Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons of Trojans, Adware, cleaned but keeps coming back


  • This topic is locked This topic is locked
44 replies to this topic

#1 goinguns

goinguns

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 02 July 2012 - 09:18 PM

Hi,

My friend has this computer which was clearly infected with viruses and I know a little about security so I started cleaning it.
Very soon I realized I can't this alone so I asked an IT guy for help. He suggested I run ComboFix which I did.
It cleaned up some things but not everything.
I have tried other tools and it seems like each tools is discovering new things but the root cause still remains. The trojans keep coming

At this point, the machine works fine if it is not connected to internet but starts downloading stuff as soon as I connect it

Also, the following have been run already
ComboFix
MBAM
Microsoft Security Essentials
Norton Scan
Norton Power Eraser
Spybot Search and Destroy

And I am attaching the HiJackThis Log. Any help would be greatly appreciated.
The machine is in a state of Blue Screen right after I did a restart after installing HiJackThis.
And it is not performing a System Restore (which I know will remove the HiJackThis install) but not sure what else will happen.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 PM

Posted 07 July 2012 - 09:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459143 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 10 July 2012 - 12:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 12 July 2012 - 11:58 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 goinguns

goinguns
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 13 July 2012 - 03:06 PM

oh, how I wish to provide you the information you are looking for.
However, the computer is now in an infinite loop of BSODs. I am not sure what I can try :(

any suggestions?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 13 July 2012 - 03:27 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 goinguns

goinguns
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 13 July 2012 - 05:34 PM

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 13-07-2012 15:29:24
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKU\Bartolome\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\Nilo Bartolome\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2010-12-21] (Microsoft Corporation)
HKU\Nilo Bartolome\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Nilo Bartolome\...\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [3668792 2011-05-25] (Piriform Ltd)
HKU\Nilo Bartolome\...\Winlogon: [Shell] Explorer.exe
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

3 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)
3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2010-10-28] (Andrea Electronics Corporation)
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc64.exe [139280 2010-12-13] (DEVGURU Co., LTD)
3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-10-28] (IDT, Inc.)
2 SWGVCSvc; "C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe" -regserver [284696 2009-03-05] (SonicWALL, Inc.)
3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe" Start=service [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [167048 2011-11-04] (Symantec Corporation)
3 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-30] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120705.001\IDSvia64.sys [509088 2012-06-29] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120706.023\ENG64.SYS [120440 2012-07-06] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120706.023\EX64.SYS [2068600 2012-07-06] (Symantec Corporation)
3 PTUMLBUS; C:\Windows\System32\Drivers\PTUMLBUS.sys [73616 2010-12-01] (DEVGURU Co., LTD.)
3 PTUMLCVsp; C:\Windows\System32\Drivers\PTUMLCVsp.sys [182672 2010-12-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMLMdm; C:\Windows\System32\Drivers\PTUMLMdm.sys [182672 2010-12-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMLNET61; C:\Windows\System32\Drivers\PTUMLNET61.sys [98832 2010-12-01] (DEVGURU Co., LTD.)
3 PTUMLNVsp; C:\Windows\System32\Drivers\PTUMLNVsp.sys [183824 2010-12-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMLRMNET; C:\Windows\System32\Drivers\PTUMLRMNET.sys [68624 2010-12-01] (DEVGURU Co., LTD.)
3 PTUMLVsp; C:\Windows\System32\Drivers\PTUMLVsp.sys [182672 2010-12-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
1 SWIPsec; C:\Windows\System32\Drivers\SWIPsec.sys [99352 2009-03-05] (SonicWALL, Inc.)
3 SWVNIC; C:\Windows\System32\Drivers\SWVNIC.sys [24600 2009-03-04] (SonicWALL, Inc.)
0 SymDS; C:\Windows\System32\drivers\N360x64\0602010.005\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0602010.005\SYMEFA64.SYS [1092728 2011-11-23] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-01] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-02] (CyberLink Corp.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 eabfiltr; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-09 17:20 - 2012-07-09 17:20 - 00131816 ____A C:\Users\Bartolome\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-09 17:20 - 2012-07-09 17:20 - 00000000 ____D C:\Users\Bartolome\AppData\Local\LogMeIn
2012-07-09 17:20 - 2012-07-09 17:20 - 00000000 ____A C:\Users\Bartolome\AppData\Local\QSwitch.txt
2012-07-09 17:20 - 2012-07-09 17:20 - 00000000 ____A C:\Users\Bartolome\AppData\Local\DSwitch.txt
2012-07-09 17:20 - 2012-07-09 17:20 - 00000000 ____A C:\Users\Bartolome\AppData\Local\AtStart.txt
2012-07-09 17:19 - 2012-07-11 07:16 - 00000000 ____D C:\users\Bartolome
2012-07-09 17:19 - 2012-07-09 17:19 - 00000000 ____D C:\Users\Bartolome\AppData\Local\VirtualStore
2012-07-09 17:19 - 2012-07-09 17:19 - 00000000 ____D C:\Users\Bartolome\AppData\Local\Hewlett-Packard
2012-07-09 17:19 - 2012-06-12 23:05 - 00000000 ____D C:\Users\Bartolome\AppData\Roaming\Macromedia
2012-07-09 17:19 - 2010-05-09 06:45 - 00000000 ___HD C:\Users\Bartolome\AppData\Local\Microsoft Help
2012-07-07 09:21 - 2012-07-07 09:21 - 01145059 ____A C:\Users\Nilo Bartolome\Downloads\ProcessExplorer.zip
2012-07-06 23:27 - 2012-07-11 07:16 - 00000000 ____D C:\users\Admin
2012-07-06 23:27 - 2012-06-12 23:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2012-07-06 23:27 - 2010-05-09 06:45 - 00000000 ___HD C:\Users\Admin\AppData\Local\Microsoft Help
2012-07-06 23:25 - 2012-07-06 23:25 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\LogMeIn
2012-07-06 23:24 - 2012-07-11 19:27 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2012-07-06 23:24 - 2012-07-09 17:18 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-07-06 23:24 - 2012-07-06 23:24 - 00001024 ___AC C:\.rnd
2012-07-06 23:21 - 2012-07-06 23:21 - 16151040 ____A C:\Users\Nilo Bartolome\Downloads\LogMeIn.msi
2012-07-06 23:02 - 2011-11-23 18:23 - 00043640 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys
2012-07-06 22:59 - 2012-07-06 23:10 - 00000112 ____A C:\Windows\setupact.log
2012-07-06 22:59 - 2012-07-06 22:59 - 00000000 ____A C:\Windows\setuperr.log
2012-07-06 21:52 - 2012-07-06 21:52 - 00000000 ____D C:\Program Files\WDCSAM
2012-07-06 21:48 - 2012-07-06 21:48 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\Western Digital
2012-07-02 23:14 - 2012-07-01 09:29 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120703-001410.backup
2012-07-02 22:19 - 2012-07-02 22:19 - 00000000 ____D C:\Program Files\CCleaner
2012-07-02 22:18 - 2012-07-02 22:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-02 18:06 - 2012-07-02 18:06 - 00011955 ____A C:\Users\Nilo Bartolome\Desktop\hijackthis.log
2012-07-02 02:38 - 2012-07-02 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-07-02 02:38 - 2012-07-02 02:38 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Roaming\Mozilla
2012-07-02 02:38 - 2012-07-02 02:38 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\Mozilla
2012-07-02 02:38 - 2012-07-02 02:38 - 00000000 ____D C:\Users\All Users\Mozilla
2012-07-02 01:54 - 2012-07-06 22:59 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-02 01:52 - 2012-07-02 01:52 - 16409960 ____A (Safer Networking Limited ) C:\Users\Nilo Bartolome\Downloads\spybotsd162.exe
2012-07-02 00:16 - 2012-07-02 00:16 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Roaming\Malwarebytes
2012-07-02 00:15 - 2012-07-02 00:15 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-02 00:08 - 2012-07-02 00:08 - 00945272 ____A (Prevx) C:\Users\Nilo Bartolome\Downloads\prevxcsifree (1).exe
2012-07-01 23:37 - 2012-07-02 19:41 - 00000000 ____D C:\Users\All Users\PrevxCSI
2012-07-01 23:36 - 2012-07-01 23:36 - 00945272 ____A (Prevx) C:\Users\Nilo Bartolome\Downloads\prevxcsifree.exe
2012-07-01 21:45 - 2012-07-01 21:45 - 00001365 ____A C:\Users\Nilo Bartolome\Desktop\Norton Installation Files.lnk
2012-07-01 21:25 - 2012-07-01 21:25 - 00829648 ____A (Symantec Corporation) C:\Users\Nilo Bartolome\Downloads\NBRT-SOS-Downloader.exe
2012-07-01 20:51 - 2012-07-01 23:00 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\NPE
2012-07-01 19:59 - 2012-07-02 01:47 - 00002420 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-07-01 19:59 - 2012-07-01 19:59 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-07-01 19:59 - 2012-07-01 19:59 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-07-01 19:59 - 2012-07-01 19:59 - 00000000 ____D C:\Program Files\Symantec
2012-07-01 19:59 - 2012-07-01 19:59 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-07-01 19:58 - 2012-07-02 01:47 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-07-01 19:58 - 2012-07-01 19:58 - 00000000 ____D C:\Users\Nilo Bartolome\Documents\Symantec
2012-07-01 19:58 - 2012-07-01 19:58 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2012-07-01 19:49 - 2012-07-01 21:25 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-07-01 19:49 - 2012-07-01 19:48 - 00828896 ____A (Symantec Corporation) C:\Users\Nilo Bartolome\Downloads\Norton_Download_Manager.exe
2012-06-30 22:45 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-30 22:45 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-30 22:45 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-30 22:45 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-30 22:45 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-30 22:45 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-30 22:45 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-30 22:45 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-30 22:34 - 2012-07-12 00:23 - 00000000 ___DC C:\Qoobox
2012-06-30 22:33 - 2012-07-01 09:35 - 00000000 ____D C:\Windows\erdnt
2012-06-28 20:49 - 2012-06-28 20:49 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Roaming\Help
2012-06-28 20:45 - 2012-06-28 20:45 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Roaming\Dropbox
2012-06-28 20:24 - 2012-06-28 20:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-20 22:29 - 2012-07-12 00:25 - 00000000 ____D C:\Users\Nilo Bartolome\Documents\tdsskiller
2012-06-20 22:19 - 2012-06-22 15:52 - 00000000 ____D C:\Program Files (x86)\Motorola
2012-06-20 22:19 - 2012-06-20 22:19 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-06-20 12:07 - 2012-07-12 00:25 - 00000000 ____D C:\Users\Nilo Bartolome\Downloads\tdsskiller
2012-06-20 12:06 - 2012-06-20 12:07 - 02109032 ____A C:\Users\Nilo Bartolome\Downloads\tdsskiller.zip
2012-06-13 14:55 - 2012-06-13 14:55 - 00000000 ____D C:\Program Files\Windows Live
2012-06-13 14:51 - 2010-08-10 21:19 - 03860992 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2012-06-13 14:51 - 2010-08-10 21:13 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2012-06-13 14:51 - 2010-08-10 20:44 - 02983424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2012-06-13 14:51 - 2010-08-10 20:35 - 01164800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2012-06-13 14:49 - 2012-06-13 14:49 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\{206E3599-6B77-45E2-B462-599B6B2433E8}
2012-06-13 14:48 - 2012-06-13 14:48 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\{7EB5242F-5A32-456B-972A-EC957F6B7C50}
2012-06-13 14:03 - 2012-06-13 14:04 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\{53B8DA18-3833-4723-B23C-999E57EE7A2F}
2012-06-13 08:58 - 2012-06-13 08:59 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\{64725D81-0838-4067-9F40-AC87427823BD}
2012-06-13 05:38 - 2012-06-13 05:38 - 00000000 ____D C:\Users\Nilo Bartolome\AppData\Local\{A14BAE8A-7192-4A9B-91BE-21D01D29DD14}


============ 3 Months Modified Files ========================

2012-07-09 17:20 - 2012-07-09 17:20 - 00131816 ____A C:\Users\Bartolome\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-09 17:20 - 2012-07-09 17:20 - 00000000 ____A C:\Users\Bartolome\AppData\Local\QSwitch.txt
2012-07-09 17:20 - 2012-07-09 17:20 - 00000000 ____A C:\Users\Bartolome\AppData\Local\DSwitch.txt
2012-07-09 17:20 - 2012-07-09 17:20 - 00000000 ____A C:\Users\Bartolome\AppData\Local\AtStart.txt
2012-07-07 09:21 - 2012-07-07 09:21 - 01145059 ____A C:\Users\Nilo Bartolome\Downloads\ProcessExplorer.zip
2012-07-06 23:24 - 2012-07-06 23:24 - 00001024 ___AC C:\.rnd
2012-07-06 23:21 - 2012-07-06 23:21 - 16151040 ____A C:\Users\Nilo Bartolome\Downloads\LogMeIn.msi
2012-07-06 23:11 - 2010-04-09 00:21 - 01928554 ____A C:\Windows\WindowsUpdate.log
2012-07-06 23:10 - 2012-07-06 22:59 - 00000112 ____A C:\Windows\setupact.log
2012-07-06 23:09 - 2012-03-30 05:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-06 23:00 - 2011-12-14 19:56 - 00000368 ____A C:\Windows\Tasks\HPCeeScheduleForNilo Bartolome.job
2012-07-06 22:59 - 2012-07-06 22:59 - 00000000 ____A C:\Windows\setuperr.log
2012-07-06 22:49 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-06 21:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-06 21:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-06 21:44 - 2011-05-13 14:53 - 01463284 ____A C:\Windows\System32\ptumlacsvc-0.log
2012-07-06 21:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-02 18:06 - 2012-07-02 18:06 - 00011955 ____A C:\Users\Nilo Bartolome\Desktop\hijackthis.log
2012-07-02 02:32 - 2010-09-21 21:00 - 00006127 ___AH C:\Users\All Users\hpzinstall.log
2012-07-02 01:52 - 2012-07-02 01:52 - 16409960 ____A (Safer Networking Limited ) C:\Users\Nilo Bartolome\Downloads\spybotsd162.exe
2012-07-02 01:47 - 2012-07-01 19:59 - 00002420 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-07-02 00:08 - 2012-07-02 00:08 - 00945272 ____A (Prevx) C:\Users\Nilo Bartolome\Downloads\prevxcsifree (1).exe
2012-07-01 23:36 - 2012-07-01 23:36 - 00945272 ____A (Prevx) C:\Users\Nilo Bartolome\Downloads\prevxcsifree.exe
2012-07-01 21:45 - 2012-07-01 21:45 - 00001365 ____A C:\Users\Nilo Bartolome\Desktop\Norton Installation Files.lnk
2012-07-01 21:25 - 2012-07-01 21:25 - 00829648 ____A (Symantec Corporation) C:\Users\Nilo Bartolome\Downloads\NBRT-SOS-Downloader.exe
2012-07-01 19:59 - 2012-07-01 19:59 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-07-01 19:59 - 2012-07-01 19:59 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-07-01 19:48 - 2012-07-01 19:49 - 00828896 ____A (Symantec Corporation) C:\Users\Nilo Bartolome\Downloads\Norton_Download_Manager.exe
2012-07-01 09:30 - 2009-07-13 18:34 - 00000215 ___AC C:\Windows\system.ini
2012-07-01 09:29 - 2012-07-02 23:14 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120703-001410.backup
2012-06-30 23:31 - 2009-07-13 18:34 - 78381056 ____A C:\Windows\System32\config\software.bak
2012-06-30 23:31 - 2009-07-13 18:34 - 23592960 ____A C:\Windows\System32\config\system.bak
2012-06-30 23:31 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\default.bak
2012-06-30 23:31 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-06-30 23:31 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-06-30 08:17 - 2009-07-13 21:08 - 00032606 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-20 12:07 - 2012-06-20 12:06 - 02109032 ____A C:\Users\Nilo Bartolome\Downloads\tdsskiller.zip
2012-06-17 10:40 - 2012-03-30 05:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-17 10:40 - 2011-06-15 15:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 20:33 - 2012-06-12 20:13 - 00000000 ___AH C:\Users\All Users\-9sfss1B0aqJMyd
2012-06-12 20:02 - 2012-06-12 20:02 - 00000000 ___AH C:\Users\All Users\-GasjI5ZvDqZesk
2012-06-07 08:43 - 2011-04-22 14:19 - 00001854 ___AH C:\Users\Nilo Bartolome\AppData\Roaming\GhostObjGAFix.xml
2012-05-25 21:05 - 2012-05-25 21:05 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 09705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-25 21:05 - 2012-05-25 21:05 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-25 21:05 - 2012-05-25 21:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-25 21:05 - 2012-05-25 21:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-25 21:05 - 2012-05-25 21:05 - 02308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 01798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-25 21:05 - 2012-05-25 21:05 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-25 21:05 - 2012-05-25 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-25 21:05 - 2012-05-25 21:05 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-25 21:05 - 2012-05-25 21:05 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-25 21:05 - 2012-05-25 21:05 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-25 21:05 - 2012-05-25 21:05 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-25 21:05 - 2012-05-25 21:05 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-25 21:05 - 2012-05-25 21:05 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-23 20:10 - 2012-05-23 20:10 - 00459329 ___AH C:\Users\Nilo Bartolome\AppData\Local\tmp413562_376228965760909_124985590885249_1080011_1614376079_O[1].0
2012-05-17 19:17 - 2010-05-19 06:50 - 00000952 ____A C:\Users\All Users\KGyGaAvL.sys
2012-05-17 19:15 - 2010-08-23 21:17 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-05-04 21:12 - 2012-04-13 14:16 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

ZeroAccess:
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\@
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\L
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\L\00000004.@
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\L\55490ac4
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\00000004.@
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\000000cb.@
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\80000032.@
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\80000064.@

ZeroAccess:
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\@
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\L
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\L\00000004.@
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}\U\00000008.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 5884.2 MB
Available physical RAM: 5069.98 MB
Total Pagefile: 5882.34 MB
Available Pagefile: 5058.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:447.49 GB) (Free:5.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:17.97 GB) (Free:2.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (NBRT) (Removable) (Total:1.9 GB) (Free:1.32 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 447 GB 200 MB
Partition 3 Primary 17 GB 447 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 447 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 17 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1953 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NBRT FAT32 Removable 1953 MB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-07-07 06:27

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 13 July 2012 - 06:50 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

TDL4: custom:26000022 <===== ATTENTION!
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b}
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 goinguns

goinguns
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 14 July 2012 - 10:50 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-14 08:48:55 Run:1
Running from H:\

==============================================


The operation completed successfully.
The operation completed successfully.
C:\Windows\Installer\{faf5218a-a1d6-8c98-7400-f64c2191f96b} moved successfully.
C:\Users\Nilo Bartolome\AppData\Local\{faf5218a-a1d6-8c98-7400-f64c2191f96b} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 14 July 2012 - 10:59 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 goinguns

goinguns
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 14 July 2012 - 02:10 PM

ComboFix 12-07-14.01 - Admin 07/14/2012 9:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5884.4521 [GMT -7:00]
Running from: c:\users\Admin.MyWishingStarz\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nilo Bartolome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 18:00 . 2012-07-14 19:01 -------- d-----w- c:\users\Nilo Bartolome\AppData\Local\temp
2012-07-14 18:00 . 2012-07-14 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 23:29 . 2012-07-13 23:29 -------- dc----w- C:\FRST
2012-07-10 01:19 . 2012-07-11 15:16 -------- d-----w- c:\users\Bartolome
2012-07-07 07:27 . 2012-07-11 15:16 -------- d-----w- c:\users\Admin
2012-07-07 07:25 . 2012-07-07 07:25 -------- d-----w- c:\users\Nilo Bartolome\AppData\Local\LogMeIn
2012-07-07 07:24 . 2012-07-10 01:18 -------- d-----w- c:\programdata\LogMeIn
2012-07-07 07:24 . 2012-07-12 03:27 -------- d-----w- c:\program files (x86)\LogMeIn
2012-07-07 07:02 . 2011-11-24 02:23 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-07-07 05:52 . 2012-07-07 05:52 -------- d-----w- c:\program files\WDCSAM
2012-07-07 05:48 . 2012-07-07 05:48 -------- d-----w- c:\users\Nilo Bartolome\AppData\Local\Western Digital
2012-07-03 06:58 . 2012-07-03 06:58 -------- dc----w- C:\Temp
2012-07-03 06:19 . 2012-07-03 06:19 -------- d-----w- c:\program files\CCleaner
2012-07-03 06:18 . 2012-07-03 06:24 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-02 10:38 . 2012-07-02 10:38 -------- d-----w- c:\users\Nilo Bartolome\AppData\Local\Mozilla
2012-07-02 09:54 . 2012-07-07 06:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-02 08:16 . 2012-07-02 08:16 -------- d-----w- c:\users\Nilo Bartolome\AppData\Roaming\Malwarebytes
2012-07-02 08:15 . 2012-07-02 08:15 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 07:37 . 2012-07-03 03:41 -------- d-----w- c:\programdata\PrevxCSI
2012-07-02 04:51 . 2012-07-02 07:00 -------- d-----w- c:\users\Nilo Bartolome\AppData\Local\NPE
2012-07-02 03:59 . 2012-07-02 03:59 -------- d-----w- c:\program files\Symantec
2012-07-02 03:59 . 2012-07-02 03:59 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-02 03:59 . 2012-07-02 03:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-02 03:58 . 2012-07-02 09:47 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-07-02 03:58 . 2012-07-02 03:58 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-07-02 03:58 . 2012-07-02 07:01 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-01 02:39 . 2012-07-03 06:07 -------- d-----w- c:\users\Nilo Bartolome\AppData\Local\Diagnostics
2012-06-29 04:45 . 2012-06-29 04:45 -------- d-----w- c:\users\Nilo Bartolome\AppData\Roaming\Dropbox
2012-06-29 04:24 . 2012-06-29 04:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 06:19 . 2012-06-21 06:19 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-06-21 06:19 . 2012-06-22 23:52 -------- d-----w- c:\program files (x86)\Motorola
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 18:40 . 2012-03-30 13:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 18:40 . 2011-06-15 23:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 05:05 . 2012-05-26 05:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-26 05:05 . 2012-05-26 05:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-26 05:05 . 2012-05-26 05:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-26 05:05 . 2012-05-26 05:05 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-26 05:05 . 2012-05-26 05:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-26 05:05 . 2012-05-26 05:05 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-26 05:05 . 2012-05-26 05:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-26 05:05 . 2012-05-26 05:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-26 05:05 . 2012-05-26 05:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-26 05:05 . 2012-05-26 05:05 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-26 05:05 . 2012-05-26 05:05 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-26 05:05 . 2012-05-26 05:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-26 05:05 . 2012-05-26 05:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-26 05:05 . 2012-05-26 05:05 448512 ----a-w- c:\windows\system32\html.iec
2012-05-26 05:05 . 2012-05-26 05:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-26 05:05 . 2012-05-26 05:05 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-26 05:05 . 2012-05-26 05:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-26 05:05 . 2012-05-26 05:05 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-26 05:05 . 2012-05-26 05:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-26 05:05 . 2012-05-26 05:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-26 05:05 . 2012-05-26 05:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-26 05:05 . 2012-05-26 05:05 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-05-26 05:05 . 2012-05-26 05:05 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-26 05:05 . 2012-05-26 05:05 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-26 05:05 . 2012-05-26 05:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-26 05:05 . 2012-05-26 05:05 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-26 05:05 . 2012-05-26 05:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-26 05:05 . 2012-05-26 05:05 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-26 05:05 . 2012-05-26 05:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-26 05:05 . 2012-05-26 05:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-26 05:05 . 2012-05-26 05:05 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-26 05:05 . 2012-05-26 05:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-26 05:05 . 2012-05-26 05:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-26 05:05 . 2012-05-26 05:05 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-05-26 05:05 . 2012-05-26 05:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-26 05:05 . 2012-05-26 05:05 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-26 05:05 . 2012-05-26 05:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-26 05:05 . 2012-05-26 05:05 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-26 05:05 . 2012-05-26 05:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-26 05:05 . 2012-05-26 05:05 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-26 05:05 . 2012-05-26 05:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-26 05:05 . 2012-05-26 05:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-18 03:17 . 2010-05-19 14:50 952 ----a-w- c:\programdata\KGyGaAvL.sys
2012-05-05 05:12 . 2012-04-13 22:16 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2011-08-12 04:03 . 2011-08-12 04:03 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-05-25 3668792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 99352]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224]
R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-10-28 89600]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
R3 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys [2010-12-01 73616]
R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys [2010-12-01 182672]
R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys [2010-12-01 182672]
R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys [2010-12-01 98832]
R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys [2010-12-01 183824]
R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys [2010-12-01 68624]
R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys [2010-12-01 182672]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-05 24600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-06-29 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/04/09 01:28];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-03 05:38 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe [2010-12-14 139280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-30 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 21:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:40]
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForNilo Bartolome.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: actserver
Trusted Zone: intuit.com\ttlc
Trusted Zone: mailserver
Trusted Zone: octfserver
Trusted Zone: omnicable.com
Trusted Zone: q4bisserver
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-14 12:04:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 19:04
.
Pre-Run: 5,984,509,952 bytes free
Post-Run: 4,636,229,632 bytes free
.
- - End Of File - - 15C9B46E3FB17FA87ACF0C7C8F9F59BA

#12 goinguns

goinguns
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 14 July 2012 - 02:11 PM

the computer is working but here is the latest status

1. the windows firewall is active again :)
2. The norton 360 firewall is also working, should I disable it so we don't have two firewalls?

The windows update still doesn't work

I will run a norton scan to see if there are any other things it detects

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 14 July 2012 - 02:58 PM

Greetings

Don't run Norton and yes shut off one of the firewalls

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 goinguns

goinguns
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 14 July 2012 - 03:34 PM

sorry, i didnt realize you wanted Norton off until everything is done.. I disabled it and I am runnning the tdskiller now
will post logs soon

#15 goinguns

goinguns
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 14 July 2012 - 03:35 PM

13:33:01.0124 5064 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
13:33:01.0140 5064 ============================================================
13:33:01.0140 5064 Current date / time: 2012/07/14 13:33:01.0140
13:33:01.0140 5064 SystemInfo:
13:33:01.0140 5064
13:33:01.0140 5064 OS Version: 6.1.7600 ServicePack: 0.0
13:33:01.0140 5064 Product type: Workstation
13:33:01.0140 5064 ComputerName: MYWISHINGSTARZ
13:33:01.0140 5064 UserName: Nilo Bartolome
13:33:01.0140 5064 Windows directory: C:\Windows
13:33:01.0140 5064 System windows directory: C:\Windows
13:33:01.0140 5064 Running under WOW64
13:33:01.0140 5064 Processor architecture: Intel x64
13:33:01.0140 5064 Number of processors: 2
13:33:01.0140 5064 Page size: 0x1000
13:33:01.0140 5064 Boot type: Normal boot
13:33:01.0140 5064 ============================================================
13:33:02.0107 5064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:33:02.0107 5064 ============================================================
13:33:02.0107 5064 \Device\Harddisk0\DR0:
13:33:02.0107 5064 MBR partitions:
13:33:02.0107 5064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:33:02.0107 5064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37EFB000
13:33:02.0107 5064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37F5F000, BlocksNum 0x23F3000
13:33:02.0107 5064 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
13:33:02.0107 5064 ============================================================
13:33:02.0138 5064 C: <-> \Device\Harddisk0\DR0\Partition1
13:33:02.0185 5064 D: <-> \Device\Harddisk0\DR0\Partition2
13:33:02.0185 5064 E: <-> \Device\Harddisk0\DR0\Partition3
13:33:02.0232 5064 G: <-> \Device\Harddisk0\DR0\Partition0
13:33:02.0232 5064 ============================================================
13:33:02.0232 5064 Initialize success
13:33:02.0232 5064 ============================================================
13:33:10.0453 4960 ============================================================
13:33:10.0453 4960 Scan started
13:33:10.0453 4960 Mode: Manual;
13:33:10.0453 4960 ============================================================
13:33:11.0638 4960 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:33:11.0654 4960 1394ohci - ok
13:33:11.0685 4960 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:33:11.0685 4960 Accelerometer - ok
13:33:11.0716 4960 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:33:11.0732 4960 ACPI - ok
13:33:11.0732 4960 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:33:11.0732 4960 AcpiPmi - ok
13:33:11.0826 4960 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
13:33:11.0826 4960 AdobeActiveFileMonitor8.0 - ok
13:33:11.0966 4960 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:33:11.0966 4960 AdobeARMservice - ok
13:33:12.0122 4960 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:33:12.0122 4960 AdobeFlashPlayerUpdateSvc - ok
13:33:12.0200 4960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:12.0200 4960 adp94xx - ok
13:33:12.0262 4960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:12.0262 4960 adpahci - ok
13:33:12.0294 4960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:12.0294 4960 adpu320 - ok
13:33:12.0325 4960 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:33:12.0325 4960 AeLookupSvc - ok
13:33:12.0434 4960 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
13:33:12.0434 4960 AESTFilters - ok
13:33:12.0496 4960 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:33:12.0496 4960 AFD - ok
13:33:12.0606 4960 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
13:33:12.0621 4960 AgereSoftModem - ok
13:33:12.0652 4960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:33:12.0652 4960 agp440 - ok
13:33:12.0668 4960 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:33:12.0668 4960 ALG - ok
13:33:12.0699 4960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:33:12.0699 4960 aliide - ok
13:33:12.0746 4960 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
13:33:12.0746 4960 AMD External Events Utility - ok
13:33:12.0746 4960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:33:12.0762 4960 amdide - ok
13:33:12.0777 4960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:12.0777 4960 AmdK8 - ok
13:33:12.0808 4960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:12.0808 4960 AmdPPM - ok
13:33:12.0824 4960 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:33:12.0824 4960 amdsata - ok
13:33:12.0855 4960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:12.0855 4960 amdsbs - ok
13:33:12.0871 4960 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:33:12.0871 4960 amdxata - ok
13:33:12.0902 4960 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:33:12.0918 4960 AppID - ok
13:33:12.0933 4960 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:33:12.0933 4960 AppIDSvc - ok
13:33:12.0949 4960 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:33:12.0949 4960 Appinfo - ok
13:33:13.0011 4960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:33:13.0011 4960 arc - ok
13:33:13.0027 4960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:13.0027 4960 arcsas - ok
13:33:13.0042 4960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:13.0042 4960 AsyncMac - ok
13:33:13.0058 4960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:33:13.0058 4960 atapi - ok
13:33:13.0198 4960 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
13:33:13.0214 4960 athr - ok
13:33:13.0339 4960 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
13:33:13.0339 4960 AtiHdmiService - ok
13:33:13.0822 4960 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:13.0885 4960 atikmdag - ok
13:33:14.0025 4960 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:33:14.0025 4960 AtiPcie - ok
13:33:14.0103 4960 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:33:14.0103 4960 AudioEndpointBuilder - ok
13:33:14.0119 4960 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:33:14.0119 4960 AudioSrv - ok
13:33:14.0150 4960 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:33:14.0150 4960 AxInstSV - ok
13:33:14.0197 4960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:33:14.0212 4960 b06bdrv - ok
13:33:14.0259 4960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:14.0259 4960 b57nd60a - ok
13:33:14.0290 4960 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:33:14.0290 4960 BDESVC - ok
13:33:14.0306 4960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:14.0306 4960 Beep - ok
13:33:14.0368 4960 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:33:14.0384 4960 BFE - ok
13:33:14.0602 4960 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
13:33:14.0618 4960 BHDrvx64 - ok
13:33:14.0774 4960 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:33:14.0774 4960 BITS - ok
13:33:14.0821 4960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:14.0821 4960 blbdrive - ok
13:33:14.0883 4960 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:33:14.0883 4960 bowser - ok
13:33:14.0899 4960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:14.0899 4960 BrFiltLo - ok
13:33:14.0914 4960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:14.0914 4960 BrFiltUp - ok
13:33:14.0961 4960 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:33:14.0961 4960 BridgeMP - ok
13:33:14.0992 4960 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:33:14.0992 4960 Browser - ok
13:33:15.0039 4960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:15.0039 4960 Brserid - ok
13:33:15.0055 4960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:15.0055 4960 BrSerWdm - ok
13:33:15.0086 4960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:15.0086 4960 BrUsbMdm - ok
13:33:15.0102 4960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:15.0102 4960 BrUsbSer - ok
13:33:15.0133 4960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:15.0133 4960 BTHMODEM - ok
13:33:15.0148 4960 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:33:15.0148 4960 bthserv - ok
13:33:15.0164 4960 catchme - ok
13:33:15.0211 4960 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
13:33:15.0211 4960 ccSet_N360 - ok
13:33:15.0258 4960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:15.0258 4960 cdfs - ok
13:33:15.0289 4960 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:15.0289 4960 cdrom - ok
13:33:15.0336 4960 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:33:15.0336 4960 CertPropSvc - ok
13:33:15.0367 4960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:33:15.0367 4960 circlass - ok
13:33:15.0398 4960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:15.0398 4960 CLFS - ok
13:33:15.0476 4960 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:15.0476 4960 clr_optimization_v2.0.50727_32 - ok
13:33:15.0507 4960 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:15.0523 4960 clr_optimization_v2.0.50727_64 - ok
13:33:15.0632 4960 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:15.0632 4960 clr_optimization_v4.0.30319_32 - ok
13:33:15.0710 4960 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:15.0710 4960 clr_optimization_v4.0.30319_64 - ok
13:33:15.0726 4960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:15.0741 4960 CmBatt - ok
13:33:15.0741 4960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:33:15.0741 4960 cmdide - ok
13:33:15.0804 4960 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:33:15.0804 4960 CNG - ok
13:33:15.0913 4960 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:33:15.0913 4960 Com4QLBEx - ok
13:33:15.0913 4960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:15.0913 4960 Compbatt - ok
13:33:15.0944 4960 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:33:15.0944 4960 CompositeBus - ok
13:33:15.0960 4960 COMSysApp - ok
13:33:15.0975 4960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:15.0975 4960 crcdisk - ok
13:33:16.0022 4960 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:33:16.0022 4960 CryptSvc - ok
13:33:16.0069 4960 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:33:16.0069 4960 DcomLaunch - ok
13:33:16.0100 4960 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:33:16.0100 4960 defragsvc - ok
13:33:16.0131 4960 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:33:16.0131 4960 DfsC - ok
13:33:16.0178 4960 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:33:16.0178 4960 Dhcp - ok
13:33:16.0194 4960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:16.0194 4960 discache - ok
13:33:16.0240 4960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:33:16.0240 4960 Disk - ok
13:33:16.0272 4960 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
13:33:16.0272 4960 DNE - ok
13:33:16.0334 4960 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:33:16.0334 4960 Dnscache - ok
13:33:16.0365 4960 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:33:16.0365 4960 dot3svc - ok
13:33:16.0443 4960 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:33:16.0443 4960 Dot4 - ok
13:33:16.0459 4960 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:33:16.0474 4960 Dot4Print - ok
13:33:16.0506 4960 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:33:16.0506 4960 dot4usb - ok
13:33:16.0537 4960 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:33:16.0537 4960 DPS - ok
13:33:16.0568 4960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:16.0568 4960 drmkaud - ok
13:33:16.0677 4960 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:16.0677 4960 DXGKrnl - ok
13:33:16.0708 4960 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:33:16.0708 4960 EapHost - ok
13:33:16.0942 4960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:33:16.0974 4960 ebdrv - ok
13:33:17.0067 4960 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:33:17.0067 4960 eeCtrl - ok
13:33:17.0161 4960 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:33:17.0161 4960 EFS - ok
13:33:17.0270 4960 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:33:17.0286 4960 ehRecvr - ok
13:33:17.0317 4960 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:33:17.0317 4960 ehSched - ok
13:33:17.0395 4960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:17.0410 4960 elxstor - ok
13:33:17.0426 4960 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
13:33:17.0426 4960 enecir - ok
13:33:17.0488 4960 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:33:17.0504 4960 EraserUtilRebootDrv - ok
13:33:17.0520 4960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:33:17.0520 4960 ErrDev - ok
13:33:17.0582 4960 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:33:17.0582 4960 EventSystem - ok
13:33:17.0613 4960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:17.0613 4960 exfat - ok
13:33:17.0644 4960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:17.0644 4960 fastfat - ok
13:33:17.0754 4960 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:33:17.0754 4960 Fax - ok
13:33:17.0785 4960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:33:17.0785 4960 fdc - ok
13:33:17.0785 4960 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:33:17.0800 4960 fdPHost - ok
13:33:17.0800 4960 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:33:17.0816 4960 FDResPub - ok
13:33:17.0832 4960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:17.0832 4960 FileInfo - ok
13:33:17.0847 4960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:17.0847 4960 Filetrace - ok
13:33:17.0972 4960 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:33:17.0988 4960 FLEXnet Licensing Service - ok
13:33:18.0003 4960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:18.0003 4960 flpydisk - ok
13:33:18.0034 4960 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:33:18.0034 4960 FltMgr - ok
13:33:18.0159 4960 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:33:18.0159 4960 FontCache - ok
13:33:18.0222 4960 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:18.0222 4960 FontCache3.0.0.0 - ok
13:33:18.0268 4960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:18.0268 4960 FsDepends - ok
13:33:18.0284 4960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:18.0284 4960 Fs_Rec - ok
13:33:18.0331 4960 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:18.0331 4960 fvevol - ok
13:33:18.0346 4960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:18.0346 4960 gagp30kx - ok
13:33:18.0456 4960 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:33:18.0456 4960 GameConsoleService - ok
13:33:18.0502 4960 GoToAssist - ok
13:33:18.0580 4960 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:33:18.0580 4960 gpsvc - ok
13:33:18.0596 4960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:18.0596 4960 hcw85cir - ok
13:33:18.0658 4960 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:33:18.0658 4960 HdAudAddService - ok
13:33:18.0690 4960 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:18.0690 4960 HDAudBus - ok
13:33:18.0705 4960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:18.0705 4960 HidBatt - ok
13:33:18.0721 4960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:18.0721 4960 HidBth - ok
13:33:18.0752 4960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:33:18.0752 4960 HidIr - ok
13:33:18.0768 4960 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:33:18.0768 4960 hidserv - ok
13:33:18.0799 4960 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:18.0799 4960 HidUsb - ok
13:33:18.0815 4960 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:33:18.0815 4960 hkmsvc - ok
13:33:18.0846 4960 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:33:18.0846 4960 HomeGroupListener - ok
13:33:18.0877 4960 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:33:18.0877 4960 HomeGroupProvider - ok
13:33:18.0986 4960 HP Health Check Service (be78357fb49759b79ccc01894bcfdddb) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:33:18.0986 4960 HP Health Check Service - ok
13:33:19.0080 4960 HPDrvMntSvc.exe (2dfb151fd34df104dac0adf070eda83c) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:33:19.0080 4960 HPDrvMntSvc.exe - ok
13:33:19.0095 4960 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:33:19.0095 4960 hpdskflt - ok
13:33:19.0220 4960 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:33:19.0220 4960 hpqcxs08 - ok
13:33:19.0251 4960 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:33:19.0251 4960 hpqddsvc - ok
13:33:19.0283 4960 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:33:19.0283 4960 HpqKbFiltr - ok
13:33:19.0361 4960 hpqwmiex (184c500cb9f69585f3fe85e1d2667cd8) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
13:33:19.0361 4960 hpqwmiex - ok
13:33:19.0407 4960 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:33:19.0407 4960 HpSAMD - ok
13:33:19.0501 4960 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:33:19.0517 4960 HPSLPSVC - ok
13:33:19.0532 4960 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
13:33:19.0532 4960 hpsrv - ok
13:33:19.0610 4960 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:33:19.0610 4960 HTTP - ok
13:33:19.0626 4960 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:33:19.0626 4960 hwpolicy - ok
13:33:19.0673 4960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:19.0673 4960 i8042prt - ok
13:33:19.0719 4960 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:33:19.0735 4960 iaStorV - ok
13:33:19.0860 4960 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:19.0860 4960 idsvc - ok
13:33:20.0047 4960 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120713.001\IDSvia64.sys
13:33:20.0063 4960 IDSVia64 - ok
13:33:20.0562 4960 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:33:20.0624 4960 igfx - ok
13:33:20.0765 4960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:20.0765 4960 iirsp - ok
13:33:20.0843 4960 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:33:20.0858 4960 IKEEXT - ok
13:33:20.0858 4960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:33:20.0874 4960 intelide - ok
13:33:20.0889 4960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:20.0889 4960 intelppm - ok
13:33:21.0030 4960 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:33:21.0030 4960 IntuitUpdateService - ok
13:33:21.0108 4960 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:33:21.0108 4960 IntuitUpdateServiceV4 - ok
13:33:21.0139 4960 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:33:21.0139 4960 IPBusEnum - ok
13:33:21.0170 4960 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:21.0170 4960 IpFilterDriver - ok
13:33:21.0248 4960 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:33:21.0248 4960 iphlpsvc - ok
13:33:21.0279 4960 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:33:21.0279 4960 IPMIDRV - ok
13:33:21.0311 4960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:21.0311 4960 IPNAT - ok
13:33:21.0342 4960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:21.0342 4960 IRENUM - ok
13:33:21.0357 4960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:33:21.0357 4960 isapnp - ok
13:33:21.0389 4960 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:21.0389 4960 iScsiPrt - ok
13:33:21.0404 4960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:21.0404 4960 kbdclass - ok
13:33:21.0435 4960 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:21.0435 4960 kbdhid - ok
13:33:21.0451 4960 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:33:21.0451 4960 KeyIso - ok
13:33:21.0482 4960 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:33:21.0482 4960 KSecDD - ok
13:33:21.0498 4960 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:21.0498 4960 KSecPkg - ok
13:33:21.0513 4960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:21.0513 4960 ksthunk - ok
13:33:21.0560 4960 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:33:21.0576 4960 KtmRm - ok
13:33:21.0638 4960 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:33:21.0638 4960 LanmanServer - ok
13:33:21.0669 4960 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:33:21.0669 4960 LanmanWorkstation - ok
13:33:21.0763 4960 LightScribeService (c2e324014d54daa2b5a4de47cb696fd8) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:33:21.0763 4960 LightScribeService - ok
13:33:21.0794 4960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:21.0794 4960 lltdio - ok
13:33:21.0825 4960 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:33:21.0841 4960 lltdsvc - ok
13:33:21.0857 4960 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:33:21.0857 4960 lmhosts - ok
13:33:21.0888 4960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:21.0888 4960 LSI_FC - ok
13:33:21.0903 4960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:21.0903 4960 LSI_SAS - ok
13:33:21.0919 4960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:21.0919 4960 LSI_SAS2 - ok
13:33:21.0950 4960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:21.0950 4960 LSI_SCSI - ok
13:33:21.0981 4960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:21.0981 4960 luafv - ok
13:33:22.0013 4960 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:33:22.0013 4960 Mcx2Svc - ok
13:33:22.0028 4960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:33:22.0028 4960 megasas - ok
13:33:22.0059 4960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:22.0059 4960 MegaSR - ok
13:33:22.0153 4960 Microsoft SharePoint Workspace Audit Service - ok
13:33:22.0200 4960 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:33:22.0200 4960 MMCSS - ok
13:33:22.0231 4960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:22.0231 4960 Modem - ok
13:33:22.0247 4960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:22.0247 4960 monitor - ok
13:33:22.0278 4960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:22.0278 4960 mouclass - ok
13:33:22.0309 4960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:22.0325 4960 mouhid - ok
13:33:22.0340 4960 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:33:22.0340 4960 mountmgr - ok
13:33:22.0356 4960 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:33:22.0356 4960 mpio - ok
13:33:22.0371 4960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:22.0371 4960 mpsdrv - ok
13:33:22.0449 4960 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:33:22.0465 4960 MpsSvc - ok
13:33:22.0496 4960 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:33:22.0496 4960 MRxDAV - ok
13:33:22.0512 4960 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:22.0512 4960 mrxsmb - ok
13:33:22.0559 4960 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:22.0559 4960 mrxsmb10 - ok
13:33:22.0590 4960 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:22.0590 4960 mrxsmb20 - ok
13:33:22.0605 4960 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:33:22.0605 4960 msahci - ok
13:33:22.0637 4960 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:33:22.0637 4960 msdsm - ok
13:33:22.0652 4960 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:33:22.0668 4960 MSDTC - ok
13:33:22.0683 4960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:22.0683 4960 Msfs - ok
13:33:22.0699 4960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:22.0699 4960 mshidkmdf - ok
13:33:22.0699 4960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:33:22.0699 4960 msisadrv - ok
13:33:22.0746 4960 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:33:22.0746 4960 MSiSCSI - ok
13:33:22.0746 4960 msiserver - ok
13:33:22.0793 4960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:22.0793 4960 MSKSSRV - ok
13:33:22.0793 4960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:22.0793 4960 MSPCLOCK - ok
13:33:22.0808 4960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:22.0808 4960 MSPQM - ok
13:33:22.0839 4960 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:33:22.0839 4960 MsRPC - ok
13:33:22.0855 4960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:22.0855 4960 mssmbios - ok
13:33:22.0871 4960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:22.0871 4960 MSTEE - ok
13:33:22.0902 4960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:22.0902 4960 MTConfig - ok
13:33:22.0917 4960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:22.0917 4960 Mup - ok
13:33:23.0011 4960 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
13:33:23.0011 4960 N360 - ok
13:33:23.0058 4960 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:33:23.0058 4960 napagent - ok
13:33:23.0105 4960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:23.0105 4960 NativeWifiP - ok
13:33:23.0229 4960 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.035\ENG64.SYS
13:33:23.0229 4960 NAVENG - ok
13:33:23.0401 4960 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.035\EX64.SYS
13:33:23.0401 4960 NAVEX15 - ok
13:33:23.0604 4960 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:33:23.0604 4960 NDIS - ok
13:33:23.0635 4960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:23.0635 4960 NdisCap - ok
13:33:23.0651 4960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:23.0651 4960 NdisTapi - ok
13:33:23.0682 4960 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:23.0682 4960 Ndisuio - ok
13:33:23.0697 4960 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:23.0697 4960 NdisWan - ok
13:33:23.0713 4960 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:33:23.0713 4960 NDProxy - ok
13:33:23.0744 4960 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:33:23.0760 4960 Net Driver HPZ12 - ok
13:33:23.0760 4960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:23.0760 4960 NetBIOS - ok
13:33:23.0791 4960 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:33:23.0791 4960 NetBT - ok
13:33:23.0822 4960 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:33:23.0822 4960 Netlogon - ok
13:33:23.0869 4960 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:33:23.0869 4960 Netman - ok
13:33:23.0900 4960 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:33:23.0916 4960 netprofm - ok
13:33:23.0978 4960 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:23.0978 4960 NetTcpPortSharing - ok
13:33:24.0665 4960 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:33:24.0711 4960 netw5v64 - ok
13:33:24.0836 4960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:24.0836 4960 nfrd960 - ok
13:33:24.0883 4960 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:33:24.0899 4960 NlaSvc - ok
13:33:24.0914 4960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:24.0914 4960 Npfs - ok
13:33:24.0930 4960 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:33:24.0930 4960 nsi - ok
13:33:24.0930 4960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:24.0930 4960 nsiproxy - ok
13:33:25.0101 4960 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:33:25.0117 4960 Ntfs - ok
13:33:25.0211 4960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:25.0211 4960 Null - ok
13:33:25.0242 4960 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:33:25.0242 4960 nvraid - ok
13:33:25.0273 4960 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:33:25.0273 4960 nvstor - ok
13:33:25.0289 4960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:33:25.0289 4960 nv_agp - ok
13:33:25.0320 4960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:33:25.0320 4960 ohci1394 - ok
13:33:25.0398 4960 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:25.0398 4960 ose - ok
13:33:25.0881 4960 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:33:25.0944 4960 osppsvc - ok
13:33:26.0053 4960 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:33:26.0053 4960 p2pimsvc - ok
13:33:26.0100 4960 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:33:26.0100 4960 p2psvc - ok
13:33:26.0131 4960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:33:26.0131 4960 Parport - ok
13:33:26.0162 4960 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:33:26.0162 4960 partmgr - ok
13:33:26.0193 4960 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:33:26.0193 4960 PcaSvc - ok
13:33:26.0225 4960 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:33:26.0225 4960 pci - ok
13:33:26.0240 4960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:33:26.0240 4960 pciide - ok
13:33:26.0303 4960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:26.0303 4960 pcmcia - ok
13:33:26.0318 4960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:26.0318 4960 pcw - ok
13:33:26.0381 4960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:26.0396 4960 PEAUTH - ok
13:33:26.0552 4960 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:33:26.0552 4960 PerfHost - ok
13:33:26.0771 4960 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:33:26.0786 4960 pla - ok
13:33:26.0833 4960 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
13:33:26.0833 4960 PlugPlay - ok
13:33:26.0880 4960 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:33:26.0880 4960 Pml Driver HPZ12 - ok
13:33:26.0895 4960 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:33:26.0895 4960 PNRPAutoReg - ok
13:33:26.0942 4960 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:33:26.0942 4960 PNRPsvc - ok
13:33:26.0989 4960 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:33:27.0005 4960 PolicyAgent - ok
13:33:27.0020 4960 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:33:27.0020 4960 Power - ok
13:33:27.0083 4960 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:27.0083 4960 PptpMiniport - ok
13:33:27.0114 4960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:33:27.0114 4960 Processor - ok
13:33:27.0145 4960 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:33:27.0145 4960 ProfSvc - ok
13:33:27.0161 4960 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:33:27.0161 4960 ProtectedStorage - ok
13:33:27.0192 4960 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:33:27.0192 4960 Psched - ok
13:33:27.0270 4960 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
13:33:27.0270 4960 PSI_SVC_2 - ok
13:33:27.0332 4960 PTUMLBUS (2d2847a39b74bd7db9c3ee1b24f483de) C:\Windows\system32\DRIVERS\PTUMLBUS.sys
13:33:27.0332 4960 PTUMLBUS - ok
13:33:27.0379 4960 ptumlcmsvc (a01420e33d42e778308f3e6cad569feb) C:\Windows\system32\ptumlcmsvc64.exe
13:33:27.0395 4960 ptumlcmsvc - ok
13:33:27.0426 4960 PTUMLCVsp (f66927db0c3217c88864e446f595039d) C:\Windows\system32\DRIVERS\PTUMLCVsp.sys
13:33:27.0441 4960 PTUMLCVsp - ok
13:33:27.0473 4960 PTUMLMdm (29851243e4d9cce8c93589a551b90be5) C:\Windows\system32\DRIVERS\PTUMLMdm.sys
13:33:27.0473 4960 PTUMLMdm - ok
13:33:27.0488 4960 PTUMLNET61 (cd39f0c9191da1602a60e93a7ccfb47d) C:\Windows\system32\DRIVERS\PTUMLNET61.sys
13:33:27.0488 4960 PTUMLNET61 - ok
13:33:27.0519 4960 PTUMLNVsp (8bd12022d5b79d72d9a7d91b817128c6) C:\Windows\system32\DRIVERS\PTUMLNVsp.sys
13:33:27.0519 4960 PTUMLNVsp - ok
13:33:27.0519 4960 PTUMLRMNET (364d3eb8675e1955fee9b58af7dc8e60) C:\Windows\system32\DRIVERS\PTUMLRMNET.sys
13:33:27.0535 4960 PTUMLRMNET - ok
13:33:27.0535 4960 PTUMLVsp (5f67ba20a3632c92a915854c8632b993) C:\Windows\system32\DRIVERS\PTUMLVsp.sys
13:33:27.0551 4960 PTUMLVsp - ok
13:33:27.0566 4960 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
13:33:27.0582 4960 PxHlpa64 - ok
13:33:27.0722 4960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:33:27.0738 4960 ql2300 - ok
13:33:27.0847 4960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:33:27.0847 4960 ql40xx - ok
13:33:27.0878 4960 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:33:27.0878 4960 QWAVE - ok
13:33:27.0909 4960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:33:27.0909 4960 QWAVEdrv - ok
13:33:27.0925 4960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:27.0925 4960 RasAcd - ok
13:33:27.0956 4960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:27.0956 4960 RasAgileVpn - ok
13:33:27.0972 4960 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:33:27.0987 4960 RasAuto - ok
13:33:28.0003 4960 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:28.0003 4960 Rasl2tp - ok
13:33:28.0034 4960 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:33:28.0034 4960 RasMan - ok
13:33:28.0050 4960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:28.0050 4960 RasPppoe - ok
13:33:28.0065 4960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:28.0065 4960 RasSstp - ok
13:33:28.0128 4960 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
13:33:28.0128 4960 rcmirror - ok
13:33:28.0159 4960 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:28.0175 4960 rdbss - ok
13:33:28.0190 4960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:28.0190 4960 rdpbus - ok
13:33:28.0206 4960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:28.0206 4960 RDPCDD - ok
13:33:28.0237 4960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:33:28.0237 4960 RDPENCDD - ok
13:33:28.0253 4960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:33:28.0253 4960 RDPREFMP - ok
13:33:28.0299 4960 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:33:28.0315 4960 RDPWD - ok
13:33:28.0502 4960 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:33:28.0580 4960 rdyboost - ok
13:33:28.0643 4960 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:33:28.0643 4960 RemoteAccess - ok
13:33:28.0674 4960 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:33:28.0689 4960 RemoteRegistry - ok
13:33:28.0783 4960 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
13:33:28.0783 4960 RichVideo - ok
13:33:28.0799 4960 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:33:28.0814 4960 RpcEptMapper - ok
13:33:28.0814 4960 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:33:28.0814 4960 RpcLocator - ok
13:33:28.0861 4960 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:33:28.0861 4960 RpcSs - ok
13:33:28.0923 4960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:28.0923 4960 rspndr - ok
13:33:28.0970 4960 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
13:33:28.0970 4960 RSUSBSTOR - ok
13:33:29.0017 4960 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:29.0017 4960 RTL8167 - ok
13:33:29.0017 4960 RtsUIR - ok
13:33:29.0048 4960 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:33:29.0048 4960 SamSs - ok
13:33:29.0064 4960 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:33:29.0064 4960 sbp2port - ok
13:33:29.0235 4960 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:33:29.0251 4960 SBSDWSCService - ok
13:33:29.0282 4960 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:33:29.0298 4960 SCardSvr - ok
13:33:29.0329 4960 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:29.0329 4960 scfilter - ok
13:33:29.0454 4960 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:33:29.0454 4960 Schedule - ok
13:33:29.0485 4960 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:33:29.0485 4960 SCPolicySvc - ok
13:33:29.0516 4960 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
13:33:29.0516 4960 sdbus - ok
13:33:29.0532 4960 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:33:29.0532 4960 SDRSVC - ok
13:33:29.0563 4960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:29.0563 4960 secdrv - ok
13:33:29.0579 4960 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:33:29.0579 4960 seclogon - ok
13:33:29.0594 4960 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:33:29.0594 4960 SENS - ok
13:33:29.0625 4960 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:33:29.0625 4960 SensrSvc - ok
13:33:29.0657 4960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:33:29.0657 4960 Serenum - ok
13:33:29.0719 4960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:33:29.0719 4960 Serial - ok
13:33:29.0735 4960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:33:29.0735 4960 sermouse - ok
13:33:29.0750 4960 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:33:29.0750 4960 SessionEnv - ok
13:33:29.0781 4960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:33:29.0781 4960 sffdisk - ok
13:33:29.0797 4960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:33:29.0797 4960 sffp_mmc - ok
13:33:29.0813 4960 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:33:29.0813 4960 sffp_sd - ok
13:33:29.0828 4960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:33:29.0828 4960 sfloppy - ok
13:33:29.0891 4960 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:33:29.0891 4960 SharedAccess - ok
13:33:29.0937 4960 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:33:29.0937 4960 ShellHWDetection - ok
13:33:29.0953 4960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:33:29.0953 4960 SiSRaid2 - ok
13:33:29.0969 4960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:33:29.0969 4960 SiSRaid4 - ok
13:33:30.0000 4960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:33:30.0000 4960 Smb - ok
13:33:30.0015 4960 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:33:30.0031 4960 SNMPTRAP - ok
13:33:30.0047 4960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:33:30.0047 4960 spldr - ok
13:33:30.0093 4960 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:33:30.0109 4960 Spooler - ok
13:33:30.0374 4960 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:33:30.0405 4960 sppsvc - ok
13:33:30.0499 4960 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:33:30.0499 4960 sppuinotify - ok
13:33:30.0624 4960 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
13:33:30.0624 4960 SRTSP - ok
13:33:30.0639 4960 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
13:33:30.0639 4960 SRTSPX - ok
13:33:30.0686 4960 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:33:30.0702 4960 srv - ok
13:33:30.0749 4960 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:33:30.0749 4960 srv2 - ok
13:33:30.0795 4960 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:33:30.0811 4960 SrvHsfHDA - ok
13:33:30.0920 4960 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:33:30.0936 4960 SrvHsfV92 - ok
13:33:31.0076 4960 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:33:31.0076 4960 SrvHsfWinac - ok
13:33:31.0123 4960 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:31.0123 4960 srvnet - ok
13:33:31.0154 4960 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:33:31.0170 4960 SSDPSRV - ok
13:33:31.0185 4960 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:33:31.0185 4960 SstpSvc - ok
13:33:31.0295 4960 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
13:33:31.0295 4960 STacSV - ok
13:33:31.0326 4960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:33:31.0326 4960 stexstor - ok
13:33:31.0373 4960 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
13:33:31.0388 4960 STHDA - ok
13:33:31.0435 4960 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:33:31.0435 4960 StillCam - ok
13:33:31.0497 4960 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:33:31.0497 4960 stisvc - ok
13:33:31.0529 4960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:33:31.0529 4960 swenum - ok
13:33:31.0638 4960 SWGVCSvc (ba41a448446fdf839a32e27a8dcb7c9d) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
13:33:31.0638 4960 SWGVCSvc - ok
13:33:31.0669 4960 SWIPsec (1e036f98e6c780dd7669f516e8be0cea) C:\Windows\system32\Drivers\SWIPsec.sys
13:33:31.0669 4960 SWIPsec - ok
13:33:31.0763 4960 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:33:31.0763 4960 swprv - ok
13:33:31.0778 4960 SWVNIC (dcf11e08a8524b19ec47515c22be492e) C:\Windows\system32\DRIVERS\swvnic.sys
13:33:31.0778 4960 SWVNIC - ok
13:33:31.0872 4960 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
13:33:31.0887 4960 SymDS - ok
13:33:31.0997 4960 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
13:33:31.0997 4960 SymEFA - ok
13:33:32.0043 4960 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:33:32.0043 4960 SymEvent - ok
13:33:32.0075 4960 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys
13:33:32.0075 4960 SymIM - ok
13:33:32.0121 4960 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
13:33:32.0121 4960 SymIRON - ok
13:33:32.0184 4960 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
13:33:32.0184 4960 SymNetS - ok
13:33:32.0262 4960 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
13:33:32.0262 4960 SynTP - ok
13:33:32.0418 4960 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:33:32.0433 4960 SysMain - ok
13:33:32.0527 4960 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:33:32.0527 4960 TabletInputService - ok
13:33:32.0558 4960 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:33:32.0558 4960 TapiSrv - ok
13:33:32.0574 4960 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:33:32.0589 4960 TBS - ok
13:33:32.0792 4960 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
13:33:32.0808 4960 Tcpip - ok
13:33:33.0011 4960 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:33.0026 4960 TCPIP6 - ok
13:33:33.0089 4960 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:33:33.0104 4960 tcpipreg - ok
13:33:33.0120 4960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:33:33.0120 4960 TDPIPE - ok
13:33:33.0120 4960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:33:33.0120 4960 TDTCP - ok
13:33:33.0135 4960 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:33:33.0135 4960 tdx - ok
13:33:33.0167 4960 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:33:33.0167 4960 TermDD - ok
13:33:33.0229 4960 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:33:33.0245 4960 TermService - ok
13:33:33.0245 4960 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:33:33.0260 4960 Themes - ok
13:33:33.0276 4960 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:33:33.0276 4960 THREADORDER - ok
13:33:33.0291 4960 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:33:33.0307 4960 TrkWks - ok
13:33:33.0338 4960 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:33:33.0338 4960 TrustedInstaller - ok
13:33:33.0354 4960 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:33.0354 4960 tssecsrv - ok
13:33:33.0385 4960 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:33.0385 4960 tunnel - ok
13:33:33.0401 4960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:33:33.0416 4960 uagp35 - ok
13:33:33.0463 4960 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:33:33.0463 4960 udfs - ok
13:33:33.0494 4960 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:33:33.0510 4960 UI0Detect - ok
13:33:33.0525 4960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:33:33.0541 4960 uliagpkx - ok
13:33:33.0572 4960 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:33:33.0572 4960 umbus - ok
13:33:33.0588 4960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:33.0588 4960 UmPass - ok
13:33:33.0713 4960 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:33:33.0713 4960 upnphost - ok
13:33:33.0931 4960 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:33.0931 4960 usbccgp - ok
13:33:33.0947 4960 USBCCID - ok
13:33:33.0962 4960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:33:33.0962 4960 usbcir - ok
13:33:34.0009 4960 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:34.0009 4960 usbehci - ok
13:33:34.0056 4960 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
13:33:34.0056 4960 usbfilter - ok
13:33:34.0118 4960 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:34.0118 4960 usbhub - ok
13:33:34.0165 4960 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
13:33:34.0165 4960 usbohci - ok
13:33:34.0196 4960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:34.0196 4960 usbprint - ok
13:33:34.0227 4960 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:33:34.0227 4960 usbscan - ok
13:33:34.0243 4960 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:34.0243 4960 USBSTOR - ok
13:33:34.0305 4960 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
13:33:34.0305 4960 usbuhci - ok
13:33:34.0352 4960 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:33:34.0352 4960 usbvideo - ok
13:33:34.0383 4960 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:33:34.0383 4960 UxSms - ok
13:33:34.0493 4960 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:33:34.0493 4960 VaultSvc - ok
13:33:34.0524 4960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:33:34.0524 4960 vdrvroot - ok
13:33:34.0571 4960 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:33:34.0586 4960 vds - ok
13:33:34.0602 4960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:34.0602 4960 vga - ok
13:33:34.0617 4960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:34.0617 4960 VgaSave - ok
13:33:34.0664 4960 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:33:34.0664 4960 vhdmp - ok
13:33:34.0680 4960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:33:34.0680 4960 viaide - ok
13:33:34.0695 4960 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:33:34.0695 4960 volmgr - ok
13:33:34.0727 4960 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:33:34.0742 4960 volmgrx - ok
13:33:34.0773 4960 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:33:34.0773 4960 volsnap - ok
13:33:34.0820 4960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:34.0820 4960 vsmraid - ok
13:33:34.0945 4960 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:33:34.0961 4960 VSS - ok
13:33:35.0085 4960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:35.0085 4960 vwifibus - ok
13:33:35.0101 4960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:35.0101 4960 vwififlt - ok
13:33:35.0132 4960 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:33:35.0148 4960 W32Time - ok
13:33:35.0163 4960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:35.0163 4960 WacomPen - ok
13:33:35.0195 4960 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:35.0195 4960 WANARP - ok
13:33:35.0210 4960 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:35.0210 4960 Wanarpv6 - ok
13:33:35.0319 4960 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:33:35.0335 4960 WatAdminSvc - ok
13:33:35.0460 4960 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:33:35.0475 4960 wbengine - ok
13:33:35.0569 4960 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:33:35.0569 4960 WbioSrvc - ok
13:33:35.0631 4960 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:33:35.0647 4960 wcncsvc - ok
13:33:35.0647 4960 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:33:35.0647 4960 WcsPlugInService - ok
13:33:35.0678 4960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:35.0678 4960 Wd - ok
13:33:35.0709 4960 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
13:33:35.0709 4960 WDC_SAM - ok
13:33:35.0787 4960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:35.0787 4960 Wdf01000 - ok
13:33:35.0819 4960 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:35.0819 4960 WdiServiceHost - ok
13:33:35.0819 4960 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:35.0819 4960 WdiSystemHost - ok
13:33:35.0881 4960 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:33:35.0881 4960 WebClient - ok
13:33:35.0912 4960 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:33:35.0912 4960 Wecsvc - ok
13:33:35.0943 4960 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:33:35.0943 4960 wercplsupport - ok
13:33:35.0959 4960 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:33:35.0959 4960 WerSvc - ok
13:33:36.0006 4960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:36.0006 4960 WfpLwf - ok
13:33:36.0021 4960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:36.0021 4960 WIMMount - ok
13:33:36.0068 4960 WinDefend - ok
13:33:36.0068 4960 WinHttpAutoProxySvc - ok
13:33:36.0115 4960 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:33:36.0115 4960 Winmgmt - ok
13:33:36.0271 4960 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:33:36.0302 4960 WinRM - ok
13:33:36.0427 4960 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:33:36.0427 4960 WinUsb - ok
13:33:36.0505 4960 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:33:36.0521 4960 Wlansvc - ok
13:33:36.0536 4960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:36.0536 4960 WmiAcpi - ok
13:33:36.0599 4960 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:33:36.0599 4960 wmiApSrv - ok
13:33:36.0614 4960 WMPNetworkSvc - ok
13:33:36.0630 4960 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:33:36.0630 4960 WPCSvc - ok
13:33:36.0645 4960 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:33:36.0645 4960 WPDBusEnum - ok
13:33:36.0661 4960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:36.0661 4960 ws2ifsl - ok
13:33:36.0723 4960 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
13:33:36.0739 4960 wscsvc - ok
13:33:36.0786 4960 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:33:36.0786 4960 WSDPrintDevice - ok
13:33:36.0786 4960 WSearch - ok
13:33:37.0035 4960 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:33:37.0051 4960 wuauserv - ok
13:33:37.0176 4960 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:33:37.0176 4960 WudfPf - ok
13:33:37.0223 4960 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:37.0223 4960 WUDFRd - ok
13:33:37.0254 4960 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:33:37.0254 4960 wudfsvc - ok
13:33:37.0285 4960 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:33:37.0285 4960 WwanSvc - ok
13:33:37.0332 4960 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
13:33:37.0332 4960 yukonw7 - ok
13:33:37.0472 4960 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
13:33:37.0472 4960 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
13:33:37.0503 4960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:37.0753 4960 \Device\Harddisk0\DR0 - ok
13:33:37.0753 4960 Boot (0x1200) (f4fae9c222c25acf279697a8696b88b5) \Device\Harddisk0\DR0\Partition0
13:33:37.0753 4960 \Device\Harddisk0\DR0\Partition0 - ok
13:33:37.0769 4960 Boot (0x1200) (1c8aab63049b06ae57a2bc99b0526d3d) \Device\Harddisk0\DR0\Partition1
13:33:37.0769 4960 \Device\Harddisk0\DR0\Partition1 - ok
13:33:37.0800 4960 Boot (0x1200) (14026a4e6d6af3cbddffc1295228ec47) \Device\Harddisk0\DR0\Partition2
13:33:37.0800 4960 \Device\Harddisk0\DR0\Partition2 - ok
13:33:37.0815 4960 Boot (0x1200) (6a1bb5ddd5d6316b117a6e6d5ea45961) \Device\Harddisk0\DR0\Partition3
13:33:37.0815 4960 \Device\Harddisk0\DR0\Partition3 - ok
13:33:37.0815 4960 ============================================================
13:33:37.0815 4960 Scan finished
13:33:37.0815 4960 ============================================================
13:33:37.0831 4956 Detected object count: 0
13:33:37.0831 4956 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users