16:02.0210 5204 intelppm - ok
15:16:02.0272 5204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:16:02.0273 5204 IpFilterDriver - ok
15:16:02.0349 5204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:16:02.0350 5204 IPMIDRV - ok
15:16:02.0377 5204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:16:02.0379 5204 IPNAT - ok
15:16:02.0418 5204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:16:02.0420 5204 IRENUM - ok
15:16:02.0472 5204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:16:02.0473 5204 isapnp - ok
15:16:02.0528 5204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:16:02.0531 5204 iScsiPrt - ok
15:16:02.0607 5204 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
15:16:02.0609 5204 ivusb - ok
15:16:02.0626 5204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:16:02.0626 5204 kbdclass - ok
15:16:02.0677 5204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:16:02.0678 5204 kbdhid - ok
15:16:02.0757 5204 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:16:02.0758 5204 KSecDD - ok
15:16:02.0772 5204 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:16:02.0774 5204 KSecPkg - ok
15:16:02.0790 5204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:16:02.0791 5204 ksthunk - ok
15:16:02.0853 5204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:16:02.0854 5204 lltdio - ok
15:16:02.0915 5204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:16:02.0917 5204 LSI_FC - ok
15:16:02.0953 5204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:16:02.0955 5204 LSI_SAS - ok
15:16:02.0977 5204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:16:02.0978 5204 LSI_SAS2 - ok
15:16:03.0001 5204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:16:03.0002 5204 LSI_SCSI - ok
15:16:03.0019 5204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:16:03.0020 5204 luafv - ok
15:16:03.0045 5204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:16:03.0046 5204 megasas - ok
15:16:03.0071 5204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:16:03.0074 5204 MegaSR - ok
15:16:03.0094 5204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:16:03.0095 5204 Modem - ok
15:16:03.0158 5204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:16:03.0159 5204 monitor - ok
15:16:03.0225 5204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:16:03.0226 5204 mouclass - ok
15:16:03.0237 5204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:16:03.0238 5204 mouhid - ok
15:16:03.0275 5204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:16:03.0276 5204 mountmgr - ok
15:16:03.0319 5204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:16:03.0321 5204 mpio - ok
15:16:03.0337 5204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:16:03.0338 5204 mpsdrv - ok
15:16:03.0411 5204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:16:03.0413 5204 MRxDAV - ok
15:16:03.0472 5204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:16:03.0473 5204 mrxsmb - ok
15:16:03.0531 5204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:16:03.0534 5204 mrxsmb10 - ok
15:16:03.0555 5204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:16:03.0556 5204 mrxsmb20 - ok
15:16:03.0576 5204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:16:03.0577 5204 msahci - ok
15:16:03.0631 5204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:16:03.0633 5204 msdsm - ok
15:16:03.0715 5204 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
15:16:03.0717 5204 MSDV - ok
15:16:03.0733 5204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:16:03.0733 5204 Msfs - ok
15:16:03.0754 5204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:16:03.0756 5204 mshidkmdf - ok
15:16:03.0827 5204 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
15:16:03.0828 5204 MSHUSBVideo - ok
15:16:03.0890 5204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:16:03.0891 5204 msisadrv - ok
15:16:03.0921 5204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:16:03.0923 5204 MSKSSRV - ok
15:16:03.0930 5204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:16:03.0932 5204 MSPCLOCK - ok
15:16:03.0939 5204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:16:03.0941 5204 MSPQM - ok
15:16:03.0993 5204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:16:03.0996 5204 MsRPC - ok
15:16:04.0007 5204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:16:04.0008 5204 mssmbios - ok
15:16:04.0021 5204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:16:04.0022 5204 MSTEE - ok
15:16:04.0052 5204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:16:04.0053 5204 MTConfig - ok
15:16:04.0076 5204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:16:04.0077 5204 Mup - ok
15:16:04.0122 5204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:16:04.0125 5204 NativeWifiP - ok
15:16:04.0341 5204 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120315.002\ENG64.SYS
15:16:04.0342 5204 NAVENG - ok
15:16:04.0510 5204 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120315.002\EX64.SYS
15:16:04.0521 5204 NAVEX15 - ok
15:16:04.0640 5204 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:16:04.0646 5204 NDIS - ok
15:16:04.0691 5204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:16:04.0693 5204 NdisCap - ok
15:16:04.0720 5204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:16:04.0721 5204 NdisTapi - ok
15:16:04.0782 5204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:16:04.0783 5204 Ndisuio - ok
15:16:04.0838 5204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:16:04.0839 5204 NdisWan - ok
15:16:04.0892 5204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:16:04.0893 5204 NDProxy - ok
15:16:04.0934 5204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:16:04.0935 5204 NetBIOS - ok
15:16:05.0005 5204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:16:05.0006 5204 NetBT - ok
15:16:05.0060 5204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:16:05.0061 5204 nfrd960 - ok
15:16:05.0099 5204 Normandy - ok
15:16:05.0117 5204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:16:05.0118 5204 Npfs - ok
15:16:05.0140 5204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:16:05.0141 5204 nsiproxy - ok
15:16:05.0211 5204 ntcdrdrv (b9d4056cd02e2b18413bcbc43b0bae65) C:\Windows\system32\DRIVERS\ntcdrdrv.sys
15:16:05.0212 5204 ntcdrdrv - ok
15:16:05.0291 5204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:16:05.0300 5204 Ntfs - ok
15:16:05.0307 5204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:16:05.0308 5204 Null - ok
15:16:05.0370 5204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:16:05.0372 5204 nvraid - ok
15:16:05.0423 5204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:16:05.0426 5204 nvstor - ok
15:16:05.0496 5204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:16:05.0497 5204 nv_agp - ok
15:16:05.0549 5204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:16:05.0551 5204 ohci1394 - ok
15:16:05.0590 5204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:16:05.0591 5204 Parport - ok
15:16:05.0648 5204 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:16:05.0649 5204 partmgr - ok
15:16:05.0661 5204 PcdrNdisuio - ok
15:16:05.0725 5204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:16:05.0726 5204 pci - ok
15:16:05.0742 5204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:16:05.0743 5204 pciide - ok
15:16:05.0764 5204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:16:05.0766 5204 pcmcia - ok
15:16:05.0779 5204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:16:05.0780 5204 pcw - ok
15:16:05.0802 5204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:16:05.0808 5204 PEAUTH - ok
15:16:05.0887 5204 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
15:16:05.0888 5204 pnarp - ok
15:16:05.0965 5204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:16:05.0966 5204 PptpMiniport - ok
15:16:05.0981 5204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:16:05.0983 5204 Processor - ok
15:16:06.0023 5204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:16:06.0024 5204 Psched - ok
15:16:06.0071 5204 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
15:16:06.0072 5204 purendis - ok
15:16:06.0141 5204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:16:06.0156 5204 ql2300 - ok
15:16:06.0180 5204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:16:06.0182 5204 ql40xx - ok
15:16:06.0200 5204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:16:06.0201 5204 QWAVEdrv - ok
15:16:06.0225 5204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:16:06.0226 5204 RasAcd - ok
15:16:06.0253 5204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:16:06.0253 5204 RasAgileVpn - ok
15:16:06.0308 5204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:06.0310 5204 Rasl2tp - ok
15:16:06.0331 5204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:06.0331 5204 RasPppoe - ok
15:16:06.0342 5204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:16:06.0343 5204 RasSstp - ok
15:16:06.0410 5204 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
15:16:06.0411 5204 rcmirror - ok
15:16:06.0469 5204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:16:06.0471 5204 rdbss - ok
15:16:06.0496 5204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:16:06.0497 5204 rdpbus - ok
15:16:06.0513 5204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:06.0514 5204 RDPCDD - ok
15:16:06.0546 5204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:16:06.0546 5204 RDPENCDD - ok
15:16:06.0556 5204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:16:06.0556 5204 RDPREFMP - ok
15:16:06.0622 5204 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:16:06.0624 5204 RDPWD - ok
15:16:06.0680 5204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:16:06.0681 5204 rdyboost - ok
15:16:06.0727 5204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:16:06.0728 5204 rspndr - ok
15:16:06.0781 5204 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:16:06.0783 5204 RTL8167 - ok
15:16:06.0862 5204 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
15:16:06.0863 5204 RtNdPt60 - ok
15:16:06.0926 5204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:16:06.0927 5204 sbp2port - ok
15:16:07.0084 5204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:16:07.0086 5204 scfilter - ok
15:16:07.0295 5204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:16:07.0295 5204 secdrv - ok
15:16:07.0331 5204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:16:07.0332 5204 Serenum - ok
15:16:07.0353 5204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:16:07.0355 5204 Serial - ok
15:16:07.0407 5204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:16:07.0408 5204 sermouse - ok
15:16:07.0468 5204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:16:07.0469 5204 sffdisk - ok
15:16:07.0484 5204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:16:07.0485 5204 sffp_mmc - ok
15:16:07.0506 5204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:16:07.0507 5204 sffp_sd - ok
15:16:07.0526 5204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:16:07.0527 5204 sfloppy - ok
15:16:07.0570 5204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:16:07.0572 5204 SiSRaid2 - ok
15:16:07.0603 5204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:16:07.0605 5204 SiSRaid4 - ok
15:16:07.0633 5204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:16:07.0634 5204 Smb - ok
15:16:07.0666 5204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:16:07.0667 5204 spldr - ok
15:16:07.0798 5204 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
15:16:07.0802 5204 SRTSP - ok
15:16:07.0824 5204 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
15:16:07.0825 5204 SRTSPX - ok
15:16:07.0883 5204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:16:07.0887 5204 srv - ok
15:16:07.0907 5204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:16:07.0910 5204 srv2 - ok
15:16:07.0924 5204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:16:07.0925 5204 srvnet - ok
15:16:07.0970 5204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:16:07.0972 5204 stexstor - ok
15:16:08.0062 5204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:16:08.0063 5204 swenum - ok
15:16:08.0098 5204 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
15:16:08.0103 5204 SymDS - ok
15:16:08.0167 5204 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
15:16:08.0176 5204 SymEFA - ok
15:16:08.0224 5204 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:16:08.0225 5204 SymEvent - ok
15:16:08.0281 5204 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
15:16:08.0282 5204 SymIRON - ok
15:16:08.0342 5204 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
15:16:08.0345 5204 SymNetS - ok
15:16:08.0411 5204 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} (c21550b1d42a39b3a6d128729a9ebdd6) C:\Windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS
15:16:08.0414 5204 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
15:16:08.0500 5204 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:16:08.0510 5204 Tcpip - ok
15:16:08.0555 5204 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:16:08.0565 5204 TCPIP6 - ok
15:16:08.0629 5204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:16:08.0630 5204 tcpipreg - ok
15:16:08.0660 5204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:16:08.0661 5204 TDPIPE - ok
15:16:08.0681 5204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:16:08.0682 5204 TDTCP - ok
15:16:08.0741 5204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:16:08.0742 5204 tdx - ok
15:16:08.0798 5204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:16:08.0799 5204 TermDD - ok
15:16:08.0860 5204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:16:08.0861 5204 tssecsrv - ok
15:16:08.0936 5204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:16:08.0938 5204 TsUsbFlt - ok
15:16:09.0000 5204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:16:09.0001 5204 tunnel - ok
15:16:09.0031 5204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:16:09.0032 5204 uagp35 - ok
15:16:09.0099 5204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:16:09.0103 5204 udfs - ok
15:16:09.0138 5204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:16:09.0139 5204 uliagpkx - ok
15:16:09.0189 5204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:16:09.0190 5204 umbus - ok
15:16:09.0225 5204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:16:09.0227 5204 UmPass - ok
15:16:09.0296 5204 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:16:09.0297 5204 USBAAPL64 - ok
15:16:09.0397 5204 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:16:09.0399 5204 usbaudio - ok
15:16:09.0475 5204 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:16:09.0477 5204 usbccgp - ok
15:16:09.0546 5204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:16:09.0547 5204 usbcir - ok
15:16:09.0645 5204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:16:09.0646 5204 usbehci - ok
15:16:09.0690 5204 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
15:16:09.0691 5204 usbfilter - ok
15:16:09.0740 5204 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:16:09.0743 5204 usbhub - ok
15:16:09.0787 5204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:16:09.0788 5204 usbohci - ok
15:16:09.0820 5204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:16:09.0821 5204 usbprint - ok
15:16:09.0846 5204 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:16:09.0847 5204 usbscan - ok
15:16:09.0865 5204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:16:09.0866 5204 USBSTOR - ok
15:16:09.0891 5204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:16:09.0892 5204 usbuhci - ok
15:16:09.0949 5204 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:16:09.0951 5204 usbvideo - ok
15:16:09.0984 5204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:16:09.0985 5204 vdrvroot - ok
15:16:10.0011 5204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:16:10.0012 5204 vga - ok
15:16:10.0033 5204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:16:10.0033 5204 VgaSave - ok
15:16:10.0091 5204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:16:10.0093 5204 vhdmp - ok
15:16:10.0157 5204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:16:10.0158 5204 viaide - ok
15:16:10.0184 5204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:16:10.0184 5204 volmgr - ok
15:16:10.0248 5204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:16:10.0251 5204 volmgrx - ok
15:16:10.0271 5204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:16:10.0273 5204 volsnap - ok
15:16:10.0318 5204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:16:10.0320 5204 vsmraid - ok
15:16:10.0337 5204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:16:10.0338 5204 vwifibus - ok
15:16:10.0373 5204 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:10.0374 5204 vwififlt - ok
15:16:10.0403 5204 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:16:10.0403 5204 vwifimp - ok
15:16:10.0438 5204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:16:10.0439 5204 WacomPen - ok
15:16:10.0472 5204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:10.0473 5204 WANARP - ok
15:16:10.0476 5204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:10.0477 5204 Wanarpv6 - ok
15:16:10.0519 5204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:16:10.0520 5204 Wd - ok
15:16:10.0560 5204 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
15:16:10.0561 5204 WDC_SAM - ok
15:16:10.0603 5204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:16:10.0609 5204 Wdf01000 - ok
15:16:10.0674 5204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:10.0674 5204 WfpLwf - ok
15:16:10.0696 5204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:16:10.0698 5204 WIMMount - ok
15:16:10.0803 5204 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:16:10.0804 5204 WinUsb - ok
15:16:10.0890 5204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:16:10.0891 5204 WmiAcpi - ok
15:16:10.0917 5204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:16:10.0917 5204 ws2ifsl - ok
15:16:10.0979 5204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:16:10.0980 5204 WudfPf - ok
15:16:11.0007 5204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:11.0008 5204 WUDFRd - ok
15:16:11.0095 5204 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:16:11.0096 5204 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:16:11.0129 5204 MBR (0x1B8) (9b8685c1aa1ea1781be9d92c7b1b495f) \Device\Harddisk0\DR0
15:16:11.0333 5204 \Device\Harddisk0\DR0 - ok
15:16:11.0338 5204 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
15:16:11.0342 5204 \Device\Harddisk1\DR1 - ok
15:16:11.0346 5204 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk2\DR2
15:16:11.0351 5204 \Device\Harddisk2\DR2 - ok
15:16:11.0358 5204 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
15:16:11.0366 5204 \Device\Harddisk7\DR7 - ok
15:16:11.0369 5204 Boot (0x1200) (edaaf848bbd6a62bc9f9112dc69ae3a0) \Device\Harddisk0\DR0\Partition0
15:16:11.0370 5204 \Device\Harddisk0\DR0\Partition0 - ok
15:16:11.0418 5204 Boot (0x1200) (d6e5a30d6b4346afcf902a5956123741) \Device\Harddisk0\DR0\Partition1
15:16:11.0419 5204 \Device\Harddisk0\DR0\Partition1 - ok
15:16:11.0459 5204 Boot (0x1200) (2b6f69d9c5a812427f2f0ee86dfb8bb8) \Device\Harddisk0\DR0\Partition2
15:16:11.0460 5204 \Device\Harddisk0\DR0\Partition2 - ok
15:16:11.0464 5204 Boot (0x1200) (b9d17ccc4c7574dae1837ac50a46807a) \Device\Harddisk1\DR1\Partition0
15:16:11.0465 5204 \Device\Harddisk1\DR1\Partition0 - ok
15:16:11.0468 5204 Boot (0x1200) (d113da5025ef1efd1f55381abb44b6bf) \Device\Harddisk2\DR2\Partition0
15:16:11.0471 5204 \Device\Harddisk2\DR2\Partition0 - ok
15:16:11.0476 5204 Boot (0x1200) (9d799b6d6035fc218b1715bddcce0c93) \Device\Harddisk7\DR7\Partition0
15:16:11.0478 5204 \Device\Harddisk7\DR7\Partition0 - ok
15:16:11.0478 5204 ============================================================
15:16:11.0478 5204 Scan finished
15:16:11.0478 5204 ============================================================
15:16:11.0487 4708 Detected object count: 0
15:16:11.0487 4708 Actual detected object count: 0
15:16:52.0167 5352 ============================================================
15:16:52.0167 5352 Scan started
15:16:52.0167 5352 Mode: Manual; SigCheck; TDLFS;
15:16:52.0167 5352 ============================================================
15:16:52.0638 5352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:16:52.0738 5352 1394ohci - ok
15:16:52.0761 5352 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
15:16:52.0846 5352 61883 - ok
15:16:52.0905 5352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:16:52.0917 5352 ACPI - ok
15:16:52.0968 5352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:16:53.0001 5352 AcpiPmi - ok
15:16:53.0053 5352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:16:53.0066 5352 adp94xx - ok
15:16:53.0102 5352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:16:53.0114 5352 adpahci - ok
15:16:53.0142 5352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:16:53.0151 5352 adpu320 - ok
15:16:53.0222 5352 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:16:53.0292 5352 AFD - ok
15:16:53.0354 5352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:16:53.0363 5352 agp440 - ok
15:16:53.0403 5352 ahcix64s (aa3f73ccbf498bd56800f840d75e40e4) C:\Windows\system32\DRIVERS\ahcix64s.sys
15:16:53.0426 5352 ahcix64s - ok
15:16:53.0453 5352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:16:53.0462 5352 aliide - ok
15:16:53.0494 5352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:16:53.0502 5352 amdide - ok
15:16:53.0528 5352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:16:53.0538 5352 AmdK8 - ok
15:16:53.0831 5352 amdkmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:16:54.0006 5352 amdkmdag - ok
15:16:54.0033 5352 amdkmdap (3d00276750e2d6f35228e12868cf1a46) C:\Windows\system32\DRIVERS\atikmpag.sys
15:16:54.0072 5352 amdkmdap - ok
15:16:54.0108 5352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:16:54.0147 5352 AmdPPM - ok
15:16:54.0198 5352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:16:54.0207 5352 amdsata - ok
15:16:54.0233 5352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:16:54.0243 5352 amdsbs - ok
15:16:54.0262 5352 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:16:54.0270 5352 amdxata - ok
15:16:54.0327 5352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:16:54.0390 5352 AppID - ok
15:16:54.0427 5352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:16:54.0436 5352 arc - ok
15:16:54.0453 5352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:16:54.0463 5352 arcsas - ok
15:16:54.0489 5352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:16:54.0549 5352 AsyncMac - ok
15:16:54.0602 5352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:16:54.0610 5352 atapi - ok
15:16:54.0671 5352 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
15:16:54.0710 5352 athr - ok
15:16:54.0741 5352 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
15:16:54.0809 5352 AtiHdmiService - ok
15:16:55.0020 5352 atikmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:16:55.0121 5352 atikmdag - ok
15:16:55.0147 5352 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:16:55.0155 5352 AtiPcie - ok
15:16:55.0189 5352 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
15:16:55.0223 5352 Avc - ok
15:16:55.0274 5352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:16:55.0332 5352 b06bdrv - ok
15:16:55.0380 5352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:16:55.0413 5352 b57nd60a - ok
15:16:55.0446 5352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:16:55.0499 5352 Beep - ok
15:16:55.0727 5352 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
15:16:55.0748 5352 BHDrvx64 - ok
15:16:55.0776 5352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:16:55.0811 5352 blbdrive - ok
15:16:55.0858 5352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:16:55.0946 5352 bowser - ok
15:16:55.0974 5352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:16:55.0986 5352 BrFiltLo - ok
15:16:56.0002 5352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:16:56.0014 5352 BrFiltUp - ok
15:16:56.0032 5352 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:16:56.0061 5352 BridgeMP - ok
15:16:56.0113 5352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:16:56.0161 5352 Brserid - ok
15:16:56.0196 5352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:16:56.0246 5352 BrSerWdm - ok
15:16:56.0296 5352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:16:56.0329 5352 BrUsbMdm - ok
15:16:56.0366 5352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:16:56.0376 5352 BrUsbSer - ok
15:16:56.0390 5352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:16:56.0416 5352 BTHMODEM - ok
15:16:56.0422 5352 catchme - ok
15:16:56.0516 5352 ccSet_NOF (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys
15:16:56.0525 5352 ccSet_NOF - ok
15:16:56.0559 5352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:16:56.0626 5352 cdfs - ok
15:16:56.0696 5352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:16:56.0707 5352 cdrom - ok
15:16:56.0749 5352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:16:56.0792 5352 circlass - ok
15:16:56.0835 5352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:16:56.0847 5352 CLFS - ok
15:16:56.0903 5352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:16:56.0936 5352 CmBatt - ok
15:16:56.0998 5352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:16:57.0006 5352 cmdide - ok
15:16:57.0080 5352 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:16:57.0097 5352 CNG - ok
15:16:57.0136 5352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:16:57.0144 5352 Compbatt - ok
15:16:57.0217 5352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:16:57.0272 5352 CompositeBus - ok
15:16:57.0376 5352 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
15:16:57.0384 5352 cpudrv64 - ok
15:16:57.0428 5352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:16:57.0436 5352 crcdisk - ok
15:16:57.0515 5352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:16:57.0572 5352 DfsC - ok
15:16:57.0600 5352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:16:57.0650 5352 discache - ok
15:16:57.0667 5352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:16:57.0675 5352 Disk - ok
15:16:57.0731 5352 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:16:57.0744 5352 dot4 - ok
15:16:57.0801 5352 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
15:16:57.0844 5352 Dot4Print - ok
15:16:57.0886 5352 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:16:57.0928 5352 dot4usb - ok
15:16:57.0977 5352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:16:58.0018 5352 drmkaud - ok
15:16:58.0079 5352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:16:58.0098 5352 DXGKrnl - ok
15:16:58.0176 5352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:16:58.0216 5352 ebdrv - ok
15:16:58.0325 5352 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:16:58.0338 5352 eeCtrl - ok
15:16:58.0376 5352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:16:58.0391 5352 elxstor - ok
15:16:58.0406 5352 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:16:58.0414 5352 EraserUtilRebootDrv - ok
15:16:58.0472 5352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:16:58.0509 5352 ErrDev - ok
15:16:58.0559 5352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:16:58.0613 5352 exfat - ok
15:16:58.0645 5352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:16:58.0704 5352 fastfat - ok
15:16:58.0744 5352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:16:58.0779 5352 fdc - ok
15:16:58.0820 5352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:16:58.0828 5352 FileInfo - ok
15:16:58.0848 5352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:16:58.0876 5352 Filetrace - ok
15:16:58.0901 5352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:16:58.0912 5352 flpydisk - ok
15:16:58.0973 5352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:16:58.0985 5352 FltMgr - ok
15:16:59.0013 5352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:16:59.0021 5352 FsDepends - ok
15:16:59.0047 5352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:16:59.0055 5352 Fs_Rec - ok
15:16:59.0114 5352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:16:59.0127 5352 fvevol - ok
15:16:59.0153 5352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:16:59.0161 5352 gagp30kx - ok
15:16:59.0189 5352 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:16:59.0196 5352 GEARAspiWDM - ok
15:16:59.0229 5352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:16:59.0254 5352 hcw85cir - ok
15:16:59.0319 5352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:16:59.0366 5352 HDAudBus - ok
15:16:59.0399 5352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:16:59.0409 5352 HidBatt - ok
15:16:59.0431 5352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:16:59.0471 5352 HidBth - ok
15:16:59.0505 5352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:16:59.0518 5352 HidIr - ok
15:16:59.0542 5352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:16:59.0574 5352 HidUsb - ok
15:16:59.0615 5352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:16:59.0624 5352 HpSAMD - ok
15:16:59.0700 5352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:16:59.0756 5352 HTTP - ok
15:16:59.0822 5352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:16:59.0830 5352 hwpolicy - ok
15:16:59.0898 5352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:16:59.0909 5352 i8042prt - ok
15:16:59.0987 5352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:17:00.0000 5352 iaStorV - ok
15:17:00.0235 5352 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120315.002\IDSvia64.sys
15:17:00.0247 5352 IDSVia64 - ok
15:17:00.0296 5352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:17:00.0304 5352 iirsp - ok
15:17:00.0398 5352 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
15:17:00.0434 5352 IntcAzAudAddService - ok
15:17:00.0468 5352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:17:00.0476 5352 intelide - ok
15:17:00.0518 5352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:17:00.0561 5352 intelppm - ok
15:17:00.0626 5352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:00.0673 5352 IpFilterDriver - ok
15:17:00.0714 5352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:17:00.0724 5352 IPMIDRV - ok
15:17:00.0753 5352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:17:00.0808 5352 IPNAT - ok
15:17:00.0839 5352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:17:00.0913 5352 IRENUM - ok
15:17:00.0970 5352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:17:00.0979 5352 isapnp - ok
15:17:01.0038 5352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:17:01.0049 5352 iScsiPrt - ok
15:17:01.0106 5352 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
15:17:01.0113 5352 ivusb - ok
15:17:01.0136 5352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:01.0144 5352 kbdclass - ok
15:17:01.0198 5352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:01.0232 5352 kbdhid - ok
15:17:01.0278 5352 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:17:01.0288 5352 KSecDD - ok
15:17:01.0304 5352 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:17:01.0314 5352 KSecPkg - ok
15:17:01.0333 5352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:17:01.0389 5352 ksthunk - ok
15:17:01.0430 5352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:17:01.0488 5352 lltdio - ok
15:17:01.0536 5352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:17:01.0545 5352 LSI_FC - ok
15:17:01.0574 5352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:17:01.0583 5352 LSI_SAS - ok
15:17:01.0598 5352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:17:01.0607 5352 LSI_SAS2 - ok
15:17:01.0621 5352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:17:01.0631 5352 LSI_SCSI - ok
15:17:01.0651 5352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:17:01.0701 5352 luafv - ok
15:17:01.0743 5352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:17:01.0752 5352 megasas - ok
15:17:01.0769 5352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:17:01.0781 5352 MegaSR - ok
15:17:01.0790 5352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:17:01.0819 5352 Modem - ok
15:17:01.0879 5352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:17:01.0914 5352 monitor - ok
15:17:01.0968 5352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:17:01.0976 5352 mouclass - ok
15:17:01.0991 5352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:17:02.0032 5352 mouhid - ok
15:17:02.0051 5352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:17:02.0060 5352 mountmgr - ok
15:17:02.0107 5352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:17:02.0116 5352 mpio - ok
15:17:02.0136 5352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:17:02.0165 5352 mpsdrv - ok
15:17:02.0199 5352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:17:02.0241 5352 MRxDAV - ok
15:17:02.0293 5352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:02.0349 5352 mrxsmb - ok
15:17:02.0397 5352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:02.0409 5352 mrxsmb10 - ok
15:17:02.0431 5352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:02.0441 5352 mrxsmb20 - ok
15:17:02.0463 5352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:17:02.0471 5352 msahci - ok
15:17:02.0497 5352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:17:02.0506 5352 msdsm - ok
15:17:02.0570 5352 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
15:17:02.0607 5352 MSDV - ok
15:17:02.0654 5352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:17:02.0682 5352 Msfs - ok
15:17:02.0720 5352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:17:02.0769 5352 mshidkmdf - ok
15:17:02.0825 5352 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
15:17:02.0833 5352 MSHUSBVideo - ok
15:17:02.0900 5352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:17:02.0908 5352 msisadrv - ok
15:17:02.0975 5352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:17:03.0004 5352 MSKSSRV - ok
15:17:03.0025 5352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:03.0053 5352 MSPCLOCK - ok
15:17:03.0078 5352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:17:03.0107 5352 MSPQM - ok
15:17:03.0181 5352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:17:03.0193 5352 MsRPC - ok
15:17:03.0250 5352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:17:03.0259 5352 mssmbios - ok
15:17:03.0276 5352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:17:03.0331 5352 MSTEE - ok
15:17:03.0373 5352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:17:03.0404 5352 MTConfig - ok
15:17:03.0441 5352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:17:03.0449 5352 Mup - ok
15:17:03.0488 5352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:17:03.0526 5352 NativeWifiP - ok
15:17:03.0695 5352 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120315.002\ENG64.SYS
15:17:03.0703 5352 NAVENG - ok
15:17:03.0775 5352 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120315.002\EX64.SYS
15:17:03.0806 5352 NAVEX15 - ok
15:17:03.0917 5352 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:17:03.0938 5352 NDIS - ok
15:17:03.0968 5352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:17:03.0998 5352 NdisCap - ok
15:17:04.0019 5352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:04.0047 5352 NdisTapi - ok
15:17:04.0103 5352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:04.0130 5352 Ndisuio - ok
15:17:04.0181 5352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:04.0240 5352 NdisWan - ok
15:17:04.0291 5352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:17:04.0339 5352 NDProxy - ok
15:17:04.0388 5352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:17:04.0418 5352 NetBIOS - ok
15:17:04.0481 5352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:17:04.0539 5352 NetBT - ok
15:17:04.0592 5352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:17:04.0602 5352 nfrd960 - ok
15:17:04.0614 5352 Normandy - ok
15:17:04.0638 5352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:17:04.0666 5352 Npfs - ok
15:17:04.0683 5352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:17:04.0738 5352 nsiproxy - ok
15:17:04.0799 5352 ntcdrdrv (b9d4056cd02e2b18413bcbc43b0bae65) C:\Windows\system32\DRIVERS\ntcdrdrv.sys
15:17:04.0807 5352 ntcdrdrv - ok
15:17:04.0891 5352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:17:04.0922 5352 Ntfs - ok
15:17:04.0932 5352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:17:04.0960 5352 Null - ok
15:17:05.0014 5352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:17:05.0024 5352 nvraid - ok
15:17:05.0077 5352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:17:05.0087 5352 nvstor - ok
15:17:05.0139 5352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:17:05.0148 5352 nv_agp - ok
15:17:05.0204 5352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:17:05.0242 5352 ohci1394 - ok
15:17:05.0322 5352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:17:05.0333 5352 Parport - ok
15:17:05.0402 5352 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:17:05.0411 5352 partmgr - ok
15:17:05.0415 5352 PcdrNdisuio - ok
15:17:05.0612 5352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:17:05.0623 5352 pci - ok
15:17:05.0640 5352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:17:05.0649 5352 pciide - ok
15:17:05.0673 5352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:17:05.0684 5352 pcmcia - ok
15:17:05.0711 5352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:17:05.0720 5352 pcw - ok
15:17:05.0745 5352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:17:05.0779 5352 PEAUTH - ok
15:17:05.0853 5352 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
15:17:05.0860 5352 pnarp - ok
15:17:05.0931 5352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:17:05.0959 5352 PptpMiniport - ok
15:17:05.0980 5352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:17:06.0012 5352 Processor - ok
15:17:06.0044 5352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:17:06.0083 5352 Psched - ok
15:17:06.0136 5352 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
15:17:06.0144 5352 purendis - ok
15:17:06.0195 5352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:17:06.0222 5352 ql2300 - ok
15:17:06.0245 5352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:17:06.0255 5352 ql40xx - ok
15:17:06.0276 5352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:17:06.0313 5352 QWAVEdrv - ok
15:17:06.0346 5352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:17:06.0375 5352 RasAcd - ok
15:17:06.0407 5352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:17:06.0436 5352 RasAgileVpn - ok
15:17:06.0507 5352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:17:06.0565 5352 Rasl2tp - ok
15:17:06.0618 5352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:17:06.0647 5352 RasPppoe - ok
15:17:06.0663 5352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:17:06.0693 5352 RasSstp - ok
15:17:06.0753 5352 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
15:17:06.0763 5352 rcmirror - ok
15:17:06.0824 5352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:17:06.0876 5352 rdbss - ok
15:17:06.0928 5352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:17:06.0941 5352 rdpbus - ok
15:17:06.0956 5352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:17:06.0985 5352 RDPCDD - ok
15:17:07.0000 5352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:17:07.0058 5352 RDPENCDD - ok
15:17:07.0104 5352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:17:07.0136 5352 RDPREFMP - ok
15:17:07.0210 5352 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:17:07.0242 5352 RDPWD - ok
15:17:07.0301 5352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:17:07.0312 5352 rdyboost - ok
15:17:07.0359 5352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:17:07.0422 5352 rspndr - ok
15:17:07.0479 5352 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:17:07.0557 5352 RTL8167 - ok
15:17:07.0578 5352 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
15:17:07.0605 5352 RtNdPt60 - ok
15:17:07.0669 5352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:17:07.0679 5352 sbp2port - ok
15:17:07.0738 5352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:17:07.0797 5352 scfilter - ok
15:17:07.0860 5352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:17:07.0916 5352 secdrv - ok
15:17:07.0974 5352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:17:07.0984 5352 Serenum - ok
15:17:08.0008 5352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:17:08.0028 5352 Serial - ok
15:17:08.0106 5352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:17:08.0117 5352 sermouse - ok
15:17:08.0177 5352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:17:08.0190 5352 sffdisk - ok
15:17:08.0216 5352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:17:08.0229 5352 sffp_mmc - ok
15:17:08.0249 5352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:17:08.0297 5352 sffp_sd - ok
15:17:08.0336 5352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:17:08.0359 5352 sfloppy - ok
15:17:08.0425 5352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:17:08.0433 5352 SiSRaid2 - ok
15:17:08.0457 5352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:17:08.0466 5352 SiSRaid4 - ok
15:17:08.0509 5352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:17:08.0538 5352 Smb - ok
15:17:08.0565 5352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:17:08.0574 5352 spldr - ok
15:17:08.0708 5352 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
15:17:08.0724 5352 SRTSP - ok
15:17:08.0756 5352 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
15:17:08.0763 5352 SRTSPX - ok
15:17:08.0826 5352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:17:08.0887 5352 srv - ok
15:17:08.0928 5352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:17:08.0941 5352 srv2 - ok
15:17:08.0978 5352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:17:08.0989 5352 srvnet - ok
15:17:09.0025 5352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:17:09.0034 5352 stexstor - ok
15:17:09.0094 5352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:17:09.0102 5352 swenum - ok
15:17:09.0130 5352 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
15:17:09.0142 5352 SymDS - ok
15:17:09.0176 5352 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
15:17:09.0195 5352 SymEFA - ok
15:17:09.0221 5352 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:17:09.0230 5352 SymEvent - ok
15:17:09.0291 5352 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
15:17:09.0299 5352 SymIRON - ok
15:17:09.0363 5352 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
15:17:09.0374 5352 SymNetS - ok
15:17:09.0443 5352 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} (c21550b1d42a39b3a6d128729a9ebdd6) C:\Windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS
15:17:09.0452 5352 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
15:17:09.0531 5352 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:17:09.0563 5352 Tcpip - ok
15:17:09.0610 5352 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:17:09.0643 5352 TCPIP6 - ok
15:17:09.0706 5352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:17:09.0766 5352 tcpipreg - ok
15:17:09.0825 5352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:17:09.0884 5352 TDPIPE - ok
15:17:09.0913 5352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:17:09.0942 5352 TDTCP - ok
15:17:10.0017 5352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:17:10.0049 5352 tdx - ok
15:17:10.0108 5352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:17:10.0120 5352 TermDD - ok
15:17:10.0181 5352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:17:10.0235 5352 tssecsrv - ok
15:17:10.0313 5352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:17:10.0374 5352 TsUsbFlt - ok
15:17:10.0422 5352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:17:10.0475 5352 tunnel - ok
15:17:10.0519 5352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:17:10.0528 5352 uagp35 - ok
15:17:10.0599 5352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:17:10.0629 5352 udfs - ok
15:17:10.0660 5352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:17:10.0669 5352 uliagpkx - ok
15:17:10.0722 5352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:17:10.0754 5352 umbus - ok
15:17:10.0802 5352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:17:10.0836 5352 UmPass - ok
15:17:10.0906 5352 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:17:10.0945 5352 USBAAPL64 - ok
15:17:10.0996 5352 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:17:11.0009 5352 usbaudio - ok
15:17:11.0030 5352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:17:11.0101 5352 usbccgp - ok
15:17:11.0156 5352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:17:11.0196 5352 usbcir - ok
15:17:11.0233 5352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:17:11.0287 5352 usbehci - ok
15:17:11.0334 5352 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
15:17:11.0344 5352 usbfilter - ok
15:17:11.0384 5352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:17:11.0429 5352 usbhub - ok
15:17:11.0465 5352 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:17:11.0504 5352 usbohci - ok
15:17:11.0542 5352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:17:11.0593 5352 usbprint - ok
15:17:11.0635 5352 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:17:11.0671 5352 usbscan - ok
15:17:11.0720 5352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:17:11.0753 5352 USBSTOR - ok
15:17:11.0779 5352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:17:11.0817 5352 usbuhci - ok
15:17:11.0860 5352 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:17:11.0874 5352 usbvideo - ok
15:17:11.0895 5352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:17:11.0905 5352 vdrvroot - ok
15:17:11.0932 5352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:17:11.0945 5352 vga - ok
15:17:11.0966 5352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:17:12.0025 5352 VgaSave - ok
15:17:12.0068 5352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:17:12.0079 5352 vhdmp - ok
15:17:12.0134 5352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:17:12.0143 5352 viaide - ok
15:17:12.0161 5352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:17:12.0170 5352 volmgr - ok
15:17:12.0225 5352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:17:12.0238 5352 volmgrx - ok
15:17:12.0259 5352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:17:12.0271 5352 volsnap - ok
15:17:12.0307 5352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:17:12.0318 5352 vsmraid - ok
15:17:12.0336 5352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:17:12.0349 5352 vwifibus - ok
15:17:12.0362 5352 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:17:12.0409 5352 vwififlt - ok
15:17:12.0447 5352 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:17:12.0461 5352 vwifimp - ok
15:17:12.0493 5352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:17:12.0529 5352 WacomPen - ok
15:17:12.0560 5352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:12.0611 5352 WANARP - ok
15:17:12.0614 5352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:12.0642 5352 Wanarpv6 - ok
15:17:12.0685 5352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:17:12.0693 5352 Wd - ok
15:17:12.0715 5352 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
15:17:12.0726 5352 WDC_SAM - ok
15:17:12.0747 5352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:17:12.0763 5352 Wdf01000 - ok
15:17:12.0807 5352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:17:12.0835 5352 WfpLwf - ok
15:17:12.0862 5352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:17:12.0870 5352 WIMMount - ok
15:17:12.0936 5352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:17:12.0977 5352 WinUsb - ok
15:17:13.0034 5352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:17:13.0045 5352 WmiAcpi - ok
15:17:13.0072 5352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:17:13.0100 5352 ws2ifsl - ok
15:17:13.0168 5352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:17:13.0226 5352 WudfPf - ok
15:17:13.0262 5352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:17:13.0291 5352 WUDFRd - ok
15:17:13.0383 5352 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:17:13.0393 5352 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:17:13.0417 5352 MBR (0x1B8) (9b8685c1aa1ea1781be9d92c7b1b495f) \Device\Harddisk0\DR0
15:17:13.0679 5352 \Device\Harddisk0\DR0 - ok
15:17:13.0683 5352 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
15:17:13.0849 5352 \Device\Harddisk1\DR1 - ok
15:17:13.0875 5352 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk2\DR2
15:17:14.0319 5352 \Device\Harddisk2\DR2 - ok
15:17:14.0326 5352 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
15:17:14.0656 5352 \Device\Harddisk7\DR7 - ok
15:17:14.0731 5352 Boot (0x1200) (edaaf848bbd6a62bc9f9112dc69ae3a0) \Device\Harddisk0\DR0\Partition0
15:17:14.0732 5352 \Device\Harddisk0\DR0\Partition0 - ok
15:17:14.0740 5352 Boot (0x1200) (d6e5a30d6b4346afcf902a5956123741) \Device\Harddisk0\DR0\Partition1
15:17:14.0741 5352 \Device\Harddisk0\DR0\Partition1 - ok
15:17:14.0780 5352 Boot (0x1200) (2b6f69d9c5a812427f2f0ee86dfb8bb8) \Device\Harddisk0\DR0\Partition2
15:17:14.0781 5352 \Device\Harddisk0\DR0\Partition2 - ok
15:17:14.0785 5352 Boot (0x1200) (b9d17ccc4c7574dae1837ac50a46807a) \Device\Harddisk1\DR1\Partition0
15:17:14.0786 5352 \Device\Harddisk1\DR1\Partition0 - ok
15:17:14.0788 5352 Boot (0x1200) (d113da5025ef1efd1f55381abb44b6bf) \Device\Harddisk2\DR2\Partition0
15:17:14.0790 5352 \Device\Harddisk2\DR2\Partition0 - ok
15:17:14.0794 5352 Boot (0x1200) (9d799b6d6035fc218b1715bddcce0c93) \Device\Harddisk7\DR7\Partition0
15:17:14.0796 5352 \Device\Harddisk7\DR7\Partition0 - ok
15:17:14.0796 5352 ============================================================
15:17:14.0796 5352 Scan finished
15:17:14.0796 5352 ============================================================
15:17:14.0803 6852 Detected object count: 0
15:17:14.0803 6852 Actual detected object count: 0

#8 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 March 2012 - 04:09 PM

I guess this thing is through running. Hard to tell.

aswMBR Log(s):

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-15 15:18:24
-----------------------------
15:18:24.612 OS Version: Windows x64 6.1.7601 Service Pack 1
15:18:24.613 Number of processors: 4 586 0x403
15:18:24.613 ComputerName: BSMALL-PC UserName: bsmall
15:18:26.278 Initialize success
15:18:54.887 AVAST engine defs: 12031401
15:19:23.035 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
15:19:23.039 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
15:19:23.041 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000086
15:19:23.042 Disk 1 Vendor: Size: 953674MB BusType: 0
15:19:23.044 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000087
15:19:23.045 Disk 2 Vendor: Size: 953674MB BusType: 0
15:19:23.047 Disk 7 \Device\Harddisk7\DR7 -> \Device\00000094
15:19:23.049 Disk 7 Vendor: Size: 953674MB BusType: 0
15:19:23.070 Disk 0 MBR read successfully
15:19:23.073 Disk 0 MBR scan
15:19:23.078 Disk 0 unknown MBR code
15:19:23.080 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:19:23.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941737 MB offset 206848
15:19:23.133 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11835 MB offset 1928884224
15:19:23.202 Disk 0 scanning C:\Windows\system32\drivers
15:19:36.446 Service scanning
15:19:53.424 Service Ptserlp C:\Windows\system32\zpjobq.dll **INFECTED** Win64:ZAccess-E [Rtk]
15:20:03.580 Modules scanning
15:20:03.585 Disk 0 trace - called modules:
15:20:03.647 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
15:20:03.651 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076b4790]
15:20:03.655 3 CLASSPNP.SYS[fffff88001bc443f] -> nt!IofCallDriver -> \Device\00000073[0xfffffa80075ce9c0]
15:20:05.687 AVAST engine scan C:\Windows
15:20:11.009 AVAST engine scan C:\Windows\system32
15:22:20.746 File: C:\Windows\system32\zpjobq.dll **INFECTED** Win64:ZAccess-E [Rtk]
15:24:37.864 AVAST engine scan C:\Windows\system32\drivers
15:25:02.918 AVAST engine scan C:\Users\bsmall
15:25:51.849 Disk 0 MBR has been saved successfully to "C:\Users\bsmall\Desktop\MBR.dat"
15:25:51.857 The log file has been saved successfully to "C:\Users\bsmall\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-15 15:18:24
-----------------------------
15:18:24.612 OS Version: Windows x64 6.1.7601 Service Pack 1
15:18:24.613 Number of processors: 4 586 0x403
15:18:24.613 ComputerName: BSMALL-PC UserName: bsmall
15:18:26.278 Initialize success
15:18:54.887 AVAST engine defs: 12031401
15:19:23.035 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
15:19:23.039 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
15:19:23.041 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000086
15:19:23.042 Disk 1 Vendor: Size: 953674MB BusType: 0
15:19:23.044 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000087
15:19:23.045 Disk 2 Vendor: Size: 953674MB BusType: 0
15:19:23.047 Disk 7 \Device\Harddisk7\DR7 -> \Device\00000094
15:19:23.049 Disk 7 Vendor: Size: 953674MB BusType: 0
15:19:23.070 Disk 0 MBR read successfully
15:19:23.073 Disk 0 MBR scan
15:19:23.078 Disk 0 unknown MBR code
15:19:23.080 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:19:23.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941737 MB offset 206848
15:19:23.133 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11835 MB offset 1928884224
15:19:23.202 Disk 0 scanning C:\Windows\system32\drivers
15:19:36.446 Service scanning
15:19:53.424 Service Ptserlp C:\Windows\system32\zpjobq.dll **INFECTED** Win64:ZAccess-E [Rtk]
15:20:03.580 Modules scanning
15:20:03.585 Disk 0 trace - called modules:
15:20:03.647 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
15:20:03.651 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076b4790]
15:20:03.655 3 CLASSPNP.SYS[fffff88001bc443f] -> nt!IofCallDriver -> \Device\00000073[0xfffffa80075ce9c0]
15:20:05.687 AVAST engine scan C:\Windows
15:20:11.009 AVAST engine scan C:\Windows\system32
15:22:20.746 File: C:\Windows\system32\zpjobq.dll **INFECTED** Win64:ZAccess-E [Rtk]
15:24:37.864 AVAST engine scan C:\Windows\system32\drivers
15:25:02.918 AVAST engine scan C:\Users\bsmall
15:25:51.849 Disk 0 MBR has been saved successfully to "C:\Users\bsmall\Desktop\MBR.dat"
15:25:51.857 The log file has been saved successfully to "C:\Users\bsmall\Desktop\aswMBR.txt"
16:08:00.187 Disk 0 MBR has been saved successfully to "C:\Users\bsmall\Desktop\MBR.dat"
16:08:00.224 The log file has been saved successfully to "C:\Users\bsmall\Desktop\aswMBR.txt"

#9 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 March 2012 - 04:34 PM

Since running this last test for you, I got the BSOD and am now running the Windows Startup Repair. In the process of the Startup Repair, it is now attempting repairs from a previous restore point.

Cold sweats ensuing.

#10 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 March 2012 - 04:45 PM

The Startup Repair from a previous restore point seems to have allowed the system to boot back up. However, by doing so, I don't know what I have undone from the work you have had me do from your recommendations above.

I am now getting the "Bad Image" message again, which I wasn't in the last one or two reboots that the system had done after some of your recommendations above.

I apologize if I have made your work twice as hard by choosing the Startup Repair/Previous Restore Point option. I didn't know what to do after I got the blue screen.

#11 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 March 2012 - 08:04 PM

Gringo - wanted you to know that I have purchased a Carbonite subscription since I was suicidal earlier after seeing the BSOD. It is in the long and arduous process of backing up my critical data. Not sure how long it will take, but I just wanted you to know that is happening as I type, just in case my scenario isn't rectified.

Thanks, a million, for your help and patience. I will continue to monitor this thread for further instruction.

bsmall

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 15 March 2012 - 09:28 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 16 March 2012 - 04:39 PM

Gringo, just wanted to double check to make sure you wanted me to perform the system restore procedure that you mentioned previously, given that I currently have the system up and running (albeit still infected).

A little concerned that it'll remove the Carbonite installation and backup configuration, but, if you say it's the next step - it's the next step.

I don't mean to question your instruction, just wanted to double check on the restore step.

Thanks.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 17 March 2012 - 12:03 AM

hello


my last instruction will not restore anything or change anytyhing - it will give you a report only - make sure to read each step completely


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 briansmall

briansmall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 17 March 2012 - 09:22 AM

Thanks for your patience with me. I am assuming that I leave my computer on the screen as it is after running the Farbar Scan Tool? I won't reboot until I hear from you.

Here is the log from the last set of instructions:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 17-03-2012 09:17:25
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-09-14] ()
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [472112 2010-08-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Online Backup Auto Update] "C:\Program Files (x86)\Charter\Cloud Drive Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe" [233472 2011-06-21] ()
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Charter\Cloud Drive Backup\vewatch.exe [28672 2011-03-23] (DigiData Corp.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2012-02-03] (Carbonite, Inc.)
HKU\Administrator\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\bsmall\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2918224 2012-02-01] (TechSmith Corporation)
HKU\bsmall\...\Run: [AdobeBridge] [x]
HKU\bsmall\...\Run: [Audiogalaxy] "C:\Users\bsmall\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup [2955496 2011-12-13] (AG Entertainment Inc)
HKU\bsmall\...\Run: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none [198144 2011-05-02] (YouSendIt)
HKU\bsmall\...\Run: [Google Update] "C:\Users\bsmall\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-29] (Google Inc.)
HKU\bsmall\...\Run: [MusicManager] "C:\Users\bsmall\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13320704 2012-02-21] (Google Inc.)
HKU\bsmall\...\Policies\system: [DisableRegistryTools] 0
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\Matt Small\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\Matt Small\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Mcx1-BSMALL-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.113.206.10 24.217.0.5 71.92.29.130
Tcpip\..\Interfaces\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}: [NameServer]208.67.222.222,208.67.220.220
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS3; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service [153792 2007-03-20] (Adobe Systems Incorporated)
2 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-09-19] (AMD)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6378128 2012-02-03] (Carbonite, Inc. (www.carbonite.com))
2 FilesystemWatcher; "C:\Program Files (x86)\Charter\Cloud Drive Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe" [24576 2011-06-21] (DigiData Corp.)
3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-11-09] (Google)
2 KjsUpdateService; "C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe" [12800 2008-08-17] (Kinetic Jump Software, LLC)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
2 NOF; "C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe" /s "NOF" /m "C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\diMaster.dll" /prefetch:1 [309688 2012-01-04] (Symantec Corporation)
2 OnlineBackupSchedulerService; "C:\Program Files (x86)\Charter\Cloud Drive Backup\Scheduler\OnlineBackup.SchedulerService.exe" [24576 2011-06-21] ()
2 Ptserlp; C:\Windows\System32\zpjobq.dll [6656 2009-07-13] (Oak Technology Inc.)
2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [20480 2009-09-16] (Intuit)
3 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2007-05-24] (Intuit Inc.)
2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-06-08] ()
2 Stuffit Archive Name Service; "C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe" [1916248 2009-10-30] (Smith Micro Software, Inc.)
3 Symantec RemoteAssist; "C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.)
2 WDFME; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" [1060352 2010-10-05] ()
2 WDSC; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" [485376 2010-10-05] ()
2 LightScribeService; "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
0 ahcix64s; C:\Windows\System32\Drivers\ahcix64s.sys [230456 2009-10-06] (Advanced Micro Devices, Inc)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
1 ccSet_NOF; C:\Windows\System32\drivers\NOFx64\0203000.007\ccSetx64.sys [167048 2011-11-04] (Symantec Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-05] (Symantec Corporation)
3 EraserUtilDrv11122; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [138360 2012-03-15] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-05] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120316.005\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-28] (Initio Corporation)
3 MSDV; C:\Windows\System32\Drivers\MSDV.sys [61440 2009-07-13] (Microsoft Corporation)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [36720 2010-12-13] (Microsoft Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120316.035\ENG64.SYS [117880 2012-03-15] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120316.035\EX64.SYS [2048632 2012-03-15] (Symantec Corporation)
3 Normandy; C:\Windows\SysWow64\Drivers\Normandy.sys [34560 2010-09-15] ()
0 ntcdrdrv; C:\Windows\System32\Drivers\ntcdrdrv.sys [23424 2010-08-03] (NoteBurn Software)
2 pnarp; C:\Windows\System32\Drivers\pnarp.sys [33328 2009-07-07] (Cisco Systems, Inc.)
2 purendis; C:\Windows\System32\Drivers\purendis.sys [35376 2009-07-07] (Cisco Systems, Inc.)
3 rcmirror; C:\Windows\System32\Drivers\rcmirror.sys [4608 2010-01-18] (Windows ® Win 7 DDK provider)
2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [26624 2009-09-16] (Windows ® Codename Longhorn DDK provider)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0502000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-02-08] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0502000.00D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS [218232 2011-11-16] (Symantec Corporation)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
3 PcdrNdisuio; C:\Windows\SysWow64\drivers\pcdrndisuio.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: Ptserlp

============ One Month Created Files and Folders ==============

2012-03-15 20:50 - 2012-03-15 20:50 - 0000718 ____A C:\Libraries - Shortcut.lnk
2012-03-15 16:24 - 2012-03-15 16:29 - 0002098 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\Users\All Users\Carbonite
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\ProgramData\Carbonite
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\Program Files\Carbonite
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\Program Files (x86)\Carbonite
2012-03-15 14:12 - 2012-03-15 14:12 - 0002264 ____A C:\{039D77B5-2057-4750-800D-7BFF33F53B22}
2012-03-15 13:37 - 2012-03-15 13:37 - 0000000 ____D C:\Windows\system64
2012-03-15 12:25 - 2012-03-15 13:08 - 0000512 ____A C:\Users\bsmall\Desktop\MBR.dat
2012-03-15 12:13 - 2012-03-15 12:26 - 0174496 ____A C:\TDSSKiller.2.7.20.0_15.03.2012_15.13.40_log.txt
2012-03-15 06:11 - 2012-03-15 06:11 - 0064655 ____A C:\ComboFix.txt
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-15 04:54 - 2012-03-15 16:34 - 0000000 ____D C:\Windows\ERDNT
2012-03-15 04:54 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-03-15 04:53 - 2012-03-15 06:11 - 0000000 ____D C:\Qoobox
2012-03-15 04:23 - 2012-03-15 04:23 - 0002848 ____A C:\{51D1938C-4AE9-4A24-9286-24B5CBBB06BE}
2012-03-15 04:02 - 2012-03-15 04:02 - 0000000 ____A C:\Users\bsmall\defogger_reenable
2012-03-14 14:51 - 2012-03-15 06:52 - 0000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-03-14 08:54 - 2012-03-14 08:54 - 0002128 ____A C:\{983D3FD5-25E7-4C9D-9E1D-43C499F8368A}
2012-03-14 08:53 - 2012-03-14 08:53 - 0002128 ____A C:\{E6F9CF7F-FABF-48D6-AADD-291D5962613C}
2012-03-14 05:24 - 2012-03-14 05:41 - 0258842 ____A C:\TDSSKiller.2.7.20.0_14.03.2012_08.24.27_log.txt
2012-03-14 03:33 - 2012-03-14 03:40 - 0174356 ____A C:\TDSSKiller.2.7.20.0_14.03.2012_06.33.57_log.txt
2012-03-14 03:28 - 2012-03-14 03:28 - 0002840 ____A C:\{C20258FB-DFBA-4456-9CE1-EF0D69517446}
2012-03-14 03:02 - 2012-03-14 03:02 - 0002840 ____A C:\{22EA5607-B248-4859-B675-2A3EC7BCF268}
2012-03-14 02:28 - 2012-03-14 02:36 - 0018252 ____A C:\Windows\ntbtlog.txt
2012-03-14 02:13 - 2012-03-14 03:13 - 0000000 ____D C:\Users\bsmall\AppData\Local\NPE
2012-03-14 01:32 - 2012-03-17 06:05 - 0001018 ____A C:\Windows\setupact.log
2012-03-14 01:32 - 2012-03-14 01:32 - 0000798 ____A C:\Windows\PFRO.log
2012-03-14 01:32 - 2012-03-14 01:32 - 0000000 ____A C:\Windows\setuperr.log
2012-03-13 18:45 - 2012-03-13 18:45 - 0002840 ____A C:\{0267EE90-0202-4EF2-86C1-2A7532BD53F7}
2012-03-13 18:43 - 2012-03-13 18:43 - 0002840 ____A C:\{763363EF-A3CB-4DF3-B143-676850A5B5A2}
2012-03-13 18:39 - 2012-03-13 18:39 - 0006200 ____A C:\{B244CD5A-2D86-47E9-B525-41EF9A5B146E}
2012-03-13 18:39 - 2012-03-13 18:39 - 0002840 ____A C:\{B8E6E234-2454-41DD-A367-2B144177ADCF}
2012-03-13 18:33 - 2012-03-13 18:33 - 0002840 ____A C:\{B6644B76-F262-48F7-8CFD-8944553CFBBC}
2012-03-13 18:30 - 2012-03-13 18:30 - 0006200 ____A C:\{59BD795B-7527-4D8A-9F4A-65B2A44A575E}
2012-03-13 18:30 - 2012-03-13 18:30 - 0002840 ____A C:\{B0F5988E-D7FB-4619-973B-96A890B87A92}
2012-03-13 18:21 - 2012-03-13 18:21 - 0006200 ____A C:\{26E611A1-5195-4293-9397-9828F3688D1B}
2012-03-13 18:21 - 2012-03-13 18:21 - 0002840 ____A C:\{8F5E2DA5-B920-4DD0-9EB6-EF0A20EFA14F}
2012-03-13 17:40 - 2012-03-15 13:38 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-13 10:11 - 2012-03-13 10:15 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\Media Finder
2012-03-09 09:18 - 2012-03-09 09:18 - 0000000 ____D C:\Users\bsmall\AppData\Local\Marketing Plan Pro Samples
2012-03-08 09:57 - 2012-03-08 10:02 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\IrfanView
2012-02-21 10:15 - 2012-02-21 10:15 - 0003760 ____A C:\{59059347-9CA7-4A71-B74F-A2B843A9620E}
2012-02-21 10:12 - 2012-02-21 10:12 - 0002672 ____A C:\{EAA9598B-223E-497B-9F6A-5175D876E1E3}
2012-02-21 10:09 - 2012-02-21 10:09 - 0000000 ____D C:\Program Files (x86)\LexarMedia
2012-02-21 08:19 - 2012-02-21 10:02 - 0000019 ____A C:\Users\bsmall\rp.ini
2012-02-21 08:13 - 2012-02-21 10:03 - 0000882 ____A C:\Users\bsmall\RPSTD2011.lic
2012-02-21 08:13 - 2012-02-21 10:03 - 0000000 ____D C:\Users\bsmall\RescuePRO
2012-02-21 08:13 - 2012-02-21 10:03 - 0000000 ____D C:\Program Files (x86)\RescuePRO
2012-02-21 07:40 - 2012-02-21 07:40 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-21 07:40 - 2012-02-21 07:40 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-21 07:40 - 2012-02-21 07:40 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-19 08:12 - 2012-02-19 11:19 - 0000000 ____D C:\TuneUp Duplicates
2012-02-16 06:08 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-16 06:08 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-16 06:08 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-16 06:08 - 2011-12-13 23:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-16 06:08 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-16 06:08 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-16 06:08 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-16 06:08 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-16 06:08 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-16 06:08 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-16 06:08 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-16 06:08 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-16 06:08 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-16 06:08 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-16 06:08 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-16 06:08 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-16 06:08 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-16 06:08 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-16 06:08 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-16 06:08 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-16 06:08 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-16 06:08 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-16 06:08 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-16 06:08 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-16 06:08 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-16 06:08 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-16 06:06 - 2012-01-13 20:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-16 06:06 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-16 06:06 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-16 06:06 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-16 06:06 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-16 06:06 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-16 06:06 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-16 06:06 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-16 06:04 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-16 06:04 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll


============ 3 Months Modified Files and Folders =============

2012-03-17 09:17 - 2012-03-17 09:17 - 0000000 ____D C:\FRST
2012-03-17 06:05 - 2012-03-14 01:32 - 0001018 ____A C:\Windows\setupact.log
2012-03-17 06:05 - 2011-08-04 11:04 - 0000000 ____D C:\Users\bsmall\AppData\Local\Audiogalaxy
2012-03-17 06:05 - 2010-04-06 17:00 - 1922150 ____A C:\Windows\WindowsUpdate.log
2012-03-17 05:08 - 2011-11-29 18:58 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000UA.job
2012-03-17 05:07 - 2010-10-15 10:29 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-17 04:44 - 2011-07-18 07:39 - 0000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000UA.job
2012-03-17 01:08 - 2011-06-13 12:12 - 0000466 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-03-17 00:00 - 2011-06-14 08:43 - 0000452 ____A C:\Windows\Tasks\SDMsgUpdate (SD).job
2012-03-16 17:01 - 2011-07-22 09:10 - 0000615 ____A C:\Windows\Tasks\OnlineBackupManager.job
2012-03-16 15:08 - 2011-11-29 18:58 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000Core.job
2012-03-16 15:07 - 2010-10-15 10:29 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-16 13:44 - 2010-07-15 14:41 - 0000000 ____D C:\Gameday
2012-03-16 13:12 - 2010-07-14 11:02 - 0000000 ____D C:\users\bsmall
2012-03-16 12:52 - 2011-09-04 06:18 - 0000000 ____D C:\Captain Hook
2012-03-16 12:44 - 2011-09-20 14:18 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\Dropbox
2012-03-16 12:07 - 2010-07-15 14:28 - 0000000 ____D C:\Personal
2012-03-16 12:06 - 2011-04-26 08:10 - 0000000 ____D C:\Program Files\PhotomatixPro3
2012-03-16 11:47 - 2009-07-13 21:13 - 0730532 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-16 10:19 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-16 10:19 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-16 07:44 - 2011-07-18 07:39 - 0000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000Core.job
2012-03-16 04:38 - 2010-07-15 11:46 - 0000000 ____D C:\Brian Small Productions
2012-03-16 04:15 - 2010-07-14 13:02 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\Adobe
2012-03-15 20:53 - 2011-09-04 06:26 - 0000000 ____D C:\Users\bsmall\Desktop\Resume
2012-03-15 20:50 - 2012-03-15 20:50 - 0000718 ____A C:\Libraries - Shortcut.lnk
2012-03-15 17:48 - 2011-08-04 09:32 - 0000000 ____D C:\Windows\System32\Drivers\NSMx64
2012-03-15 16:34 - 2012-03-15 04:54 - 0000000 ____D C:\Windows\ERDNT
2012-03-15 16:34 - 2011-09-05 16:31 - 0000000 ____D C:\users\Mcx1-BSMALL-PC
2012-03-15 16:34 - 2011-08-15 15:54 - 0000000 ____D C:\users\Matt Small
2012-03-15 16:34 - 2011-03-24 07:17 - 0000000 ____D C:\Program Files (x86)\UCT
2012-03-15 16:34 - 2010-09-15 13:47 - 0000000 ___RD C:\32788R22FWJFW
2012-03-15 16:34 - 2010-08-09 05:23 - 0000000 ____D C:\users\Administrator
2012-03-15 16:34 - 2010-07-14 20:32 - 0000000 ____D C:\Users\bsmall\AppData\Local\NetCentrics
2012-03-15 16:34 - 2010-07-14 14:50 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-03-15 16:34 - 2010-07-14 14:50 - 0000000 ____D C:\ProgramData\FLEXnet
2012-03-15 16:34 - 2010-02-07 10:43 - 0000000 ____D C:\Users\All Users\Norton
2012-03-15 16:34 - 2010-02-07 10:43 - 0000000 ____D C:\ProgramData\Norton
2012-03-15 16:34 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-15 16:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-15 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-15 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-15 16:34 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-03-15 16:29 - 2012-03-15 16:24 - 0002098 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\Users\All Users\Carbonite
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\ProgramData\Carbonite
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\Program Files\Carbonite
2012-03-15 16:23 - 2012-03-15 16:23 - 0000000 ____D C:\Program Files (x86)\Carbonite
2012-03-15 16:01 - 2011-01-18 08:40 - 0000336 ____A C:\Windows\Tasks\HPCeeScheduleForbsmall.job
2012-03-15 15:12 - 2011-02-18 22:11 - 0000000 ____D C:\Users\bsmall\Desktop\pics
2012-03-15 15:12 - 2010-07-15 14:28 - 0000000 ____D C:\Images
2012-03-15 14:31 - 2010-07-18 08:45 - 0000000 ____D C:\Users\bsmall\AppData\Local\CrashDumps
2012-03-15 14:12 - 2012-03-15 14:12 - 0002264 ____A C:\{039D77B5-2057-4750-800D-7BFF33F53B22}
2012-03-15 13:38 - 2012-03-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-15 13:37 - 2012-03-15 13:37 - 0000000 ____D C:\Windows\system64
2012-03-15 13:37 - 2010-02-07 09:58 - 2141106176 __ASH C:\hiberfil.sys
2012-03-15 13:37 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-15 13:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-15 13:08 - 2012-03-15 12:25 - 0000512 ____A C:\Users\bsmall\Desktop\MBR.dat
2012-03-15 12:26 - 2012-03-15 12:13 - 0174496 ____A C:\TDSSKiller.2.7.20.0_15.03.2012_15.13.40_log.txt
2012-03-15 06:52 - 2012-03-14 14:51 - 0000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-03-15 06:11 - 2012-03-15 06:11 - 0064655 ____A C:\ComboFix.txt
2012-03-15 06:11 - 2012-03-15 04:53 - 0000000 ____D C:\Qoobox
2012-03-15 05:16 - 2009-07-13 18:34 - 86769664 ____A C:\Windows\System32\config\software.bak
2012-03-15 05:16 - 2009-07-13 18:34 - 20971520 ____A C:\Windows\System32\config\system.bak
2012-03-15 05:16 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-03-15 05:16 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-03-15 05:16 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-15 05:15 - 2012-03-15 05:15 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-15 04:23 - 2012-03-15 04:23 - 0002848 ____A C:\{51D1938C-4AE9-4A24-9286-24B5CBBB06BE}
2012-03-15 04:02 - 2012-03-15 04:02 - 0000000 ____A C:\Users\bsmall\defogger_reenable
2012-03-14 14:51 - 2010-02-07 10:43 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-03-14 14:51 - 2010-02-07 10:43 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-03-14 08:54 - 2012-03-14 08:54 - 0002128 ____A C:\{983D3FD5-25E7-4C9D-9E1D-43C499F8368A}
2012-03-14 08:53 - 2012-03-14 08:53 - 0002128 ____A C:\{E6F9CF7F-FABF-48D6-AADD-291D5962613C}
2012-03-14 05:41 - 2012-03-14 05:24 - 0258842 ____A C:\TDSSKiller.2.7.20.0_14.03.2012_08.24.27_log.txt
2012-03-14 03:40 - 2012-03-14 03:33 - 0174356 ____A C:\TDSSKiller.2.7.20.0_14.03.2012_06.33.57_log.txt
2012-03-14 03:28 - 2012-03-14 03:28 - 0002840 ____A C:\{C20258FB-DFBA-4456-9CE1-EF0D69517446}
2012-03-14 03:13 - 2012-03-14 02:13 - 0000000 ____D C:\Users\bsmall\AppData\Local\NPE
2012-03-14 03:02 - 2012-03-14 03:02 - 0002840 ____A C:\{22EA5607-B248-4859-B675-2A3EC7BCF268}
2012-03-14 02:36 - 2012-03-14 02:28 - 0018252 ____A C:\Windows\ntbtlog.txt
2012-03-14 01:50 - 2010-08-16 14:43 - 0000000 ____D C:\Users\All Users\Mozilla Firefox
2012-03-14 01:50 - 2010-08-16 14:43 - 0000000 ____D C:\ProgramData\Mozilla Firefox
2012-03-14 01:33 - 2011-09-05 16:31 - 0000258 _RASH C:\Users\All Users\ntuser.pol
2012-03-14 01:33 - 2011-09-05 16:31 - 0000258 _RASH C:\ProgramData\ntuser.pol
2012-03-14 01:32 - 2012-03-14 01:32 - 0000798 ____A C:\Windows\PFRO.log
2012-03-14 01:32 - 2012-03-14 01:32 - 0000000 ____A C:\Windows\setuperr.log
2012-03-13 18:45 - 2012-03-13 18:45 - 0002840 ____A C:\{0267EE90-0202-4EF2-86C1-2A7532BD53F7}
2012-03-13 18:43 - 2012-03-13 18:43 - 0002840 ____A C:\{763363EF-A3CB-4DF3-B143-676850A5B5A2}
2012-03-13 18:39 - 2012-03-13 18:39 - 0006200 ____A C:\{B244CD5A-2D86-47E9-B525-41EF9A5B146E}
2012-03-13 18:39 - 2012-03-13 18:39 - 0002840 ____A C:\{B8E6E234-2454-41DD-A367-2B144177ADCF}
2012-03-13 18:33 - 2012-03-13 18:33 - 0002840 ____A C:\{B6644B76-F262-48F7-8CFD-8944553CFBBC}
2012-03-13 18:32 - 2010-09-15 09:16 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-13 18:32 - 2010-09-15 09:16 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-13 18:30 - 2012-03-13 18:30 - 0006200 ____A C:\{59BD795B-7527-4D8A-9F4A-65B2A44A575E}
2012-03-13 18:30 - 2012-03-13 18:30 - 0002840 ____A C:\{B0F5988E-D7FB-4619-973B-96A890B87A92}
2012-03-13 18:21 - 2012-03-13 18:21 - 0006200 ____A C:\{26E611A1-5195-4293-9397-9828F3688D1B}
2012-03-13 18:21 - 2012-03-13 18:21 - 0002840 ____A C:\{8F5E2DA5-B920-4DD0-9EB6-EF0A20EFA14F}
2012-03-13 17:47 - 2011-01-28 15:27 - 0000000 ____D C:\Users\bsmall\AppData\Local\Smith Micro
2012-03-13 12:25 - 2010-11-23 09:10 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\uTorrent
2012-03-13 11:27 - 2011-05-03 17:24 - 10575148 ____A C:\RaylightVegas90.log
2012-03-13 10:19 - 2010-07-14 13:21 - 0000000 ____D C:\Program Files (x86)\CCleaner
2012-03-13 10:15 - 2012-03-13 10:11 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\Media Finder
2012-03-13 07:50 - 2010-07-15 10:46 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\HpUpdate
2012-03-13 07:50 - 2010-07-15 10:46 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\HP Support Assistant
2012-03-13 04:21 - 2011-05-27 05:22 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-13 03:09 - 2010-08-16 14:43 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\Mozilla
2012-03-09 09:49 - 2010-07-15 04:31 - 1315652 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-03-09 09:18 - 2012-03-09 09:18 - 0000000 ____D C:\Users\bsmall\AppData\Local\Marketing Plan Pro Samples
2012-03-09 06:06 - 2009-07-13 20:45 - 5241496 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-08 14:19 - 2010-07-14 11:06 - 0875320 ____A C:\Users\bsmall\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-08 13:20 - 2011-05-04 06:46 - 0000000 ____D C:\VueScan
2012-03-08 10:02 - 2012-03-08 09:57 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\IrfanView
2012-03-05 09:06 - 2011-09-04 06:30 - 0000000 ____D C:\Users\bsmall\Desktop\Invoices
2012-02-29 05:58 - 2010-11-23 09:11 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-28 08:18 - 2010-07-14 11:12 - 0000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-02-24 04:11 - 2011-09-20 14:18 - 0001005 ____A C:\Users\bsmall\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-24 04:11 - 2011-09-20 14:18 - 0001005 ____A C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-21 10:15 - 2012-02-21 10:15 - 0003760 ____A C:\{59059347-9CA7-4A71-B74F-A2B843A9620E}
2012-02-21 10:12 - 2012-02-21 10:12 - 0002672 ____A C:\{EAA9598B-223E-497B-9F6A-5175D876E1E3}
2012-02-21 10:09 - 2012-02-21 10:09 - 0000000 ____D C:\Program Files (x86)\LexarMedia
2012-02-21 10:07 - 2010-02-07 10:07 - 0000000 ____D C:\Windows\Downloaded Installations
2012-02-21 10:03 - 2012-02-21 08:13 - 0000882 ____A C:\Users\bsmall\RPSTD2011.lic
2012-02-21 10:03 - 2012-02-21 08:13 - 0000000 ____D C:\Users\bsmall\RescuePRO
2012-02-21 10:03 - 2012-02-21 08:13 - 0000000 ____D C:\Program Files (x86)\RescuePRO
2012-02-21 10:02 - 2012-02-21 08:19 - 0000019 ____A C:\Users\bsmall\rp.ini
2012-02-21 07:40 - 2012-02-21 07:40 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-21 07:40 - 2012-02-21 07:40 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-21 07:40 - 2012-02-21 07:40 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-21 07:40 - 2010-07-19 09:42 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-21 06:48 - 2010-07-15 04:21 - 0743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-21 06:28 - 2010-02-07 10:37 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-21 06:10 - 2009-07-13 18:34 - 0000534 ____A C:\Windows\win.ini
2012-02-19 11:19 - 2012-02-19 08:12 - 0000000 ____D C:\TuneUp Duplicates
2012-02-19 07:55 - 2011-10-22 12:30 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-18 07:09 - 2011-11-17 12:08 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-16 09:35 - 2011-06-13 12:14 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\SmartDraw
2012-02-16 06:57 - 2010-07-14 11:07 - 0000174 ___SH C:\Users\bsmall\Start Menu\Programs\Startup\desktop.ini
2012-02-16 06:57 - 2010-07-14 11:07 - 0000174 ___SH C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 06:11 - 2010-07-17 07:43 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-14 15:10 - 2012-02-14 15:10 - 0002464 ____A C:\{A5360A5A-8279-4903-A13B-7E0DCE725D1B}
2012-02-14 15:08 - 2012-02-14 15:08 - 0002776 ____A C:\{8D7FD878-D159-470C-BC11-EBA31898FD09}
2012-02-14 13:14 - 2012-02-14 13:14 - 0003200 ____A C:\{9166B492-BCAA-4872-AE69-A9ABED41D71E}
2012-02-14 11:53 - 2012-02-14 11:53 - 2032350 ____A C:\Users\bsmall\Desktop\bosses-coupon.pdf
2012-02-14 06:48 - 2010-08-03 09:30 - 0000000 ____D C:\Users\bsmall\AppData\Local\Google
2012-02-13 17:08 - 2012-02-13 17:08 - 0002448 ____A C:\{7ED4A04A-4E7C-4DF7-83AA-82D4D298C8C5}
2012-02-12 12:00 - 2010-07-14 21:24 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-12 08:24 - 2010-07-16 05:38 - 0000000 ____D C:\Users\bsmall\AppData\Local\ElevatedDiagnostics
2012-02-12 08:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-09 04:44 - 2011-08-04 09:32 - 0000000 ____D C:\Windows\System32\Drivers\NOFx64
2012-02-08 18:27 - 2012-02-06 13:34 - 0000000 ____D C:\Program Files\Symantec
2012-02-08 18:27 - 2011-06-14 05:45 - 0175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-02-08 18:27 - 2011-06-14 05:45 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-02-08 18:27 - 2011-06-14 05:45 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-02-07 05:43 - 2012-02-06 13:33 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2012-02-06 13:41 - 2010-08-02 06:01 - 0000000 ____D C:\Users\bsmall\Documents\Symantec
2012-02-06 13:33 - 2012-02-06 13:33 - 0000000 ____D C:\Program Files (x86)\Norton 360
2012-02-06 13:29 - 2012-02-06 12:50 - 0001317 ____A C:\Users\bsmall\Desktop\Norton Installation Files.lnk
2012-02-06 12:52 - 2012-02-06 12:52 - 0000000 ____D C:\Users\All Users\PCSettings
2012-02-06 12:52 - 2012-02-06 12:52 - 0000000 ____D C:\ProgramData\PCSettings
2012-02-06 12:50 - 2011-06-14 05:42 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-02-04 11:40 - 2012-02-04 11:39 - 0000000 ____D C:\Users\bsmall\Documents\iPhone Tool Kits
2012-02-04 11:36 - 2012-02-04 11:36 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\iPhone Tool Kits
2012-02-04 11:35 - 2012-02-04 11:35 - 0000000 ____D C:\Program Files\Cucusoft
2012-02-04 11:35 - 2012-02-04 11:34 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\GetRightToGo
2012-02-04 09:14 - 2010-08-07 06:25 - 0000000 ____D C:\Program Files (x86)\Tansee iPhone Transfer SMS
2012-02-01 09:03 - 2012-02-01 08:58 - 0000000 ____D C:\Program Files (x86)\FLAC to MP3 Converter
2012-02-01 09:00 - 2011-01-17 11:36 - 0007680 ____A C:\Users\bsmall\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-01 08:58 - 2012-02-01 08:44 - 0000000 ____D C:\Program Files (x86)\FLAC To MP3
2012-02-01 08:48 - 2012-02-01 08:46 - 0000470 ____A C:\11.txt
2012-02-01 08:48 - 2012-02-01 08:46 - 0000000 ____D C:\tmp
2012-01-31 19:19 - 2011-06-15 08:38 - 0000000 ____D C:\Program Files (x86)\LinkedIn
2012-01-31 19:19 - 2011-02-07 09:52 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\Winamp
2012-01-31 19:19 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-01-31 12:19 - 2012-01-31 12:19 - 0000000 ____D C:\Program Files\LinkedIn
2012-01-25 06:24 - 2012-01-25 06:24 - 0000000 ____D C:\Program Files (x86)\Evernote
2012-01-19 11:39 - 2010-07-24 13:00 - 0038249 ____A C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-01-19 10:21 - 2012-01-19 10:21 - 0000000 ____D C:\Users\bsmall\AppData\Local\twitter
2012-01-19 10:21 - 2012-01-19 10:21 - 0000000 ____D C:\Program Files (x86)\Twitter
2012-01-19 09:57 - 2010-09-08 12:04 - 0060304 ____A C:\Users\bsmall\g2mdlhlpx.exe
2012-01-18 11:03 - 2010-12-01 12:21 - 0000000 ____D C:\Program Files (x86)\Duplicate Cleaner
2012-01-16 15:58 - 2012-01-16 15:57 - 0000000 ____D C:\Program Files\Windows Resource Kits
2012-01-16 15:39 - 2012-01-16 15:39 - 0000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-01-16 15:36 - 2011-10-23 14:05 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-13 20:06 - 2012-02-16 06:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-13 12:19 - 2012-01-13 12:19 - 0046239 ___RA C:\Users\bsmall\Desktop\Stopwatch.swf
2012-01-13 05:09 - 2009-07-13 21:08 - 0032540 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-05 05:59 - 2012-01-05 05:59 - 0001078 ____A C:\Users\bsmall\Start Menu\Programs\Startup\EvernoteTray.lnk
2012-01-05 05:59 - 2012-01-05 05:59 - 0001078 ____A C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
2012-01-05 05:58 - 2012-01-05 05:58 - 0001093 ____A C:\Users\bsmall\Start Menu\Programs\Startup\EvernoteClipper.lnk
2012-01-05 05:58 - 2012-01-05 05:58 - 0001093 ____A C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
2012-01-05 05:56 - 2012-01-05 05:56 - 0000000 ____D C:\Users\bsmall\AppData\Local\Evernote
2012-01-05 05:56 - 2010-07-14 11:02 - 0000000 ____D C:\Users\bsmall\AppData\LocalLow
2012-01-04 08:27 - 2012-01-04 08:27 - 0002094 ____A C:\Users\Mcx1-BSMALL-PC\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2012-01-04 08:27 - 2012-01-04 08:27 - 0002094 ____A C:\Users\Mcx1-BSMALL-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2012-01-04 08:27 - 2012-01-04 08:27 - 0002094 ____A C:\Users\Matt Small\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2012-01-04 08:27 - 2012-01-04 08:27 - 0002094 ____A C:\Users\Matt Small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2012-01-04 08:27 - 2012-01-04 08:27 - 0002094 ____A C:\Users\Administrator\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2012-01-04 08:27 - 2012-01-04 08:27 - 0002094 ____A C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2012-01-04 08:27 - 2012-01-04 08:26 - 0000000 ____D C:\Program Files (x86)\LastPass
2012-01-04 08:26 - 2012-01-04 08:26 - 0002094 ____A C:\Users\Mcx1-BSMALL-PC\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2012-01-04 08:26 - 2012-01-04 08:26 - 0002094 ____A C:\Users\Mcx1-BSMALL-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2012-01-04 08:26 - 2012-01-04 08:26 - 0002094 ____A C:\Users\Matt Small\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2012-01-04 08:26 - 2012-01-04 08:26 - 0002094 ____A C:\Users\Matt Small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2012-01-04 08:26 - 2012-01-04 08:26 - 0002094 ____A C:\Users\Administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2012-01-04 08:26 - 2012-01-04 08:26 - 0002094 ____A C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2012-01-04 02:44 - 2012-02-16 06:06 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-16 06:06 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-16 06:06 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-16 06:06 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2011-12-31 13:52 - 2010-10-06 07:55 - 0008368 ____A C:\Users\bsmall\Documents\Default.sfvidcap
2011-12-29 22:26 - 2012-02-16 06:06 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-16 06:06 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-29 14:27 - 2012-01-11 17:55 - 5523879 ____A C:\Users\bsmall\Desktop\DSC_8907.NEF
2011-12-29 14:26 - 2012-01-11 17:55 - 5451976 ____A C:\Users\bsmall\Desktop\DSC_8906.NEF
2011-12-29 08:15 - 2011-12-29 08:15 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2011-12-29 08:14 - 2011-12-29 08:14 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\SystemRequirementsLab
2011-12-27 19:59 - 2012-02-16 06:06 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-22 19:40 - 2011-07-18 05:48 - 0000000 ____D C:\Users\bsmall\AppData\Roaming\DVDVideoSoft
2011-12-22 19:39 - 2011-05-27 15:45 - 0000000 ____D C:\Users\bsmall\Documents\DVDVideoSoft

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 8183.89 MB
Available physical RAM: 7229.39 MB
Total Pagefile: 8182.04 MB
Available Pagefile: 7221.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:919.67 GB) (Free:253.58 GB) NTFS
2 Drive d: (FreeAgent Drive) (Fixed) (Total:698.64 GB) (Free:51.77 GB) NTFS
3 Drive e: (PEGASUS1) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
4 Drive f: (WD Passport) (Fixed) (Total:149.05 GB) (Free:59.72 GB) NTFS
5 Drive h: (FACTORY_IMAGE) (Fixed) (Total:11.56 GB) (Free:1.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
13 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
14 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 698 GB 0 B
Disk 2 Online 62 MB 0 B
Disk 3 Online 149 GB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Disk 8 No Media 0 B 0 B
Disk 9 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 919 GB 101 MB
Partition 3 Primary 11 GB 919 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 919 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 H FACTORY_IMA NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D FreeAgent D NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 62 MB 16 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E PEGASUS1 FAT Removable 62 MB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F WD Passport NTFS Partition 149 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-10 15:42

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users