Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lumivexdopag.exe Virus?


  • This topic is locked This topic is locked
7 replies to this topic

#1 christianne

christianne

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 15 October 2012 - 10:34 AM

Hello, all!

Yesterday I kept receiving pop-up messages on my computer (Windows 7 x64) asking for permission to execute a file called Lumivexdopag.exe. As I was unfamiliar with this, I tried to deny permission, but the notification window just kept popping back up (I eventually figured out that right-clicking on the X in the top right-hand corner would allow me to close it, though it remained open in my taskbar). I figured it was a virus, but the only mention of it I could find online was in a forum written entirely in French (forum.malekal.com/trojan-demarrage-t40630.html, if anyone here is a Francophone). I ran Malware Bytes, which identified this and a couple other trojans, and I removed them. I also updated my security--my Symantec Endpoint had just expired, and I installed Windows Security Essentials. This required me to restart my computer, which I did, and went to bed.

This morning, my desktop looked entirely different than usual--missing shortcuts, wallpaper, etc.--but I saw that all my Office documents were intact, so I just logged off and when I logged back in, my regular desktop appeared. I ran a quick scan using Malware Bytes just to make sure all viruses from last night had been removed, and when it notified me that two additional trojans were found, I deleted them and restarted the computer again. When I logged back on, all of my Office documents (Excel, Word, PPT) were missing (all my photos and music are intact). When I search for files by name, they appear, but when I click on them, I get the message: "The item [xxx] that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?"

I also noticed, at this time, that the "My documents" folder had a creation date of today (10/15) rather than the 2008 date when it was actually created. I panicked and ran System Restore, hoping that this would help...but no dice (yes, I should have known this). I have all my important documents saved on an external hard drive, so it's not the end of the world if these files have been deleted, but my question is whether or not they *are* actually gone (as in, deleted) OR if they might be hidden somewhere.

On a related note, I followed the guidelines I found on this forum for "unhiding" files just in case this was what happened, but when I tried to "unhide" the files using the "C:\>ATTRIB -R -S -H *.*" command that others have recommended, but received "access denied" messages (I ran it as an administrator after disabling User Account Control). Unhide.exe also didn't appear to have done anything to make files appear.

My apologies for the long message--the short question is: are my Office files gone, or hidden as the result of a virus?

Best regards,
Christianne



DDS log below:

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Christianne at 10:55:22 on 2012-10-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4178 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files\Pogoplug\dokanmnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pogoplug\ppfs.exe
C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ppfs.exe] C:\Program Files\Pogoplug\ppfs.exe -s
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B4CAA929-01D8-4855-947A-90D52D37B9F7} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christianne\AppData\Roaming\Mozilla\Firefox\Profiles\srtdqap2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christianne\AppData\Local\Citrix\Plugins\60\npappdetector.dll
FF - plugin: C:\Users\Christianne\AppData\Roaming\Mozilla\Firefox\Profiles\srtdqap2.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\Christianne\AppData\Roaming\Mozilla\Firefox\Profiles\srtdqap2.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2010-02-23 14:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-3 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys [2011-6-17 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys [2011-6-17 928888]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120921.001\IDSviA64.sys [2012-9-22 513184]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\symnets.sys [2011-6-17 386168]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-3 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 DokanCEDriver;DokanCEDriver;C:\Program Files\Pogoplug\dokance.sys [2010-4-1 65128]
R2 DokanCEMounter;DokanCEMounter;C:\Program Files\Pogoplug\dokanmnt.exe [2010-4-1 132712]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-17 137224]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-8-16 592120]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120918.012\BHDrvx64.sys [2012-9-21 1385120]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys [2011-6-17 170104]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro35.sys [2011-9-9 25160]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2010-2-23 38536]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-5-9 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
.
=============== Created Last 30 ================
.
2012-10-15 14:34:47 -------- d-----w- C:\Users\Christianne\AppData\Local\{F19CDDEA-418B-4838-952C-1A3E06A4BA2D}
2012-10-15 13:54:21 -------- d-----w- C:\Users\Christianne\AppData\Local\Macromedia
2012-10-15 13:51:24 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13C42486-1A84-4810-9CF9-526C062DB000}\mpengine.dll
2012-10-15 13:50:38 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-15 13:50:30 -------- d-----w- C:\Users\Christianne\AppData\Local\{CB6585D6-EE1B-4D20-B96F-E4462C2CE32E}
2012-10-15 12:45:52 -------- d-----w- C:\Users\Christianne\AppData\Local\{17DE65B2-1184-4C7A-BE12-834710DEE423}
2012-10-15 00:53:42 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-15 00:08:20 -------- d-----w- C:\Users\Christianne\AppData\Local\{57586BAA-CD5C-4576-B704-5E0700BC976F}
2012-10-11 07:24:29 -------- d-----w- C:\Users\Christianne\AppData\Local\{99B103C1-281C-4164-8CEC-AB3691993F2B}
2012-10-02 11:26:04 -------- d-----w- C:\Users\Christianne\AppData\Local\{91F66B5C-3589-4C4A-9A6D-D91F26EF513C}
2012-09-24 17:43:24 -------- d-----w- C:\Users\Christianne\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-09-22 07:19:45 -------- d-----w- C:\Users\Christianne\AppData\Local\{7BE50E71-553F-46C9-9381-F794C790DC46}
2012-09-21 17:23:55 -------- d-----w- C:\Users\Christianne\AppData\Local\Citrix
2012-09-18 13:36:19 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-18 13:35:37 -------- d-----w- C:\Program Files\iPod
2012-09-18 13:35:36 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-18 13:35:36 -------- d-----w- C:\Program Files\iTunes
2012-09-18 13:35:36 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-10-15 13:50:38 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 15:24:54 60304 ----a-w- C:\Users\Christianne\g2mdlhlpx.exe
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:55:39.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 16 October 2012 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with this.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 christianne

christianne
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 17 October 2012 - 09:12 AM

Hi Nasdaq,

Thanks for the reply. I recovered some missing Office files using Recuva, but am still concerned about what caused this in the first place...TDSS log below, MBR.dat attached as .zip file per your request.

Best regards,
Christianne


TDSS log:
10:04:17.0189 3548 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
10:04:17.0442 3548 ============================================================
10:04:17.0442 3548 Current date / time: 2012/10/17 10:04:17.0442
10:04:17.0442 3548 SystemInfo:
10:04:17.0442 3548
10:04:17.0442 3548 OS Version: 6.1.7601 ServicePack: 1.0
10:04:17.0442 3548 Product type: Workstation
10:04:17.0442 3548 ComputerName: XPS8000
10:04:17.0442 3548 UserName: Christianne
10:04:17.0442 3548 Windows directory: C:\Windows
10:04:17.0442 3548 System windows directory: C:\Windows
10:04:17.0442 3548 Running under WOW64
10:04:17.0442 3548 Processor architecture: Intel x64
10:04:17.0442 3548 Number of processors: 4
10:04:17.0442 3548 Page size: 0x1000
10:04:17.0442 3548 Boot type: Normal boot
10:04:17.0442 3548 ============================================================
10:04:18.0222 3548 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:04:18.0236 3548 ============================================================
10:04:18.0236 3548 \Device\Harddisk0\DR0:
10:04:18.0236 3548 MBR partitions:
10:04:18.0236 3548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
10:04:18.0236 3548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x55722000
10:04:18.0236 3548 ============================================================
10:04:18.0266 3548 C: <-> \Device\Harddisk0\DR0\Partition2
10:04:18.0291 3548 D: <-> \Device\Harddisk0\DR0\Partition1
10:04:18.0291 3548 ============================================================
10:04:18.0291 3548 Initialize success
10:04:18.0291 3548 ============================================================
10:04:19.0540 3180 ============================================================
10:04:19.0540 3180 Scan started
10:04:19.0540 3180 Mode: Manual;
10:04:19.0540 3180 ============================================================
10:04:20.0113 3180 ================ Scan system memory ========================
10:04:20.0113 3180 System memory - ok
10:04:20.0113 3180 ================ Scan services =============================
10:04:20.0235 3180 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:04:20.0238 3180 1394ohci - ok
10:04:20.0269 3180 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:04:20.0274 3180 ACPI - ok
10:04:20.0293 3180 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:04:20.0294 3180 AcpiPmi - ok
10:04:20.0410 3180 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:04:20.0411 3180 AdobeARMservice - ok
10:04:20.0453 3180 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:04:20.0460 3180 adp94xx - ok
10:04:20.0480 3180 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:04:20.0485 3180 adpahci - ok
10:04:20.0500 3180 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:04:20.0503 3180 adpu320 - ok
10:04:20.0529 3180 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:04:20.0530 3180 AeLookupSvc - ok
10:04:20.0592 3180 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:04:20.0594 3180 AERTFilters - ok
10:04:20.0628 3180 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:04:20.0635 3180 AFD - ok
10:04:20.0655 3180 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:04:20.0657 3180 agp440 - ok
10:04:20.0670 3180 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:04:20.0673 3180 ALG - ok
10:04:20.0686 3180 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:04:20.0686 3180 aliide - ok
10:04:20.0715 3180 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:04:20.0718 3180 AMD External Events Utility - ok
10:04:20.0729 3180 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:04:20.0730 3180 amdide - ok
10:04:20.0742 3180 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:04:20.0743 3180 AmdK8 - ok
10:04:20.0759 3180 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:04:20.0761 3180 AmdPPM - ok
10:04:20.0783 3180 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:04:20.0785 3180 amdsata - ok
10:04:20.0798 3180 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:04:20.0801 3180 amdsbs - ok
10:04:20.0814 3180 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:04:20.0814 3180 amdxata - ok
10:04:20.0853 3180 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:04:20.0855 3180 AppID - ok
10:04:20.0880 3180 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:04:20.0881 3180 AppIDSvc - ok
10:04:20.0915 3180 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:04:20.0917 3180 Appinfo - ok
10:04:20.0974 3180 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:04:20.0975 3180 Apple Mobile Device - ok
10:04:21.0015 3180 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:04:21.0019 3180 AppMgmt - ok
10:04:21.0035 3180 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:04:21.0037 3180 arc - ok
10:04:21.0058 3180 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:04:21.0060 3180 arcsas - ok
10:04:21.0075 3180 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:04:21.0075 3180 AsyncMac - ok
10:04:21.0085 3180 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:04:21.0085 3180 atapi - ok
10:04:21.0203 3180 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:04:21.0305 3180 atikmdag - ok
10:04:21.0346 3180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:04:21.0354 3180 AudioEndpointBuilder - ok
10:04:21.0365 3180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:04:21.0369 3180 AudioSrv - ok
10:04:21.0412 3180 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:04:21.0414 3180 AxInstSV - ok
10:04:21.0434 3180 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:04:21.0439 3180 b06bdrv - ok
10:04:21.0472 3180 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:04:21.0475 3180 b57nd60a - ok
10:04:21.0492 3180 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:04:21.0494 3180 BDESVC - ok
10:04:21.0505 3180 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:04:21.0505 3180 Beep - ok
10:04:21.0524 3180 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:04:21.0532 3180 BFE - ok
10:04:21.0662 3180 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120918.012\BHDrvx64.sys
10:04:21.0675 3180 BHDrvx64 - ok
10:04:21.0702 3180 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:04:21.0717 3180 BITS - ok
10:04:21.0741 3180 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:04:21.0743 3180 blbdrive - ok
10:04:21.0773 3180 [ E869C8C360F3705DA7875327DA616F11 ] Blfp C:\Windows\system32\DRIVERS\basp.sys
10:04:21.0775 3180 Blfp - ok
10:04:21.0838 3180 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:04:21.0845 3180 Bonjour Service - ok
10:04:21.0872 3180 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:04:21.0874 3180 bowser - ok
10:04:21.0885 3180 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:04:21.0885 3180 BrFiltLo - ok
10:04:21.0899 3180 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:04:21.0899 3180 BrFiltUp - ok
10:04:21.0942 3180 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:04:21.0944 3180 Browser - ok
10:04:21.0963 3180 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:04:21.0967 3180 Brserid - ok
10:04:21.0985 3180 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:04:21.0986 3180 BrSerWdm - ok
10:04:22.0001 3180 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:04:22.0002 3180 BrUsbMdm - ok
10:04:22.0012 3180 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:04:22.0012 3180 BrUsbSer - ok
10:04:22.0024 3180 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:04:22.0026 3180 BTHMODEM - ok
10:04:22.0066 3180 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:04:22.0069 3180 bthserv - ok
10:04:22.0074 3180 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:04:22.0076 3180 cdfs - ok
10:04:22.0113 3180 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:04:22.0116 3180 cdrom - ok
10:04:22.0144 3180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:04:22.0146 3180 CertPropSvc - ok
10:04:22.0161 3180 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:04:22.0163 3180 circlass - ok
10:04:22.0211 3180 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:04:22.0216 3180 CLFS - ok
10:04:22.0287 3180 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:04:22.0289 3180 clr_optimization_v2.0.50727_32 - ok
10:04:22.0345 3180 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:04:22.0347 3180 clr_optimization_v2.0.50727_64 - ok
10:04:22.0364 3180 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:04:22.0365 3180 CmBatt - ok
10:04:22.0376 3180 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:04:22.0376 3180 cmdide - ok
10:04:22.0410 3180 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:04:22.0416 3180 CNG - ok
10:04:22.0429 3180 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:04:22.0430 3180 Compbatt - ok
10:04:22.0443 3180 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:04:22.0444 3180 CompositeBus - ok
10:04:22.0448 3180 COMSysApp - ok
10:04:22.0463 3180 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:04:22.0463 3180 crcdisk - ok
10:04:22.0496 3180 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:04:22.0500 3180 CryptSvc - ok
10:04:22.0535 3180 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:04:22.0543 3180 CSC - ok
10:04:22.0563 3180 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:04:22.0573 3180 CscService - ok
10:04:22.0593 3180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:04:22.0602 3180 DcomLaunch - ok
10:04:22.0618 3180 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:04:22.0623 3180 defragsvc - ok
10:04:22.0646 3180 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:04:22.0648 3180 DfsC - ok
10:04:22.0668 3180 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:04:22.0673 3180 Dhcp - ok
10:04:22.0684 3180 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:04:22.0685 3180 discache - ok
10:04:22.0695 3180 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:04:22.0697 3180 Disk - ok
10:04:22.0719 3180 dlea_device - ok
10:04:22.0744 3180 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:04:22.0747 3180 Dnscache - ok
10:04:22.0793 3180 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
10:04:22.0795 3180 DockLoginService - ok
10:04:22.0835 3180 [ 164DC94C0C9246466801CA71D943A9FB ] DokanCEDriver C:\Program Files\Pogoplug\dokance.sys
10:04:22.0836 3180 DokanCEDriver - ok
10:04:22.0846 3180 [ EDF0F933AA256EB02506888D254FFA86 ] DokanCEMounter C:\Program Files\Pogoplug\dokanmnt.exe
10:04:22.0847 3180 DokanCEMounter - ok
10:04:22.0881 3180 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:04:22.0886 3180 dot3svc - ok
10:04:22.0915 3180 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:04:22.0918 3180 DPS - ok
10:04:22.0943 3180 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:04:22.0944 3180 drmkaud - ok
10:04:22.0975 3180 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:04:22.0983 3180 DXGKrnl - ok
10:04:23.0011 3180 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:04:23.0014 3180 EapHost - ok
10:04:23.0087 3180 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:04:23.0153 3180 ebdrv - ok
10:04:23.0206 3180 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:04:23.0208 3180 eeCtrl - ok
10:04:23.0223 3180 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:04:23.0224 3180 EFS - ok
10:04:23.0273 3180 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:04:23.0283 3180 ehRecvr - ok
10:04:23.0311 3180 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:04:23.0314 3180 ehSched - ok
10:04:23.0343 3180 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:04:23.0350 3180 elxstor - ok
10:04:23.0360 3180 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:04:23.0361 3180 ErrDev - ok
10:04:23.0395 3180 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:04:23.0401 3180 EventSystem - ok
10:04:23.0417 3180 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:04:23.0420 3180 exfat - ok
10:04:23.0432 3180 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:04:23.0435 3180 fastfat - ok
10:04:23.0464 3180 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:04:23.0474 3180 Fax - ok
10:04:23.0486 3180 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:04:23.0487 3180 fdc - ok
10:04:23.0500 3180 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:04:23.0502 3180 fdPHost - ok
10:04:23.0513 3180 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:04:23.0515 3180 FDResPub - ok
10:04:23.0524 3180 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:04:23.0525 3180 FileInfo - ok
10:04:23.0532 3180 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:04:23.0534 3180 Filetrace - ok
10:04:23.0549 3180 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:04:23.0550 3180 flpydisk - ok
10:04:23.0569 3180 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:04:23.0572 3180 FltMgr - ok
10:04:23.0612 3180 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
10:04:23.0638 3180 FontCache - ok
10:04:23.0691 3180 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:04:23.0692 3180 FontCache3.0.0.0 - ok
10:04:23.0700 3180 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:04:23.0702 3180 FsDepends - ok
10:04:23.0721 3180 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:04:23.0722 3180 Fs_Rec - ok
10:04:23.0751 3180 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:04:23.0754 3180 fvevol - ok
10:04:23.0769 3180 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:04:23.0770 3180 gagp30kx - ok
10:04:23.0802 3180 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:04:23.0802 3180 GEARAspiWDM - ok
10:04:23.0828 3180 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:04:23.0838 3180 gpsvc - ok
10:04:23.0912 3180 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:04:23.0914 3180 gupdate - ok
10:04:23.0944 3180 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:04:23.0945 3180 gupdatem - ok
10:04:23.0962 3180 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:04:23.0964 3180 hcw85cir - ok
10:04:24.0002 3180 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:04:24.0007 3180 HdAudAddService - ok
10:04:24.0025 3180 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:04:24.0028 3180 HDAudBus - ok
10:04:24.0040 3180 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:04:24.0042 3180 HidBatt - ok
10:04:24.0057 3180 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:04:24.0060 3180 HidBth - ok
10:04:24.0075 3180 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:04:24.0076 3180 HidIr - ok
10:04:24.0103 3180 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:04:24.0105 3180 hidserv - ok
10:04:24.0140 3180 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:04:24.0140 3180 HidUsb - ok
10:04:24.0161 3180 [ C6FF685E2EA55C3AC5C90B9E7D6930C0 ] hitmanpro35 C:\Windows\system32\drivers\hitmanpro35.sys
10:04:24.0162 3180 hitmanpro35 - ok
10:04:24.0190 3180 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:04:24.0193 3180 hkmsvc - ok
10:04:24.0224 3180 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:04:24.0229 3180 HomeGroupListener - ok
10:04:24.0254 3180 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:04:24.0258 3180 HomeGroupProvider - ok
10:04:24.0273 3180 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:04:24.0275 3180 HpSAMD - ok
10:04:24.0298 3180 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:04:24.0299 3180 HTCAND64 - ok
10:04:24.0352 3180 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:04:24.0363 3180 HTTP - ok
10:04:24.0396 3180 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:04:24.0397 3180 hwpolicy - ok
10:04:24.0412 3180 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:04:24.0414 3180 i8042prt - ok
10:04:24.0432 3180 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:04:24.0438 3180 iaStorV - ok
10:04:24.0474 3180 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:04:24.0485 3180 idsvc - ok
10:04:24.0524 3180 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120921.001\IDSvia64.sys
10:04:24.0528 3180 IDSVia64 - ok
10:04:24.0550 3180 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:04:24.0552 3180 iirsp - ok
10:04:24.0587 3180 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:04:24.0599 3180 IKEEXT - ok
10:04:24.0653 3180 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:04:24.0669 3180 IntcAzAudAddService - ok
10:04:24.0690 3180 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:04:24.0690 3180 intelide - ok
10:04:24.0700 3180 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:04:24.0701 3180 intelppm - ok
10:04:24.0739 3180 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:04:24.0743 3180 IPBusEnum - ok
10:04:24.0770 3180 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:04:24.0773 3180 IpFilterDriver - ok
10:04:24.0806 3180 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:04:24.0814 3180 iphlpsvc - ok
10:04:24.0830 3180 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:04:24.0832 3180 IPMIDRV - ok
10:04:24.0847 3180 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:04:24.0850 3180 IPNAT - ok
10:04:24.0911 3180 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:04:24.0922 3180 iPod Service - ok
10:04:24.0946 3180 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:04:24.0946 3180 IRENUM - ok
10:04:24.0965 3180 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:04:24.0966 3180 isapnp - ok
10:04:24.0983 3180 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:04:24.0986 3180 iScsiPrt - ok
10:04:25.0027 3180 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
10:04:25.0029 3180 k57nd60a - ok
10:04:25.0052 3180 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:04:25.0052 3180 kbdclass - ok
10:04:25.0078 3180 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:04:25.0079 3180 kbdhid - ok
10:04:25.0096 3180 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:04:25.0097 3180 KeyIso - ok
10:04:25.0128 3180 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:04:25.0130 3180 KSecDD - ok
10:04:25.0145 3180 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:04:25.0147 3180 KSecPkg - ok
10:04:25.0161 3180 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:04:25.0162 3180 ksthunk - ok
10:04:25.0195 3180 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:04:25.0201 3180 KtmRm - ok
10:04:25.0233 3180 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:04:25.0238 3180 LanmanServer - ok
10:04:25.0272 3180 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:04:25.0276 3180 LanmanWorkstation - ok
10:04:25.0351 3180 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:04:25.0356 3180 LBTServ - ok
10:04:25.0381 3180 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:04:25.0382 3180 LEqdUsb - ok
10:04:25.0407 3180 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:04:25.0408 3180 LHidEqd - ok
10:04:25.0432 3180 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:04:25.0433 3180 LHidFilt - ok
10:04:25.0452 3180 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:04:25.0453 3180 lltdio - ok
10:04:25.0478 3180 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:04:25.0483 3180 lltdsvc - ok
10:04:25.0488 3180 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:04:25.0490 3180 lmhosts - ok
10:04:25.0504 3180 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:04:25.0505 3180 LMouFilt - ok
10:04:25.0533 3180 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:04:25.0535 3180 LSI_FC - ok
10:04:25.0548 3180 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:04:25.0551 3180 LSI_SAS - ok
10:04:25.0569 3180 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:04:25.0571 3180 LSI_SAS2 - ok
10:04:25.0588 3180 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:04:25.0590 3180 LSI_SCSI - ok
10:04:25.0609 3180 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:04:25.0611 3180 luafv - ok
10:04:25.0638 3180 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:04:25.0641 3180 Mcx2Svc - ok
10:04:25.0652 3180 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:04:25.0653 3180 megasas - ok
10:04:25.0662 3180 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:04:25.0666 3180 MegaSR - ok
10:04:25.0687 3180 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:04:25.0691 3180 MMCSS - ok
10:04:25.0706 3180 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:04:25.0707 3180 Modem - ok
10:04:25.0718 3180 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:04:25.0718 3180 monitor - ok
10:04:25.0754 3180 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:04:25.0755 3180 mouclass - ok
10:04:25.0767 3180 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:04:25.0769 3180 mouhid - ok
10:04:25.0798 3180 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:04:25.0800 3180 mountmgr - ok
10:04:25.0849 3180 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:04:25.0850 3180 MozillaMaintenance - ok
10:04:25.0874 3180 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:04:25.0877 3180 mpio - ok
10:04:25.0899 3180 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:04:25.0900 3180 mpsdrv - ok
10:04:25.0946 3180 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:04:25.0959 3180 MpsSvc - ok
10:04:25.0991 3180 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:04:25.0993 3180 MRxDAV - ok
10:04:26.0020 3180 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:04:26.0022 3180 mrxsmb - ok
10:04:26.0051 3180 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:04:26.0055 3180 mrxsmb10 - ok
10:04:26.0068 3180 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:04:26.0070 3180 mrxsmb20 - ok
10:04:26.0087 3180 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:04:26.0089 3180 msahci - ok
10:04:26.0101 3180 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:04:26.0104 3180 msdsm - ok
10:04:26.0120 3180 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:04:26.0123 3180 MSDTC - ok
10:04:26.0141 3180 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:04:26.0142 3180 Msfs - ok
10:04:26.0153 3180 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:04:26.0154 3180 mshidkmdf - ok
10:04:26.0157 3180 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:04:26.0158 3180 msisadrv - ok
10:04:26.0198 3180 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:04:26.0201 3180 MSiSCSI - ok
10:04:26.0205 3180 msiserver - ok
10:04:26.0219 3180 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:04:26.0220 3180 MSKSSRV - ok
10:04:26.0228 3180 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:04:26.0230 3180 MSPCLOCK - ok
10:04:26.0236 3180 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:04:26.0236 3180 MSPQM - ok
10:04:26.0259 3180 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:04:26.0264 3180 MsRPC - ok
10:04:26.0279 3180 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:04:26.0279 3180 mssmbios - ok
10:04:26.0291 3180 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:04:26.0292 3180 MSTEE - ok
10:04:26.0301 3180 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:04:26.0302 3180 MTConfig - ok
10:04:26.0323 3180 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:04:26.0324 3180 Mup - ok
10:04:26.0339 3180 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:04:26.0346 3180 napagent - ok
10:04:26.0378 3180 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:04:26.0382 3180 NativeWifiP - ok
10:04:26.0426 3180 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120921.033\ENG64.SYS
10:04:26.0428 3180 NAVENG - ok
10:04:26.0475 3180 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120921.033\EX64.SYS
10:04:26.0516 3180 NAVEX15 - ok
10:04:26.0555 3180 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:04:26.0568 3180 NDIS - ok
10:04:26.0592 3180 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:04:26.0593 3180 NdisCap - ok
10:04:26.0606 3180 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:04:26.0607 3180 NdisTapi - ok
10:04:26.0632 3180 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:04:26.0633 3180 Ndisuio - ok
10:04:26.0663 3180 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:04:26.0666 3180 NdisWan - ok
10:04:26.0698 3180 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:04:26.0700 3180 NDProxy - ok
10:04:26.0747 3180 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:04:26.0749 3180 Net Driver HPZ12 - ok
10:04:26.0764 3180 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:04:26.0765 3180 NetBIOS - ok
10:04:26.0786 3180 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:04:26.0791 3180 NetBT - ok
10:04:26.0803 3180 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:04:26.0805 3180 Netlogon - ok
10:04:26.0841 3180 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:04:26.0848 3180 Netman - ok
10:04:26.0872 3180 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:04:26.0881 3180 netprofm - ok
10:04:26.0909 3180 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:04:26.0911 3180 NetTcpPortSharing - ok
10:04:26.0928 3180 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:04:26.0930 3180 nfrd960 - ok
10:04:26.0946 3180 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:04:26.0952 3180 NlaSvc - ok
10:04:26.0967 3180 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:04:26.0968 3180 Npfs - ok
10:04:26.0983 3180 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:04:26.0986 3180 nsi - ok
10:04:26.0998 3180 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:04:26.0999 3180 nsiproxy - ok
10:04:27.0045 3180 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:04:27.0080 3180 Ntfs - ok
10:04:27.0102 3180 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:04:27.0104 3180 Null - ok
10:04:27.0126 3180 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:04:27.0129 3180 nvraid - ok
10:04:27.0167 3180 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:04:27.0170 3180 nvstor - ok
10:04:27.0204 3180 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:04:27.0207 3180 nv_agp - ok
10:04:27.0327 3180 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:04:27.0353 3180 odserv - ok
10:04:27.0386 3180 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:04:27.0414 3180 ohci1394 - ok
10:04:27.0430 3180 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:04:27.0432 3180 ose - ok
10:04:27.0466 3180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:04:27.0473 3180 p2pimsvc - ok
10:04:27.0507 3180 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:04:27.0516 3180 p2psvc - ok
10:04:27.0529 3180 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:04:27.0531 3180 Parport - ok
10:04:27.0550 3180 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:04:27.0551 3180 partmgr - ok
10:04:27.0564 3180 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:04:27.0569 3180 PcaSvc - ok
10:04:27.0587 3180 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:04:27.0590 3180 pci - ok
10:04:27.0602 3180 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:04:27.0603 3180 pciide - ok
10:04:27.0619 3180 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:04:27.0623 3180 pcmcia - ok
10:04:27.0638 3180 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:04:27.0639 3180 pcw - ok
10:04:27.0659 3180 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:04:27.0668 3180 PEAUTH - ok
10:04:27.0720 3180 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:04:27.0754 3180 PeerDistSvc - ok
10:04:27.0819 3180 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:04:27.0821 3180 PerfHost - ok
10:04:27.0876 3180 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:04:27.0910 3180 pla - ok
10:04:27.0954 3180 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:04:27.0962 3180 PlugPlay - ok
10:04:27.0993 3180 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:04:27.0995 3180 Pml Driver HPZ12 - ok
10:04:28.0014 3180 [ 34BFC6ED31B4E8BE940C884B8AC7D9DF ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
10:04:28.0014 3180 pmxdrv - ok
10:04:28.0028 3180 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:04:28.0031 3180 PNRPAutoReg - ok
10:04:28.0048 3180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:04:28.0053 3180 PNRPsvc - ok
10:04:28.0088 3180 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:04:28.0096 3180 PolicyAgent - ok
10:04:28.0123 3180 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:04:28.0127 3180 Power - ok
10:04:28.0143 3180 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:04:28.0146 3180 PptpMiniport - ok
10:04:28.0163 3180 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:04:28.0165 3180 Processor - ok
10:04:28.0182 3180 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
10:04:28.0187 3180 ProfSvc - ok
10:04:28.0201 3180 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:04:28.0203 3180 ProtectedStorage - ok
10:04:28.0246 3180 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:04:28.0248 3180 Psched - ok
10:04:28.0272 3180 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:04:28.0273 3180 PxHlpa64 - ok
10:04:28.0315 3180 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:04:28.0349 3180 ql2300 - ok
10:04:28.0375 3180 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:04:28.0378 3180 ql40xx - ok
10:04:28.0406 3180 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:04:28.0412 3180 QWAVE - ok
10:04:28.0421 3180 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:04:28.0423 3180 QWAVEdrv - ok
10:04:28.0438 3180 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:04:28.0439 3180 RasAcd - ok
10:04:28.0451 3180 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:04:28.0452 3180 RasAgileVpn - ok
10:04:28.0466 3180 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:04:28.0470 3180 RasAuto - ok
10:04:28.0494 3180 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:04:28.0496 3180 Rasl2tp - ok
10:04:28.0536 3180 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:04:28.0542 3180 RasMan - ok
10:04:28.0552 3180 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:04:28.0554 3180 RasPppoe - ok
10:04:28.0567 3180 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:04:28.0569 3180 RasSstp - ok
10:04:28.0585 3180 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:04:28.0589 3180 rdbss - ok
10:04:28.0600 3180 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:04:28.0601 3180 rdpbus - ok
10:04:28.0611 3180 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:04:28.0611 3180 RDPCDD - ok
10:04:28.0643 3180 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:04:28.0646 3180 RDPDR - ok
10:04:28.0668 3180 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:04:28.0669 3180 RDPENCDD - ok
10:04:28.0678 3180 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:04:28.0679 3180 RDPREFMP - ok
10:04:28.0713 3180 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:04:28.0714 3180 RdpVideoMiniport - ok
10:04:28.0742 3180 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:04:28.0745 3180 RDPWD - ok
10:04:28.0764 3180 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:04:28.0767 3180 rdyboost - ok
10:04:28.0794 3180 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:04:28.0797 3180 RemoteAccess - ok
10:04:28.0812 3180 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:04:28.0817 3180 RemoteRegistry - ok
10:04:28.0823 3180 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:04:28.0826 3180 RpcEptMapper - ok
10:04:28.0840 3180 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:04:28.0842 3180 RpcLocator - ok
10:04:28.0879 3180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:04:28.0885 3180 RpcSs - ok
10:04:28.0901 3180 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:04:28.0903 3180 rspndr - ok
10:04:28.0922 3180 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:04:28.0922 3180 s3cap - ok
10:04:28.0934 3180 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:04:28.0936 3180 SamSs - ok
10:04:28.0948 3180 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:04:28.0950 3180 sbp2port - ok
10:04:28.0983 3180 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:04:28.0988 3180 SCardSvr - ok
10:04:29.0018 3180 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:04:29.0020 3180 scfilter - ok
10:04:29.0064 3180 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:04:29.0091 3180 Schedule - ok
10:04:29.0120 3180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:04:29.0121 3180 SCPolicySvc - ok
10:04:29.0148 3180 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:04:29.0153 3180 SDRSVC - ok
10:04:29.0177 3180 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:04:29.0178 3180 secdrv - ok
10:04:29.0191 3180 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:04:29.0194 3180 seclogon - ok
10:04:29.0206 3180 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:04:29.0210 3180 SENS - ok
10:04:29.0215 3180 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:04:29.0217 3180 SensrSvc - ok
10:04:29.0289 3180 [ 7E2C360B6CC0D87B8EF38439B53DFC71 ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
10:04:29.0292 3180 SepMasterService - ok
10:04:29.0309 3180 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:04:29.0310 3180 Serenum - ok
10:04:29.0335 3180 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:04:29.0337 3180 Serial - ok
10:04:29.0375 3180 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:04:29.0376 3180 sermouse - ok
10:04:29.0412 3180 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:04:29.0416 3180 SessionEnv - ok
10:04:29.0444 3180 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:04:29.0445 3180 sffdisk - ok
10:04:29.0457 3180 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:04:29.0458 3180 sffp_mmc - ok
10:04:29.0467 3180 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:04:29.0468 3180 sffp_sd - ok
10:04:29.0485 3180 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:04:29.0486 3180 sfloppy - ok
10:04:29.0522 3180 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:04:29.0529 3180 SharedAccess - ok
10:04:29.0548 3180 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:04:29.0555 3180 ShellHWDetection - ok
10:04:29.0585 3180 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:04:29.0587 3180 SiSRaid2 - ok
10:04:29.0598 3180 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:04:29.0600 3180 SiSRaid4 - ok
10:04:29.0628 3180 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:04:29.0629 3180 Smb - ok
10:04:29.0722 3180 [ C9EE967406D9D5429C53718918164E8A ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
10:04:29.0766 3180 SmcService - ok
10:04:29.0792 3180 [ 7D93DA29D4EBA331187BF5843C9B6497 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
10:04:29.0798 3180 SNAC - ok
10:04:29.0847 3180 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:04:29.0849 3180 SNMPTRAP - ok
10:04:29.0856 3180 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:04:29.0856 3180 spldr - ok
10:04:29.0872 3180 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
10:04:29.0879 3180 Spooler - ok
10:04:29.0971 3180 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:04:30.0048 3180 sppsvc - ok
10:04:30.0076 3180 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:04:30.0079 3180 sppuinotify - ok
10:04:30.0123 3180 [ 02B1685A670E4D48C2D1EE3913C122A4 ] SRTSP C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS
10:04:30.0127 3180 SRTSP - ok
10:04:30.0131 3180 [ C27436186A99B647C38B9EA6EF36E2DB ] SRTSPX C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS
10:04:30.0132 3180 SRTSPX - ok
10:04:30.0165 3180 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:04:30.0171 3180 srv - ok
10:04:30.0183 3180 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:04:30.0187 3180 srv2 - ok
10:04:30.0201 3180 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:04:30.0204 3180 srvnet - ok
10:04:30.0224 3180 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:04:30.0228 3180 SSDPSRV - ok
10:04:30.0240 3180 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:04:30.0244 3180 SstpSvc - ok
10:04:30.0260 3180 StarOpen - ok
10:04:30.0275 3180 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:04:30.0276 3180 stexstor - ok
10:04:30.0300 3180 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:04:30.0308 3180 stisvc - ok
10:04:30.0324 3180 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:04:30.0325 3180 storflt - ok
10:04:30.0347 3180 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:04:30.0348 3180 storvsc - ok
10:04:30.0369 3180 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:04:30.0369 3180 swenum - ok
10:04:30.0385 3180 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:04:30.0392 3180 swprv - ok
10:04:30.0414 3180 [ F017987B177F7BBC989318D59309D091 ] SymDS C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS
10:04:30.0419 3180 SymDS - ok
10:04:30.0441 3180 [ BA589E090506AAE847F128AA6BBB376A ] SymEFA C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS
10:04:30.0451 3180 SymEFA - ok
10:04:30.0472 3180 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:04:30.0473 3180 SymEvent - ok
10:04:30.0493 3180 [ 66B80D43191BA671A9BB8254E8236EB7 ] SymIRON C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS
10:04:30.0494 3180 SymIRON - ok
10:04:30.0509 3180 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SYMNETS C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS
10:04:30.0512 3180 SYMNETS - ok
10:04:30.0515 3180 Synth3dVsc - ok
10:04:30.0574 3180 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:04:30.0612 3180 SysMain - ok
10:04:30.0644 3180 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:04:30.0647 3180 TabletInputService - ok
10:04:30.0656 3180 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:04:30.0664 3180 TapiSrv - ok
10:04:30.0690 3180 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:04:30.0694 3180 TBS - ok
10:04:30.0757 3180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:04:30.0799 3180 Tcpip - ok
10:04:30.0856 3180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:04:30.0872 3180 TCPIP6 - ok
10:04:30.0903 3180 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:04:30.0904 3180 tcpipreg - ok
10:04:30.0936 3180 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:04:30.0936 3180 TDPIPE - ok
10:04:30.0960 3180 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:04:30.0961 3180 TDTCP - ok
10:04:30.0982 3180 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:04:30.0983 3180 tdx - ok
10:04:30.0991 3180 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:04:30.0992 3180 TermDD - ok
10:04:31.0015 3180 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:04:31.0022 3180 TermService - ok
10:04:31.0036 3180 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:04:31.0039 3180 Themes - ok
10:04:31.0065 3180 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:04:31.0066 3180 THREADORDER - ok
10:04:31.0082 3180 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:04:31.0086 3180 TrkWks - ok
10:04:31.0144 3180 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:04:31.0147 3180 TrustedInstaller - ok
10:04:31.0180 3180 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:04:31.0182 3180 tssecsrv - ok
10:04:31.0194 3180 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:04:31.0195 3180 TsUsbFlt - ok
10:04:31.0199 3180 tsusbhub - ok
10:04:31.0220 3180 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:04:31.0222 3180 tunnel - ok
10:04:31.0240 3180 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:04:31.0242 3180 uagp35 - ok
10:04:31.0276 3180 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:04:31.0282 3180 udfs - ok
10:04:31.0298 3180 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:04:31.0301 3180 UI0Detect - ok
10:04:31.0318 3180 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:04:31.0320 3180 uliagpkx - ok
10:04:31.0339 3180 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:04:31.0340 3180 umbus - ok
10:04:31.0355 3180 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:04:31.0356 3180 UmPass - ok
10:04:31.0373 3180 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:04:31.0378 3180 UmRdpService - ok
10:04:31.0398 3180 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:04:31.0406 3180 upnphost - ok
10:04:31.0433 3180 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:04:31.0435 3180 USBAAPL64 - ok
10:04:31.0457 3180 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:04:31.0459 3180 usbaudio - ok
10:04:31.0496 3180 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:04:31.0498 3180 usbccgp - ok
10:04:31.0519 3180 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:04:31.0522 3180 usbcir - ok
10:04:31.0542 3180 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:04:31.0544 3180 usbehci - ok
10:04:31.0564 3180 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
10:04:31.0569 3180 usbhub - ok
10:04:31.0581 3180 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:04:31.0583 3180 usbohci - ok
10:04:31.0613 3180 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:04:31.0615 3180 usbprint - ok
10:04:31.0635 3180 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:04:31.0636 3180 usbscan - ok
10:04:31.0656 3180 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:04:31.0658 3180 USBSTOR - ok
10:04:31.0677 3180 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:04:31.0679 3180 usbuhci - ok
10:04:31.0690 3180 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:04:31.0694 3180 UxSms - ok
10:04:31.0706 3180 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:04:31.0708 3180 VaultSvc - ok
10:04:31.0726 3180 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
10:04:31.0728 3180 VClone - ok
10:04:31.0744 3180 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:04:31.0745 3180 vdrvroot - ok
10:04:31.0781 3180 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:04:31.0791 3180 vds - ok
10:04:31.0808 3180 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:04:31.0809 3180 vga - ok
10:04:31.0820 3180 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:04:31.0820 3180 VgaSave - ok
10:04:31.0825 3180 VGPU - ok
10:04:31.0841 3180 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:04:31.0844 3180 vhdmp - ok
10:04:31.0862 3180 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:04:31.0863 3180 viaide - ok
10:04:31.0881 3180 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:04:31.0885 3180 vmbus - ok
10:04:31.0899 3180 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:04:31.0901 3180 VMBusHID - ok
10:04:31.0915 3180 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:04:31.0917 3180 volmgr - ok
10:04:31.0937 3180 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:04:31.0942 3180 volmgrx - ok
10:04:31.0959 3180 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:04:31.0961 3180 volsnap - ok
10:04:32.0021 3180 [ 3730B7B03E2FD363D63E9327E0E1EBEA ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
10:04:32.0029 3180 vpnagent - ok
10:04:32.0044 3180 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
10:04:32.0045 3180 vpnva - ok
10:04:32.0058 3180 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:04:32.0060 3180 vsmraid - ok
10:04:32.0121 3180 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:04:32.0180 3180 VSS - ok
10:04:32.0195 3180 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:04:32.0196 3180 vwifibus - ok
10:04:32.0234 3180 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:04:32.0241 3180 W32Time - ok
10:04:32.0257 3180 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:04:32.0259 3180 WacomPen - ok
10:04:32.0281 3180 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:04:32.0282 3180 WANARP - ok
10:04:32.0292 3180 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:04:32.0293 3180 Wanarpv6 - ok
10:04:32.0334 3180 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:04:32.0360 3180 WatAdminSvc - ok
10:04:32.0415 3180 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:04:32.0459 3180 wbengine - ok
10:04:32.0491 3180 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:04:32.0516 3180 WbioSrvc - ok
10:04:32.0587 3180 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:04:32.0594 3180 wcncsvc - ok
10:04:32.0608 3180 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:04:32.0611 3180 WcsPlugInService - ok
10:04:32.0621 3180 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:04:32.0622 3180 Wd - ok
10:04:32.0645 3180 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:04:32.0655 3180 Wdf01000 - ok
10:04:32.0668 3180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:04:32.0672 3180 WdiServiceHost - ok
10:04:32.0676 3180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:04:32.0679 3180 WdiSystemHost - ok
10:04:32.0691 3180 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:04:32.0697 3180 WebClient - ok
10:04:32.0714 3180 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:04:32.0719 3180 Wecsvc - ok
10:04:32.0733 3180 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:04:32.0737 3180 wercplsupport - ok
10:04:32.0751 3180 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:04:32.0755 3180 WerSvc - ok
10:04:32.0765 3180 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:04:32.0766 3180 WfpLwf - ok
10:04:32.0781 3180 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:04:32.0782 3180 WIMMount - ok
10:04:32.0805 3180 WinDefend - ok
10:04:32.0811 3180 WinHttpAutoProxySvc - ok
10:04:32.0854 3180 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:04:32.0858 3180 Winmgmt - ok
10:04:32.0906 3180 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:04:32.0949 3180 WinRM - ok
10:04:32.0992 3180 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:04:32.0993 3180 WinUsb - ok
10:04:33.0019 3180 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:04:33.0033 3180 Wlansvc - ok
10:04:33.0119 3180 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:04:33.0162 3180 wlidsvc - ok
10:04:33.0182 3180 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:04:33.0183 3180 WmiAcpi - ok
10:04:33.0212 3180 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:04:33.0215 3180 wmiApSrv - ok
10:04:33.0221 3180 WMPNetworkSvc - ok
10:04:33.0229 3180 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:04:33.0232 3180 WPCSvc - ok
10:04:33.0255 3180 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:04:33.0259 3180 WPDBusEnum - ok
10:04:33.0270 3180 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:04:33.0270 3180 ws2ifsl - ok
10:04:33.0284 3180 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:04:33.0288 3180 wscsvc - ok
10:04:33.0315 3180 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:04:33.0316 3180 WSDPrintDevice - ok
10:04:33.0350 3180 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
10:04:33.0351 3180 WSDScan - ok
10:04:33.0356 3180 WSearch - ok
10:04:33.0439 3180 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:04:33.0484 3180 wuauserv - ok
10:04:33.0519 3180 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:04:33.0521 3180 WudfPf - ok
10:04:33.0548 3180 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:04:33.0550 3180 WUDFRd - ok
10:04:33.0586 3180 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:04:33.0591 3180 wudfsvc - ok
10:04:33.0618 3180 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:04:33.0624 3180 WwanSvc - ok
10:04:33.0650 3180 ================ Scan global ===============================
10:04:33.0674 3180 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:04:33.0715 3180 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:04:33.0728 3180 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:04:33.0760 3180 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:04:33.0777 3180 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:04:33.0780 3180 [Global] - ok
10:04:33.0781 3180 ================ Scan MBR ==================================
10:04:33.0798 3180 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:04:33.0979 3180 \Device\Harddisk0\DR0 - ok
10:04:33.0979 3180 ================ Scan VBR ==================================
10:04:33.0988 3180 [ DFC51ADA16D83C500EC69441D936317F ] \Device\Harddisk0\DR0\Partition1
10:04:33.0990 3180 \Device\Harddisk0\DR0\Partition1 - ok
10:04:33.0993 3180 [ 3AC08DA611D5113CC4D14B5DA691F8E3 ] \Device\Harddisk0\DR0\Partition2
10:04:33.0994 3180 \Device\Harddisk0\DR0\Partition2 - ok
10:04:33.0995 3180 ============================================================
10:04:33.0995 3180 Scan finished
10:04:33.0995 3180 ============================================================
10:04:34.0004 3204 Detected object count: 0
10:04:34.0004 3204 Actual detected object count: 0
10:05:14.0690 1344 Deinitialize success

Attached Files

  • Attached File  MBR.zip   567bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 17 October 2012 - 09:55 AM

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#5 christianne

christianne
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 17 October 2012 - 01:46 PM

Results from FRST below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
Ran by SYSTEM at 17-10-2012 14:38:27
Running from L:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2782096 2010-07-25] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [124200 2007-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Christianne\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Christianne\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\952\g2mstart.exe" "/Trigger RunAtLogon" [39816 2012-06-13] (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Christianne\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1052328 2010-01-07] ( )
2 DokanCEMounter; C:\Program Files\Pogoplug\dokanmnt.exe [132712 2010-04-01] (Cloud Engines)
2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll" /prefetch:1 [167344 2011-06-17] (Symantec Corporation)
3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe" /prefetch:1 [2591232 2011-06-17] (Symantec Corporation)
3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [324528 2011-06-17] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120918.012\BHDrvx64.sys [1385120 2012-09-04] (Symantec Corporation)
2 DokanCEDriver; \??\C:\Program Files\Pogoplug\dokance.sys [65128 2010-04-01] (Cloud Engines)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
3 hitmanpro35; C:\Windows\System32\Drivers\hitmanpro35.sys [25160 2011-09-09] ()
1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120921.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120921.033\ENG64.SYS [126112 2012-09-12] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120921.033\EX64.SYS [2084000 2012-09-12] (Symantec Corporation)
3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [38536 2010-02-23] ()
1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [745592 2011-06-17] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [40568 2011-06-17] (Symantec Corporation)
1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [451192 2011-06-17] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [928888 2011-06-17] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-09] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [170104 2011-06-17] (Symantec Corporation)
1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [386168 2011-06-17] (Symantec Corporation)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-17 14:38 - 2012-10-17 14:38 - 00000000 ____D C:\FRST
2012-10-17 10:32 - 2012-10-17 10:32 - 01458573 ____A (Farbar) C:\Users\Christianne\Downloads\FRST64.exe
2012-10-17 10:24 - 2012-10-17 10:24 - 00028345 ____A C:\Users\Christianne\Documents\FINAL LIST OF 61 Cleansers - FOR LABS WITH LABELING 9.13.2012.xlsx
2012-10-17 06:08 - 2012-10-17 06:08 - 00000567 ____A C:\Users\Christianne\Desktop\MBR.zip
2012-10-17 06:08 - 2012-10-17 06:08 - 00000567 ____A C:\Users\Christianne\Desktop\MBR (2).zip
2012-10-16 16:36 - 2012-10-16 16:37 - 00000000 ____D C:\Users\Christianne\AppData\Local\{9802A828-5E6A-4C94-AA9B-F2928AF22888}
2012-10-16 16:34 - 2012-10-17 06:01 - 00003462 ____A C:\Users\Christianne\Desktop\aswMBR.txt
2012-10-16 16:34 - 2012-10-17 06:01 - 00000512 ____A C:\Users\Christianne\Desktop\MBR.dat
2012-10-16 16:33 - 2012-10-16 16:33 - 04731392 ____A (AVAST Software) C:\Users\Christianne\Downloads\aswMBR.exe
2012-10-16 16:31 - 2012-10-16 16:31 - 00000000 ____D C:\Users\Christianne\Downloads\tdsskiller(1)
2012-10-16 16:30 - 2012-10-16 16:30 - 02194704 ____A C:\Users\Christianne\Downloads\tdsskiller(1).zip
2012-10-16 05:25 - 2012-10-16 05:26 - 00032379 ____A C:\Users\Christianne\Desktop\3209-035US and UK Summary Scores V1-1.xlsx
2012-10-16 05:08 - 2012-10-16 05:08 - 00033688 ____A C:\Users\Christianne\Downloads\US and UK Summary Scores V1-1.xlsx
2012-10-16 03:50 - 2012-10-16 03:50 - 00065536 ____A C:\Users\Christianne\Downloads\US and UK Summary Scores V1-1.xls
2012-10-16 03:47 - 2012-10-16 03:47 - 00098668 ____A C:\Users\Christianne\Desktop\Copy of 3204-425 BBW MET OEs for Coding Export and Corrected File 10-12-12-COMPLETE.xlsx
2012-10-16 03:24 - 2012-10-16 03:24 - 00000000 ____D C:\Users\Christianne\AppData\Local\{ED940092-175C-4E9E-B1A1-AFEE4EC41881}
2012-10-15 18:13 - 2012-10-15 18:13 - 00000000 ____D C:\Windows\pss
2012-10-15 18:07 - 2012-10-15 18:07 - 00681984 ____A C:\Users\Christianne\Downloads\MicrosoftFixit50641.msi
2012-10-15 11:16 - 2012-10-15 18:15 - 00020480 __ASH C:\Users\Christianne\Documents\Thumbs.db
2012-10-15 08:16 - 2012-10-15 10:36 - 00000000 ____D C:\Program Files\Recuva
2012-10-15 08:16 - 2012-10-15 08:16 - 02906880 ____A (Piriform Ltd) C:\Users\Christianne\Downloads\rcsetup143.exe
2012-10-15 08:16 - 2012-10-15 08:16 - 00001620 ____A C:\Users\Public\Desktop\Recuva.lnk
2012-10-15 06:57 - 2012-10-15 06:57 - 00011258 ____A C:\Users\Christianne\Desktop\attach.txt
2012-10-15 06:55 - 2012-10-15 06:56 - 00016819 ____A C:\Users\Christianne\Desktop\dds.txt
2012-10-15 06:53 - 2012-10-15 06:53 - 00706431 ____R (Swearware) C:\Users\Christianne\Desktop\dds.com
2012-10-15 06:53 - 2012-10-15 06:53 - 00050477 ____A C:\Users\Christianne\Downloads\Defogger.exe
2012-10-15 06:53 - 2012-10-15 06:53 - 00000484 ____A C:\Users\Christianne\Downloads\defogger_disable.log
2012-10-15 06:53 - 2012-10-15 06:53 - 00000000 ____A C:\Users\Christianne\defogger_reenable
2012-10-15 06:45 - 2012-08-24 10:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-15 06:44 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-15 06:44 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-15 06:44 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-15 06:44 - 2012-08-24 10:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-15 06:44 - 2012-08-24 10:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-15 06:44 - 2012-08-24 10:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-15 06:44 - 2012-08-24 10:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-15 06:44 - 2012-08-24 10:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-15 06:44 - 2012-08-24 10:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-15 06:44 - 2012-08-24 10:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-15 06:44 - 2012-08-24 10:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-15 06:44 - 2012-08-24 10:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-15 06:44 - 2012-08-24 08:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-15 06:44 - 2012-08-24 08:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-15 06:44 - 2012-08-24 08:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-15 06:44 - 2012-08-24 08:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-15 06:44 - 2012-08-24 08:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-15 06:44 - 2012-08-24 08:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-15 06:44 - 2012-08-24 08:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-15 06:44 - 2012-08-24 08:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-15 06:44 - 2012-08-24 08:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-15 06:44 - 2012-08-24 08:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-15 06:44 - 2012-08-24 07:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-15 06:44 - 2012-08-24 07:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-15 06:43 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-15 06:43 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-15 06:43 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-15 06:43 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-15 06:43 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-15 06:43 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-15 06:41 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-15 06:41 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-15 06:41 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-15 06:41 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-15 06:41 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-15 06:41 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-15 06:34 - 2012-10-15 06:35 - 00000000 ____D C:\Users\Christianne\AppData\Local\{F19CDDEA-418B-4838-952C-1A3E06A4BA2D}
2012-10-15 06:01 - 2012-10-15 06:01 - 00326484 ____A C:\Users\Christianne\Downloads\win7-x64-sm-reset.exe
2012-10-15 05:56 - 2012-10-15 05:56 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Christianne\Downloads\unhide.exe
2012-10-15 05:54 - 2012-10-15 05:54 - 00000000 ____D C:\Users\Christianne\AppData\Local\Macromedia
2012-10-15 05:50 - 2012-10-15 05:50 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-15 05:50 - 2012-10-15 05:50 - 00000000 ____D C:\Users\Christianne\AppData\Local\{CB6585D6-EE1B-4D20-B96F-E4462C2CE32E}
2012-10-15 05:17 - 2012-10-15 05:17 - 00015855 ____A C:\ComboFix.txt
2012-10-15 04:45 - 2012-10-15 04:46 - 00000000 ____D C:\Users\Christianne\AppData\Local\{17DE65B2-1184-4C7A-BE12-834710DEE423}
2012-10-15 04:35 - 2012-10-15 06:00 - 00003424 ____A C:\Users\Christianne\Desktop\unhide.txt
2012-10-15 04:25 - 2012-10-15 04:28 - 00097601 ____A C:\Users\Christianne\Documents\3204-425 BBW MET OEs for Coding Export and Corrected File 10-12-12-COMPLETE.xlsx
2012-10-14 18:25 - 2012-10-14 18:25 - 00000000 ____D C:\Users\TEMP\AppData\Local\Symantec
2012-10-14 16:53 - 2012-10-15 05:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-14 16:30 - 2012-10-14 16:30 - 00000105 ____A C:\Users\Christianne\AppData\Roaming\mbam.context.scan
2012-10-14 16:26 - 2012-10-15 05:43 - 00000000 ____D C:\Users\Christianne\Downloads\tdsskiller
2012-10-14 16:26 - 2012-10-14 16:26 - 02193278 ____A C:\Users\Christianne\Downloads\tdsskiller.zip
2012-10-14 16:08 - 2012-10-14 16:08 - 00000000 ____D C:\Users\Christianne\AppData\Local\{57586BAA-CD5C-4576-B704-5E0700BC976F}
2012-10-14 07:36 - 2012-10-14 07:36 - 00034950 ____A C:\Users\Christianne\Downloads\Hotmail(1).zip
2012-10-12 04:15 - 2012-10-12 04:15 - 00083696 ____A (TODO: <Company name>) C:\Users\Christianne\Documents\stacked 10 attys with 5point scale.xlsx
2012-10-11 12:46 - 2012-10-11 12:46 - 00044033 ____A C:\Users\Christianne\Documents\fmtchartsppt.pptx
2012-10-11 12:44 - 2012-10-11 12:44 - 00088415 ____A C:\Users\Christianne\Downloads\Copy of 3238-001 AD OEs 10-11-12-2-caedit.xlsx
2012-10-11 12:44 - 2012-10-11 12:44 - 00088415 ____A C:\Users\Christianne\Documents\Copy of 3238-001 AD OEs 10-11-12-2-caedit.xlsx
2012-10-11 12:38 - 2012-10-11 12:38 - 00080723 ____A C:\Users\Christianne\Documents\3238-001 AD OEs 10-11-12-2.xlsx
2012-10-11 12:38 - 2012-10-11 12:38 - 00080723 ____A C:\Users\Christianne\Documents\3238-001 AD OEs 10-11-12-1.xlsx
2012-10-11 12:38 - 2012-10-11 12:38 - 00080723 ____A C:\Users\Christianne\Documents\3238-001 AD OEs 10-11-12.xlsx
2012-10-11 12:35 - 2012-10-11 12:35 - 00026938 ____A C:\Users\Christianne\Documents\FMTcharts.xlsx
2012-10-11 11:45 - 2012-10-11 11:45 - 00173366 ____A C:\Users\Christianne\Documents\US and French FMT Full 5 pt Scales for Analysis-1.xlsx
2012-10-11 10:55 - 2012-10-11 10:55 - 00085202 ____A C:\Users\Christianne\Documents\3832-OEs-by-ad-shown.xlsx
2012-10-10 23:24 - 2012-10-10 23:24 - 00000000 ____D C:\Users\Christianne\AppData\Local\{99B103C1-281C-4164-8CEC-AB3691993F2B}
2012-10-10 23:20 - 2012-10-10 23:20 - 00089040 ____A C:\Users\Christianne\Documents\$RV6HU2P.xlsb
2012-10-10 12:20 - 2012-10-10 12:20 - 00163074 ____A C:\Users\Christianne\Documents\3238-001 EL FMT US Full Mix Evaluations Toplines 10-10-12-1.xlsx
2012-10-10 11:16 - 2012-10-10 11:16 - 01418751 ____A C:\Users\Christianne\Documents\Marketing Solutions - Qualitative intro-caedit.pptx
2012-10-10 08:50 - 2012-10-10 08:50 - 00133630 ____A C:\Users\Christianne\Documents\3238-001 Megabrand French FMT Mix Toplines 10-10-12.xlsx
2012-10-10 08:49 - 2012-10-10 08:49 - 00000544 ____A C:\Users\Christianne\Documents\$IRCAMTI.xlsx
2012-10-10 08:49 - 2012-10-10 08:49 - 00000544 ____A C:\Users\Christianne\Documents\$IKG31KR.xlsx
2012-10-10 08:49 - 2012-10-10 08:49 - 00000544 ____A C:\Users\Christianne\Documents\$I4FID9G.xlsx
2012-10-10 08:48 - 2012-10-10 08:48 - 00000544 ____A C:\Users\Christianne\Documents\$IQRSO4K.xlsx
2012-10-10 07:52 - 2012-10-10 07:52 - 00163074 ____A C:\Users\Christianne\Documents\3238-001 EL FMT US Full Mix Evaluations Toplines 10-10-12.xlsx
2012-10-09 14:03 - 2012-10-09 14:03 - 00146919 ____A C:\Users\Christianne\Documents\3238-001 EL FMT US Full Mix Evaluations Toplines 10-9-12.xlsx
2012-10-09 09:38 - 2012-10-09 09:38 - 00060265 ____A C:\Users\Christianne\Documents\Topline Set-up 10-8-12-2.xlsx
2012-10-09 07:40 - 2012-10-09 07:40 - 00060265 ____A C:\Users\Christianne\Documents\Topline Set-up 10-8-12-1.xlsx
2012-10-09 05:21 - 2012-10-09 05:21 - 00043591 ____A C:\Users\Christianne\Documents\Topline Set-up 10-8-12.xlsx
2012-10-04 04:54 - 2012-10-04 04:54 - 00158984 ____A C:\Users\Christianne\Documents\3204-424 OEs for Coding 10-3-12-Complete.xlsx
2012-10-04 04:29 - 2012-10-04 04:29 - 00160721 ____A C:\Users\Christianne\Documents\BK 3204-424 OEs for Coding 10-3-12-Complete.xlsx
2012-10-03 15:27 - 2012-10-03 15:27 - 00145092 ____A C:\Users\Christianne\Documents\Copy of 3204-424 OEs for Coding 10-3-12-FORBRENDA.xlsx
2012-10-02 04:48 - 2012-10-02 04:49 - 08771995 ____A C:\Users\Christianne\Downloads\Attachments_2012_10_2.zip
2012-10-02 03:26 - 2012-10-02 03:26 - 00000000 ____D C:\Users\Christianne\AppData\Local\{91F66B5C-3589-4C4A-9A6D-D91F26EF513C}
2012-09-28 03:40 - 2012-09-28 03:40 - 02366568 ____A C:\Users\Christianne\Documents\TLT-408-Presentation.pptx
2012-09-27 15:57 - 2012-09-27 15:57 - 05152679 ____A C:\Users\Christianne\Documents\fx6Vb1Kd.pdf.part
2012-09-27 07:26 - 2012-09-27 07:26 - 00072700 ____A C:\Users\Christianne\Downloads\theinventionofheterosexualityspr11-110128170006-phpapp02.pptx
2012-09-27 07:14 - 2012-09-27 07:21 - 56205554 ____A C:\Users\Christianne\Downloads\It's Elementary talking about gay issues in school part 2.flv
2012-09-27 07:12 - 2012-09-27 07:19 - 55538540 ____A C:\Users\Christianne\Downloads\It's Elementary talking about gay issues in school part 1.flv
2012-09-27 03:31 - 2012-09-27 03:32 - 14012946 ____A C:\Users\Christianne\Downloads\2.zip
2012-09-27 03:31 - 2012-09-27 03:32 - 12401541 ____A C:\Users\Christianne\Downloads\4.zip
2012-09-27 03:30 - 2012-09-27 03:30 - 14874372 ____A C:\Users\Christianne\Downloads\1.zip
2012-09-26 08:27 - 2012-09-26 08:27 - 00301326 ____A C:\Users\Christianne\Documents\ChartsforELSUPREME.xlsx
2012-09-26 08:23 - 2012-09-26 08:23 - 04583218 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-Final-3.pptx
2012-09-25 15:17 - 2012-09-25 15:17 - 00094816 ____A C:\Users\Christianne\Documents\3204-423 Female OEs for Coding 9-25-12-1-final.xlsx
2012-09-25 09:34 - 2012-09-25 09:34 - 00081868 ____A C:\Users\Christianne\Documents\3204-423 Female OEs for Coding 9-25-12.xlsx
2012-09-25 08:56 - 2012-09-25 08:56 - 00014160 ____A C:\Users\Christianne\Documents\Review-Response Excel.xlsx
2012-09-25 07:38 - 2012-09-25 07:38 - 04584377 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-Final.pptx
2012-09-25 06:11 - 2012-09-25 06:11 - 04585364 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-caeditsNEWAPPENDIX.pptx
2012-09-25 04:48 - 2012-09-25 04:48 - 04584430 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-caedits.pptx
2012-09-25 04:41 - 2012-09-25 04:41 - 00013885 ____A C:\Users\Christianne\Documents\Copy of responding to Jack Lee-caedits.xlsx
2012-09-25 04:39 - 2012-09-25 04:39 - 00018249 ____A C:\Users\Christianne\Documents\Copy of US and Canadian Attribute Analaysis 9-13.xlsx
2012-09-25 04:29 - 2012-09-25 04:29 - 00962048 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25.pptx
2012-09-25 03:48 - 2012-09-25 03:48 - 00036542 ____A C:\Users\Christianne\Documents\Interest Summary.xlsx
2012-09-25 03:41 - 2012-09-25 03:41 - 00018070 ____A C:\Users\Christianne\Documents\US and Canadian Attribute Analaysis 9-13.xlsx
2012-09-25 03:19 - 2012-09-25 03:19 - 00956552 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-AlternateVersion(jtm edited).pptx
2012-09-25 03:18 - 2012-09-25 03:18 - 00013536 ____A C:\Users\Christianne\Documents\responding to Jack Lee.xlsx
2012-09-24 15:27 - 2012-09-24 15:27 - 00918794 ____A C:\Users\Christianne\Documents\supreme-v3-rgsedits.pptx
2012-09-24 14:32 - 2012-09-24 14:32 - 00918250 ____A C:\Users\Christianne\Documents\supreme-v3_1.pptx
2012-09-24 09:43 - 2012-09-24 09:43 - 00000000 ____D C:\Users\Christianne\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-09-24 09:25 - 2012-09-24 09:25 - 00919193 ____A C:\Users\Christianne\Documents\supreme-v3.pptx
2012-09-24 09:21 - 2012-09-24 09:21 - 05216879 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Revised-9.24.pptx
2012-09-23 17:30 - 2012-09-23 17:30 - 05219670 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Revised-9.23.pptx
2012-09-23 05:14 - 2012-09-23 05:14 - 05200854 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Final-revised.pptx
2012-09-21 23:19 - 2012-09-21 23:19 - 00000000 ____D C:\Users\Christianne\AppData\Local\{7BE50E71-553F-46C9-9381-F794C790DC46}
2012-09-21 09:23 - 2012-10-15 05:45 - 00000000 ____D C:\Users\Christianne\AppData\Local\Citrix
2012-09-21 09:23 - 2012-09-21 09:23 - 00267656 ____A (Citrix Online) C:\Users\Christianne\Downloads\Citrix Online Launcher(1).exe
2012-09-21 06:50 - 2012-09-21 06:50 - 05197795 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Final.pptx
2012-09-18 05:36 - 2012-09-18 05:36 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-18 05:36 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-18 05:35 - 2012-10-15 05:45 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-18 05:35 - 2012-10-15 05:45 - 00000000 ____D C:\Program Files\iTunes
2012-09-18 05:35 - 2012-10-15 05:45 - 00000000 ____D C:\Program Files\iPod
2012-09-18 05:35 - 2012-10-15 05:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-18 05:30 - 2012-09-18 05:30 - 00188750 ____A C:\Users\Christianne\Documents\el-charts2.xlsx
2012-09-17 13:44 - 2012-09-17 13:44 - 00000544 ____A C:\Users\Christianne\Documents\$IZUSLYO.xlsb
2012-09-17 10:59 - 2012-09-17 10:59 - 04552717 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V7.pptx
2012-09-17 09:56 - 2012-09-17 09:56 - 04551274 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V6.pptx
2012-09-17 05:00 - 2012-09-17 05:00 - 04548823 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V5 with Greg Comments.pptx

==================== 3 Months Modified Files ==================

2012-10-17 10:35 - 2010-02-23 11:31 - 01135806 ____A C:\Windows\WindowsUpdate.log
2012-10-17 10:32 - 2012-10-17 10:32 - 01458573 ____A (Farbar) C:\Users\Christianne\Downloads\FRST64.exe
2012-10-17 10:24 - 2012-10-17 10:24 - 00028345 ____A C:\Users\Christianne\Documents\FINAL LIST OF 61 Cleansers - FOR LABS WITH LABELING 9.13.2012.xlsx
2012-10-17 10:10 - 2010-12-24 04:18 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 06:08 - 2012-10-17 06:08 - 00000567 ____A C:\Users\Christianne\Desktop\MBR.zip
2012-10-17 06:08 - 2012-10-17 06:08 - 00000567 ____A C:\Users\Christianne\Desktop\MBR (2).zip
2012-10-17 06:01 - 2012-10-16 16:34 - 00003462 ____A C:\Users\Christianne\Desktop\aswMBR.txt
2012-10-17 06:01 - 2012-10-16 16:34 - 00000512 ____A C:\Users\Christianne\Desktop\MBR.dat
2012-10-16 16:43 - 2011-09-09 05:21 - 00006624 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-16 16:43 - 2011-09-09 05:21 - 00006624 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-16 16:36 - 2010-12-24 04:18 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-16 16:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-16 16:35 - 2012-01-14 14:49 - 00771304 ____A C:\Windows\setupact.log
2012-10-16 16:33 - 2012-10-16 16:33 - 04731392 ____A (AVAST Software) C:\Users\Christianne\Downloads\aswMBR.exe
2012-10-16 16:30 - 2012-10-16 16:30 - 02194704 ____A C:\Users\Christianne\Downloads\tdsskiller(1).zip
2012-10-16 05:26 - 2012-10-16 05:25 - 00032379 ____A C:\Users\Christianne\Desktop\3209-035US and UK Summary Scores V1-1.xlsx
2012-10-16 05:08 - 2012-10-16 05:08 - 00033688 ____A C:\Users\Christianne\Downloads\US and UK Summary Scores V1-1.xlsx
2012-10-16 03:50 - 2012-10-16 03:50 - 00065536 ____A C:\Users\Christianne\Downloads\US and UK Summary Scores V1-1.xls
2012-10-16 03:47 - 2012-10-16 03:47 - 00098668 ____A C:\Users\Christianne\Desktop\Copy of 3204-425 BBW MET OEs for Coding Export and Corrected File 10-12-12-COMPLETE.xlsx
2012-10-15 18:21 - 2011-05-09 09:15 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-15 18:15 - 2012-10-15 11:16 - 00020480 __ASH C:\Users\Christianne\Documents\Thumbs.db
2012-10-15 18:07 - 2012-10-15 18:07 - 00681984 ____A C:\Users\Christianne\Downloads\MicrosoftFixit50641.msi
2012-10-15 08:16 - 2012-10-15 08:16 - 02906880 ____A (Piriform Ltd) C:\Users\Christianne\Downloads\rcsetup143.exe
2012-10-15 08:16 - 2012-10-15 08:16 - 00001620 ____A C:\Users\Public\Desktop\Recuva.lnk
2012-10-15 07:23 - 2011-09-19 10:16 - 00381440 __ASH C:\Users\Christianne\Desktop\Thumbs.db
2012-10-15 07:22 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-15 06:57 - 2012-10-15 06:57 - 00011258 ____A C:\Users\Christianne\Desktop\attach.txt
2012-10-15 06:56 - 2012-10-15 06:55 - 00016819 ____A C:\Users\Christianne\Desktop\dds.txt
2012-10-15 06:53 - 2012-10-15 06:53 - 00706431 ____R (Swearware) C:\Users\Christianne\Desktop\dds.com
2012-10-15 06:53 - 2012-10-15 06:53 - 00050477 ____A C:\Users\Christianne\Downloads\Defogger.exe
2012-10-15 06:53 - 2012-10-15 06:53 - 00000484 ____A C:\Users\Christianne\Downloads\defogger_disable.log
2012-10-15 06:53 - 2012-10-15 06:53 - 00000000 ____A C:\Users\Christianne\defogger_reenable
2012-10-15 06:01 - 2012-10-15 06:01 - 00326484 ____A C:\Users\Christianne\Downloads\win7-x64-sm-reset.exe
2012-10-15 06:00 - 2012-10-15 04:35 - 00003424 ____A C:\Users\Christianne\Desktop\unhide.txt
2012-10-15 05:56 - 2012-10-15 05:56 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Christianne\Downloads\unhide.exe
2012-10-15 05:50 - 2012-10-15 05:50 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-15 05:50 - 2011-12-16 05:16 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-15 05:17 - 2012-10-15 05:17 - 00015855 ____A C:\ComboFix.txt
2012-10-15 04:28 - 2012-10-15 04:25 - 00097601 ____A C:\Users\Christianne\Documents\3204-425 BBW MET OEs for Coding Export and Corrected File 10-12-12-COMPLETE.xlsx
2012-10-14 16:30 - 2012-10-14 16:30 - 00000105 ____A C:\Users\Christianne\AppData\Roaming\mbam.context.scan
2012-10-14 16:26 - 2012-10-14 16:26 - 02193278 ____A C:\Users\Christianne\Downloads\tdsskiller.zip
2012-10-14 07:37 - 2011-11-04 05:04 - 00839168 ___SH C:\Users\Christianne\Downloads\Thumbs.db
2012-10-14 07:36 - 2012-10-14 07:36 - 00034950 ____A C:\Users\Christianne\Downloads\Hotmail(1).zip
2012-10-12 04:15 - 2012-10-12 04:15 - 00083696 ____A (TODO: <Company name>) C:\Users\Christianne\Documents\stacked 10 attys with 5point scale.xlsx
2012-10-11 12:46 - 2012-10-11 12:46 - 00044033 ____A C:\Users\Christianne\Documents\fmtchartsppt.pptx
2012-10-11 12:44 - 2012-10-11 12:44 - 00088415 ____A C:\Users\Christianne\Downloads\Copy of 3238-001 AD OEs 10-11-12-2-caedit.xlsx
2012-10-11 12:44 - 2012-10-11 12:44 - 00088415 ____A C:\Users\Christianne\Documents\Copy of 3238-001 AD OEs 10-11-12-2-caedit.xlsx
2012-10-11 12:38 - 2012-10-11 12:38 - 00080723 ____A C:\Users\Christianne\Documents\3238-001 AD OEs 10-11-12-2.xlsx
2012-10-11 12:38 - 2012-10-11 12:38 - 00080723 ____A C:\Users\Christianne\Documents\3238-001 AD OEs 10-11-12-1.xlsx
2012-10-11 12:38 - 2012-10-11 12:38 - 00080723 ____A C:\Users\Christianne\Documents\3238-001 AD OEs 10-11-12.xlsx
2012-10-11 12:35 - 2012-10-11 12:35 - 00026938 ____A C:\Users\Christianne\Documents\FMTcharts.xlsx
2012-10-11 11:45 - 2012-10-11 11:45 - 00173366 ____A C:\Users\Christianne\Documents\US and French FMT Full 5 pt Scales for Analysis-1.xlsx
2012-10-11 10:55 - 2012-10-11 10:55 - 00085202 ____A C:\Users\Christianne\Documents\3832-OEs-by-ad-shown.xlsx
2012-10-10 23:20 - 2012-10-10 23:20 - 00089040 ____A C:\Users\Christianne\Documents\$RV6HU2P.xlsb
2012-10-10 12:20 - 2012-10-10 12:20 - 00163074 ____A C:\Users\Christianne\Documents\3238-001 EL FMT US Full Mix Evaluations Toplines 10-10-12-1.xlsx
2012-10-10 11:16 - 2012-10-10 11:16 - 01418751 ____A C:\Users\Christianne\Documents\Marketing Solutions - Qualitative intro-caedit.pptx
2012-10-10 08:50 - 2012-10-10 08:50 - 00133630 ____A C:\Users\Christianne\Documents\3238-001 Megabrand French FMT Mix Toplines 10-10-12.xlsx
2012-10-10 08:49 - 2012-10-10 08:49 - 00000544 ____A C:\Users\Christianne\Documents\$IRCAMTI.xlsx
2012-10-10 08:49 - 2012-10-10 08:49 - 00000544 ____A C:\Users\Christianne\Documents\$IKG31KR.xlsx
2012-10-10 08:49 - 2012-10-10 08:49 - 00000544 ____A C:\Users\Christianne\Documents\$I4FID9G.xlsx
2012-10-10 08:48 - 2012-10-10 08:48 - 00000544 ____A C:\Users\Christianne\Documents\$IQRSO4K.xlsx
2012-10-10 07:52 - 2012-10-10 07:52 - 00163074 ____A C:\Users\Christianne\Documents\3238-001 EL FMT US Full Mix Evaluations Toplines 10-10-12.xlsx
2012-10-09 14:03 - 2012-10-09 14:03 - 00146919 ____A C:\Users\Christianne\Documents\3238-001 EL FMT US Full Mix Evaluations Toplines 10-9-12.xlsx
2012-10-09 09:38 - 2012-10-09 09:38 - 00060265 ____A C:\Users\Christianne\Documents\Topline Set-up 10-8-12-2.xlsx
2012-10-09 07:40 - 2012-10-09 07:40 - 00060265 ____A C:\Users\Christianne\Documents\Topline Set-up 10-8-12-1.xlsx
2012-10-09 05:21 - 2012-10-09 05:21 - 00043591 ____A C:\Users\Christianne\Documents\Topline Set-up 10-8-12.xlsx
2012-10-04 04:54 - 2012-10-04 04:54 - 00158984 ____A C:\Users\Christianne\Documents\3204-424 OEs for Coding 10-3-12-Complete.xlsx
2012-10-04 04:29 - 2012-10-04 04:29 - 00160721 ____A C:\Users\Christianne\Documents\BK 3204-424 OEs for Coding 10-3-12-Complete.xlsx
2012-10-03 15:27 - 2012-10-03 15:27 - 00145092 ____A C:\Users\Christianne\Documents\Copy of 3204-424 OEs for Coding 10-3-12-FORBRENDA.xlsx
2012-10-02 04:49 - 2012-10-02 04:48 - 08771995 ____A C:\Users\Christianne\Downloads\Attachments_2012_10_2.zip
2012-09-28 03:40 - 2012-09-28 03:40 - 02366568 ____A C:\Users\Christianne\Documents\TLT-408-Presentation.pptx
2012-09-27 15:57 - 2012-09-27 15:57 - 05152679 ____A C:\Users\Christianne\Documents\fx6Vb1Kd.pdf.part
2012-09-27 07:26 - 2012-09-27 07:26 - 00072700 ____A C:\Users\Christianne\Downloads\theinventionofheterosexualityspr11-110128170006-phpapp02.pptx
2012-09-27 07:21 - 2012-09-27 07:14 - 56205554 ____A C:\Users\Christianne\Downloads\It's Elementary talking about gay issues in school part 2.flv
2012-09-27 07:19 - 2012-09-27 07:12 - 55538540 ____A C:\Users\Christianne\Downloads\It's Elementary talking about gay issues in school part 1.flv
2012-09-27 03:32 - 2012-09-27 03:31 - 14012946 ____A C:\Users\Christianne\Downloads\2.zip
2012-09-27 03:32 - 2012-09-27 03:31 - 12401541 ____A C:\Users\Christianne\Downloads\4.zip
2012-09-27 03:30 - 2012-09-27 03:30 - 14874372 ____A C:\Users\Christianne\Downloads\1.zip
2012-09-26 08:27 - 2012-09-26 08:27 - 00301326 ____A C:\Users\Christianne\Documents\ChartsforELSUPREME.xlsx
2012-09-26 08:23 - 2012-09-26 08:23 - 04583218 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-Final-3.pptx
2012-09-25 15:17 - 2012-09-25 15:17 - 00094816 ____A C:\Users\Christianne\Documents\3204-423 Female OEs for Coding 9-25-12-1-final.xlsx
2012-09-25 09:34 - 2012-09-25 09:34 - 00081868 ____A C:\Users\Christianne\Documents\3204-423 Female OEs for Coding 9-25-12.xlsx
2012-09-25 08:56 - 2012-09-25 08:56 - 00014160 ____A C:\Users\Christianne\Documents\Review-Response Excel.xlsx
2012-09-25 07:38 - 2012-09-25 07:38 - 04584377 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-Final.pptx
2012-09-25 06:11 - 2012-09-25 06:11 - 04585364 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-caeditsNEWAPPENDIX.pptx
2012-09-25 04:48 - 2012-09-25 04:48 - 04584430 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25-caedits.pptx
2012-09-25 04:41 - 2012-09-25 04:41 - 00013885 ____A C:\Users\Christianne\Documents\Copy of responding to Jack Lee-caedits.xlsx
2012-09-25 04:39 - 2012-09-25 04:39 - 00018249 ____A C:\Users\Christianne\Documents\Copy of US and Canadian Attribute Analaysis 9-13.xlsx
2012-09-25 04:29 - 2012-09-25 04:29 - 00962048 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-9.25.pptx
2012-09-25 03:48 - 2012-09-25 03:48 - 00036542 ____A C:\Users\Christianne\Documents\Interest Summary.xlsx
2012-09-25 03:41 - 2012-09-25 03:41 - 00018070 ____A C:\Users\Christianne\Documents\US and Canadian Attribute Analaysis 9-13.xlsx
2012-09-25 03:19 - 2012-09-25 03:19 - 00956552 ____A C:\Users\Christianne\Documents\3238-SupremeCutReport-AlternateVersion(jtm edited).pptx
2012-09-25 03:18 - 2012-09-25 03:18 - 00013536 ____A C:\Users\Christianne\Documents\responding to Jack Lee.xlsx
2012-09-24 15:27 - 2012-09-24 15:27 - 00918794 ____A C:\Users\Christianne\Documents\supreme-v3-rgsedits.pptx
2012-09-24 14:32 - 2012-09-24 14:32 - 00918250 ____A C:\Users\Christianne\Documents\supreme-v3_1.pptx
2012-09-24 09:25 - 2012-09-24 09:25 - 00919193 ____A C:\Users\Christianne\Documents\supreme-v3.pptx
2012-09-24 09:21 - 2012-09-24 09:21 - 05216879 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Revised-9.24.pptx
2012-09-23 17:30 - 2012-09-23 17:30 - 05219670 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Revised-9.23.pptx
2012-09-23 05:14 - 2012-09-23 05:14 - 05200854 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Final-revised.pptx
2012-09-21 09:24 - 2012-02-15 13:37 - 00012809 ____A C:\Users\Christianne\Documents\G2MInstX.log
2012-09-21 09:23 - 2012-09-21 09:23 - 00267656 ____A (Citrix Online) C:\Users\Christianne\Downloads\Citrix Online Launcher(1).exe
2012-09-21 06:50 - 2012-09-21 06:50 - 05197795 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-Final.pptx
2012-09-18 05:36 - 2012-09-18 05:36 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-18 05:30 - 2012-09-18 05:30 - 00188750 ____A C:\Users\Christianne\Documents\el-charts2.xlsx
2012-09-17 13:44 - 2012-09-17 13:44 - 00000544 ____A C:\Users\Christianne\Documents\$IZUSLYO.xlsb
2012-09-17 10:59 - 2012-09-17 10:59 - 04552717 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V7.pptx
2012-09-17 09:56 - 2012-09-17 09:56 - 04551274 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V6.pptx
2012-09-17 05:00 - 2012-09-17 05:00 - 04548823 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V5 with Greg Comments.pptx
2012-09-16 20:03 - 2012-09-16 20:03 - 04464251 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V5.pptx
2012-09-16 16:59 - 2012-09-16 16:59 - 00000544 ____A C:\Users\Christianne\Documents\$IKN3FB0.xlsb
2012-09-15 12:01 - 2012-09-15 12:01 - 03776659 ____A C:\Users\Christianne\Documents\3238-EL-SupremeCUT-V4.pptx
2012-09-15 11:03 - 2012-09-15 11:03 - 03574369 ____A C:\Users\Christianne\Documents\EL-SupremeCUT-V3.pptx
2012-09-14 12:18 - 2012-09-14 12:18 - 00060829 ____A C:\Users\Christianne\Documents\3238-002-Overall Interest Slides-Preview.pptx
2012-09-14 11:19 - 2012-10-15 06:43 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-15 06:43 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-13 14:35 - 2012-09-13 14:35 - 03563162 ____A C:\Users\Christianne\Documents\3238-002ELSupremeCUTAnalysis-V2.pptx
2012-09-13 08:33 - 2012-09-13 08:33 - 03524762 ____A C:\Users\Christianne\Documents\3238-002ELSupremeCUTAnalysis-V1.pptx
2012-09-13 07:04 - 2011-04-26 05:12 - 00002217 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2012-09-13 07:03 - 2012-09-13 07:03 - 02962440 ____A C:\Users\Christianne\Downloads\AmazonMP3DownloaderInstall(1).exe
2012-09-12 16:20 - 2012-09-12 16:20 - 00056579 ____A C:\Users\Christianne\Documents\New Brand Concept Statements.pptx
2012-09-12 15:51 - 2012-09-12 15:51 - 00032036 ____A C:\Users\Christianne\Documents\Copy of Sample Interest Chart.xlsx
2012-09-12 15:31 - 2012-09-12 15:31 - 00399185 ____A C:\Users\Christianne\Documents\3202-024 Graph Template Revised 6-11-12 V1-1-1.xlsx
2012-09-12 15:31 - 2012-09-12 15:31 - 00399185 ____A C:\Users\Christianne\Documents\3202-024 Graph Template Revised 6-11-12 V1-1.xlsx
2012-09-12 14:44 - 2012-09-12 14:44 - 00021411 ____A C:\Users\Christianne\Documents\Sample Interest Chart.xlsx
2012-09-12 14:32 - 2012-09-12 14:32 - 00076536 ____A C:\Users\Christianne\Documents\3238-002ELSupremeCUTAnalysis-V1_1.pptx
2012-09-12 14:19 - 2012-09-12 14:19 - 00225084 ____A C:\Users\Christianne\Documents\3238-002 Canadian Topline Tabulations 9-11-12 Corrected.xlsx
2012-09-11 04:22 - 2012-09-11 04:22 - 01483584 ____A (Microsoft Corporation) C:\Users\Christianne\Downloads\WorksConv.exe
2012-09-11 04:20 - 2012-09-11 04:20 - 00017408 ____A C:\Users\Christianne\Downloads\nametest3.wps
2012-09-11 04:20 - 2012-08-23 04:23 - 00000340 ____A C:\Users\Christianne\AppData\Roaming\wklnhst.dat
2012-08-30 10:03 - 2012-10-15 06:44 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-15 06:44 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-15 06:44 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-15 06:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 10:05 - 2012-10-15 06:44 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 10:05 - 2012-10-15 06:44 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 10:05 - 2012-10-15 06:43 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 10:03 - 2012-10-15 06:45 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 10:03 - 2012-10-15 06:44 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 10:03 - 2012-10-15 06:44 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 10:03 - 2012-10-15 06:44 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 10:02 - 2012-10-15 06:44 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 10:02 - 2012-10-15 06:44 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 10:02 - 2012-10-15 06:44 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:57 - 2012-10-15 06:44 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:57 - 2012-10-15 06:44 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 08:57 - 2012-10-15 06:44 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 08:57 - 2012-10-15 06:44 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 08:57 - 2012-10-15 06:44 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 08:57 - 2012-10-15 06:44 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 08:57 - 2012-10-15 06:43 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 08:56 - 2012-10-15 06:44 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 08:56 - 2012-10-15 06:44 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 08:56 - 2012-10-15 06:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 08:56 - 2012-10-15 06:44 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:59 - 2012-10-15 06:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:20 - 2012-10-15 06:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 16:28 - 2012-08-23 16:28 - 00049557 ____A C:\Users\Christianne\Documents\Copy of Screeners.xlsx
2012-08-23 07:24 - 2010-11-21 16:39 - 00060304 ____A C:\Users\Christianne\g2mdlhlpx.exe
2012-08-22 10:12 - 2012-09-12 03:43 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 03:43 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 03:43 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 09:01 - 2012-09-18 05:36 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 09:01 - 2010-02-23 12:05 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 09:01 - 2010-02-23 12:05 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-21 05:44 - 2012-08-21 05:44 - 00193995 ____A C:\Users\Christianne\Documents\3204-Female BM Data for Coding 8-19-12-COMPLETE.xlsx
2012-08-17 13:05 - 2012-08-17 13:05 - 00015277 ____A C:\Users\Christianne\Desktop\The Wild Ones - The Wild Ones - 01 Money, That's What I Want_Searchin'_Oop Poo Pa Do_Twist and Shout_Shop Around - Shortcut.lnk
2012-08-17 13:05 - 2012-08-17 13:05 - 00015104 ____A C:\Users\Christianne\Desktop\The Wild Ones - The Wild Ones - 01 Malaguania_Shortnin' Bread_Scotch and Soda_Dreamy Eyes_Louie Louie - Shortcut.lnk
2012-08-16 02:57 - 2012-08-16 02:57 - 00006766 ____A C:\Windows\DPINST.LOG
2012-08-15 23:21 - 2009-07-13 20:45 - 00381208 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 09:03 - 2012-08-14 09:03 - 00325685 ____A C:\Users\Christianne\Documents\3232-05 Alba and Jason Additional Tabulations 8-8-12.xlsx
2012-08-14 08:58 - 2012-08-14 08:58 - 00132251 ____A C:\Users\Christianne\Documents\3232-05 Alba and Jason Screener Demos UA 8-8-12.xlsx
2012-08-14 05:17 - 2012-08-14 05:17 - 00023799 ____A C:\Users\Christianne\Documents\Scrubs.xlsx
2012-08-14 05:17 - 2012-08-14 05:17 - 00011236 ____A C:\Users\Christianne\Documents\Attribute grid_FINAL.xlsx
2012-08-12 09:01 - 2012-08-12 09:01 - 00085164 ____A (Microsoft Corporation) C:\Users\Christianne\Documents\Copy of 3204-414 Coding and OEs 8-10-12-FINAL.xlsx
2012-08-12 08:36 - 2012-08-12 08:36 - 00086991 ____A (Microsoft Corporation) C:\Users\Christianne\Documents\Copy of 3204-414 Coding and OEs 8-10-12-brenda.xlsx
2012-08-11 19:20 - 2012-08-11 19:20 - 00085576 ____A C:\Users\Christianne\Documents\3204-414 Coding and OEs 8-10-12.xlsx
2012-08-10 16:56 - 2012-10-15 06:43 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-15 06:43 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-09 04:35 - 2012-08-09 04:35 - 00065822 ____A C:\Users\Christianne\Documents\H-C-BottomBoxFocus.pptx
2012-08-08 16:35 - 2012-08-08 16:35 - 00013848 ____A C:\Users\Christianne\Documents\Edited 2012 attendee list.xlsx
2012-08-07 09:41 - 2012-08-07 09:41 - 06209611 ____A C:\Users\Christianne\Documents\3210-164 sums in prog-caedits-V2.pptx
2012-08-07 09:28 - 2012-08-07 09:28 - 06210661 ____A C:\Users\Christianne\Documents\3210-164 sums in prog-caedits_1.pptx
2012-08-07 05:22 - 2012-08-07 05:22 - 01298653 ____A C:\Users\Christianne\Documents\3210-164 sums in prog-caedits.pptx
2012-08-07 03:53 - 2012-08-07 03:53 - 01305279 ____A C:\Users\Christianne\Documents\3210-164 sums in prog.pptx
2012-08-06 16:33 - 2012-08-06 16:33 - 00063392 ____A C:\Users\Christianne\Documents\Q12-23-3232-05 Alba and Jason Bottom Two Boxes ONLY 8-6-12-1.xlsx
2012-08-06 16:22 - 2012-08-06 16:22 - 00062500 ____A C:\Users\Christianne\Documents\3232-05 Alba and Jason Bottom Two Boxes ONLY 8-6-12-1.xlsx
2012-08-06 12:01 - 2012-08-06 12:01 - 00014617 ____A C:\Users\Christianne\Downloads\Q12 Q23 Attributes that Describe the Product Toplines 7-26-12.xlsx
2012-08-06 11:59 - 2012-08-06 11:59 - 00062500 ____A C:\Users\Christianne\Documents\3232-05 Alba and Jason Bottom Two Boxes ONLY 8-6-12.xlsx
2012-08-06 07:46 - 2012-08-06 07:46 - 00014617 ____A C:\Users\Christianne\Documents\Q12 Q23 Attributes that Describe the Product Toplines 7-26-12.xlsx
2012-08-06 04:38 - 2012-02-09 05:49 - 00001371 ____A C:\Users\Christianne\Desktop\GoToMeeting.lnk
2012-08-03 07:51 - 2012-08-03 07:51 - 01771760 ____A C:\Users\Christianne\Documents\3232-05H-CPackageEvaluation-Final8.3.12.pptx
2012-08-03 07:47 - 2012-08-03 07:47 - 01771761 ____A C:\Users\Christianne\Documents\3232-05H-CPackageEvaluation-Final.pptx
2012-08-03 07:39 - 2012-08-03 07:39 - 00040654 ____A C:\Users\Christianne\Documents\Copy of Q12 Q23 Attributes that Describe the Product Toplines 7-26-12-2-3.xlsx
2012-08-03 07:16 - 2012-08-03 07:16 - 00035148 ____A C:\Users\Christianne\Documents\Copy of Q12 Q23 Attributes that Describe the Product Toplines 7-26-12-2.xlsx
2012-08-02 05:23 - 2012-08-02 05:23 - 00821249 ____A C:\Users\Christianne\Documents\3232-05H-CPackageEvaluation-inprogress.pptx
2012-08-02 05:02 - 2012-08-02 05:02 - 02616509 ____A C:\Users\Christianne\Downloads\Summaries (8) for Male SR Test 3210-163-7.31.pptx
2012-07-31 08:50 - 2012-07-31 08:50 - 02619868 ____A C:\Users\Christianne\Documents\Summary for Male SR Test 3210-163-7.31.pptx
2012-07-31 07:22 - 2012-07-31 07:22 - 00064172 ____A C:\Users\Christianne\Documents\Copy of 3204-413 EL Megabrand 5 Coding File-complete.xlsx
2012-07-27 04:16 - 2012-07-27 04:16 - 00155505 ____A C:\Users\Christianne\Downloads\3232-05 Alba and Jason Topline Tabulations 7-27-12.xlsx
2012-07-26 04:38 - 2012-07-26 04:38 - 02371163 ____A C:\Users\Christianne\Documents\3204-406 Summaries-7-12.pptx
2012-07-20 08:08 - 2012-07-20 08:08 - 03254950 ____A C:\Users\Christianne\Documents\3210-165-SummariesThroughFourDays.pptx
2012-07-20 06:32 - 2012-07-20 06:32 - 00093492 ____A C:\Users\Christianne\Documents\3204-407 US LO MET for Coding 7-19-12-COMPLETE.xlsx
2012-07-20 03:19 - 2012-07-20 03:19 - 00048433 ____A C:\Users\Christianne\Documents\3204-401 BM Study for Coding 7-19-12-COMPLETE.xlsx

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6135.12 MB
Available physical RAM: 5457.53 MB
Total Pagefile: 6133.27 MB
Available Pagefile: 5454.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:562.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:6.69 GB) NTFS
9 Drive k: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
10 Drive l: (My Passport) (Fixed) (Total:297.44 GB) (Free:264.18 GB) NTFS
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 297 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 70 MB 31 KB
Partition 2 Primary 15 GB 71 MB
Partition 3 Primary 683 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 70 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C OS NTFS Partition 683 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 297 GB 1024 KB

==================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L My Passport NTFS Partition 297 GB Healthy

=========================================================

Last Boot: 2012-10-16 04:49

==================== End Of Log =============================

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 18 October 2012 - 07:55 AM

Nothing suspicious was found.

Let check further.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#7 christianne

christianne
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 23 October 2012 - 06:35 AM

Hi Nasdaq,

Attached are the three logs you requested. I've had no further problems with the computer since my initial post.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 AM

Posted 23 October 2012 - 01:29 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Sn].txt (n is a number)..
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users