60 replies to this topic

[jsmiley83]

Hello,

I can't seem to get rid of svchost.exe even after running Malwarebytes. Also, my home screen is completely black and none of my icons appear. Any help is greatly appreciated! Below is the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Jennifer at 18:05:29 on 2012-03-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2144 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Jennifer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}\2375942554937333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}\745535745535 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}\8484F6E6F62737430303 : DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\wl46aa3h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Jennifer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-21 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120328.002\IDSviA64.sys [2012-3-29 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-17 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-25 138232]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-13 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-29 23:02:25 20480 ----a-w- C:\Windows\svchost.exe
2012-03-29 22:42:28 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2012-03-29 22:42:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 22:42:19 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 22:42:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 04:02:22 357888 ---ha-w- C:\ProgramData\npMrupI8r1SyAs.exe
2012-03-29 01:00:13 -------- d--h--w- C:\Users\Jennifer\AppData\Local\NPE
2012-03-29 00:47:22 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-28 23:54:09 -------- d--h--w- C:\ProgramData\Spybot - Search & Destroy
2012-03-28 23:54:09 -------- d--h--w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-28 10:03:28 -------- d--h--w- C:\Program Files (x86)\PC Tools
2012-03-28 09:42:00 230952 ---ha-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-28 09:42:00 -------- d--h--w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-28 09:41:02 -------- d--h--w- C:\ProgramData\PC Tools
2012-03-28 09:41:01 -------- d--h--w- C:\Users\Jennifer\AppData\Roaming\TestApp
2012-03-28 09:23:31 742884 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-03-28 05:12:32 -------- d-----we C:\Windows\system64
2012-03-28 05:01:02 -------- d--h--w- C:\Windows\System32\MpEngineStore
2012-03-28 02:56:58 -------- d--h--w- C:\924691b378dba2f4a401c5
2012-03-28 01:45:08 -------- d--h--w- C:\Windows\pss
2012-03-25 23:12:13 738936 ---ha-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-25 23:12:13 451192 ---ha-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-25 23:12:13 405624 ---ha-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-25 23:12:13 37496 ---ha-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-25 23:12:13 190072 ---ha-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-25 23:12:13 167048 ---ha-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-25 23:12:13 1092728 ---ha-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-25 23:11:40 -------- d--h--w- C:\Windows\System32\drivers\NISx64\1306020.00A
2012-03-15 02:08:43 -------- d--h--w- C:\Users\Jennifer\AppData\Local\ElevatedDiagnostics
2012-03-15 01:35:13 -------- d--h--w- C:\Program Files\iPod
2012-03-15 01:35:12 -------- d--h--w- C:\Program Files\iTunes
2012-03-15 01:35:12 -------- d--h--w- C:\Program Files (x86)\iTunes
2012-03-15 01:23:04 34152 ---ha-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-15 01:23:04 126312 ---ha-w- C:\Windows\System32\GEARAspi64.dll
2012-03-15 01:23:04 107368 ---ha-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-15 01:20:31 -------- d--h--w- C:\Program Files\Bonjour
2012-03-15 01:20:31 -------- d--h--w- C:\Program Files (x86)\Bonjour
2012-03-14 10:19:29 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 10:19:26 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-14 10:19:26 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 10:19:26 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-14 10:19:26 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 10:19:26 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-14 10:19:26 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-14 10:19:26 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 10:19:26 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 10:19:26 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 10:19:26 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 10:16:47 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 10:16:47 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 10:16:47 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 10:16:44 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 10:16:44 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 10:16:44 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 10:16:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 08:04:29 175736 ---ha-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-13 08:04:29 -------- d--h--w- C:\Program Files\Symantec
2012-03-13 08:04:29 -------- d--h--w- C:\Program Files\Common Files\Symantec Shared
2012-03-13 07:57:47 -------- d--h--w- C:\Windows\System32\drivers\NISx64
2012-03-13 07:57:43 -------- d--h--w- C:\Program Files (x86)\Norton Internet Security
2012-03-13 07:23:03 -------- d--h--w- C:\Users\Jennifer\AppData\Local\LogMeIn Rescue Applet
.
==================== Find3M ====================
.
2012-02-15 16:01:50 52736 ---ha-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ---ha-w- C:\Windows\System32\usbaaplrc.dll
2012-01-27 03:52:19 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 18:09:33.96 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/28/2011 6:24:34 PM
System Uptime: 3/29/2012 6:01:00 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 143F
Processor: AMD Turion™ II P560 Dual-Core Processor | Socket S1G4 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 443 GiB total, 373.208 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 3.333 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP79: 3/13/2012 1:30:29 AM - Removed Norton Online Backup
RP80: 3/14/2012 7:52:55 PM - Removed iTunes
RP81: 3/14/2012 8:05:57 PM - Removed Bonjour
RP82: 3/14/2012 8:20:47 PM - Installed iTunes
RP83: 3/14/2012 8:32:52 PM - Installed iTunes
RP84: 3/21/2012 8:01:53 PM - Windows Update
RP85: 3/25/2012 2:56:11 PM - Windows Update
RP86: 3/25/2012 5:41:10 PM - Windows Update
RP87: 3/26/2012 9:38:03 PM - Windows Update
RP88: 3/27/2012 8:13:17 PM - Windows Update
RP89: 3/28/2012 4:27:08 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe CreatePDF Desktop Printer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CyberLink DVD Suite
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Fences Pro
Final Drive Nitro
Google Talk Plugin
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Hulu Desktop
IDT Audio
Java Auto Updater
Java™ 6 Update 26
JDownloader 0.9
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
NOOKstudy
Norton Internet Security
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/29/2012 6:08:28 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259
3/29/2012 6:02:03 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
3/29/2012 6:02:03 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
3/29/2012 6:02:03 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
3/29/2012 6:02:02 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/29/2012 6:02:00 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
3/29/2012 6:01:36 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/29/2012 6:01:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/29/2012 6:01:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/29/2012 12:13:10 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
3/29/2012 12:10:07 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 12:07:22 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
3/29/2012 12:07:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/29/2012 12:07:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/29/2012 12:07:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/29/2012 12:07:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/29/2012 12:07:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS ctxusbm discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
3/29/2012 12:07:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 8:23:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
3/28/2012 8:02:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80001cb8703, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032812-23415-01.
3/28/2012 7:51:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/28/2012 5:09:26 AM, Error: PCTCore [280] -
3/28/2012 4:27:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
3/28/2012 4:18:00 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service has not been started.
3/28/2012 11:09:21 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/27/2012 9:55:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffffffffffffd20, 0x0000000000000002, 0x0000000000000000, 0xfffff80002c96dda). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-37284-01.
3/27/2012 9:36:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/27/2012 9:36:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/27/2012 9:08:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca9f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-41496-01.
3/27/2012 9:04:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
3/27/2012 11:59:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c52703, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-28142-01.
3/25/2012 5:51:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).
3/25/2012 5:51:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2660075).
3/25/2012 5:51:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2645640).
3/25/2012 5:51:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2585542).
3/25/2012 5:51:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2633879).
3/25/2012 5:36:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cadf95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032512-44007-01.
.
==== End Of File ===========================

Attached Files

•  DDS.txt   23.81K   4 downloads
•  Attach.txt   15.66K   4 downloads

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

[jsmiley83]

Thank you for your help! Here is the report from Rogue Killer

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jennifer [Admin rights]
Mode: Scan -- Date: 03/31/2012 10:28:33
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 19 ¤¤¤
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll",DllRegisterServer) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR|ZeroAccess ¤¤¤
[ZeroAccess] sys32\consrv.dll present!
¤¤¤ HOSTS File: ¤¤¤
94.63.147.16 www.google.com
94.63.147.17 www.bing.com

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++
--- User ---
[MBR] dfc75eaa2df66eb666799f11eec23228
[BSP] 7a2fd25a4dcf3746bb06d1999951e6ac : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 453246 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 928657408 | Size: 23390 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 580797ef5c37558ece016257181fccee
[BSP] 9605ae167a6691e1d4c45b00d6b59e8d : PiHar MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 453246 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 928657408 | Size: 23390 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

¤¤¤ Infection : Root.MBR|ZeroAccess ¤¤¤
[ZeroAccess] sys32\consrv.dll present!


Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

• There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  
• There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  
• I strongly suggest you back up all of the important items on the system before we continue.

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

--------------------------------------------

Run RogueKiller again and click scan.

Under the Registry tab, make sure these are checked and choose Delete on the right hand column:

¤¤¤ Registry Entries: 19 ¤¤¤
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll",DllRegisterServer) ->

Next, the host file is corrupt, click on Hosts then HostFix on the right:

¤¤¤ HOSTS File: ¤¤¤
94.63.147.16 www.google.com
94.63.147.17 www.bing.com

---------------

Next.......

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[jsmiley83]

TDSSKiller Log:

11:02:18.0787 1272 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:02:19.0099 1272 ============================================================
11:02:19.0099 1272 Current date / time: 2012/03/31 11:02:19.0099
11:02:19.0099 1272 SystemInfo:
11:02:19.0099 1272
11:02:19.0099 1272 OS Version: 6.1.7600 ServicePack: 0.0
11:02:19.0099 1272 Product type: Workstation
11:02:19.0099 1272 ComputerName: JENNIFER-HP
11:02:19.0099 1272 UserName: Jennifer
11:02:19.0099 1272 Windows directory: C:\Windows
11:02:19.0099 1272 System windows directory: C:\Windows
11:02:19.0099 1272 Running under WOW64
11:02:19.0099 1272 Processor architecture: Intel x64
11:02:19.0099 1272 Number of processors: 2
11:02:19.0099 1272 Page size: 0x1000
11:02:19.0099 1272 Boot type: Normal boot
11:02:19.0099 1272 ============================================================
11:02:20.0440 1272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:02:20.0440 1272 \Device\Harddisk0\DR0:
11:02:20.0440 1272 MBR used
11:02:20.0440 1272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:02:20.0440 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3753F000
11:02:20.0440 1272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x375A3000, BlocksNum 0x2DAF000
11:02:20.0440 1272 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
11:02:20.0518 1272 Initialize success
11:02:20.0518 1272 ============================================================
11:02:48.0333 4208 ============================================================
11:02:48.0333 4208 Scan started
11:02:48.0333 4208 Mode: Manual; SigCheck; TDLFS;
11:02:48.0333 4208 ============================================================
11:02:48.0879 4208 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:02:49.0051 4208 1394ohci - ok
11:02:49.0222 4208 Accelerometer (5aa055fe5ae506e19e9a8f537756ee10) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:02:49.0285 4208 Accelerometer - ok
11:02:49.0347 4208 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:02:49.0378 4208 ACPI - ok
11:02:49.0534 4208 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:02:49.0597 4208 AcpiPmi - ok
11:02:49.0815 4208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:02:49.0862 4208 adp94xx - ok
11:02:50.0018 4208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:02:50.0065 4208 adpahci - ok
11:02:50.0112 4208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:02:50.0143 4208 adpu320 - ok
11:02:50.0283 4208 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:02:50.0392 4208 AeLookupSvc - ok
11:02:50.0486 4208 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
11:02:50.0580 4208 AESTFilters - ok
11:02:50.0767 4208 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:02:50.0845 4208 AFD - ok
11:02:50.0985 4208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:02:51.0016 4208 agp440 - ok
11:02:51.0063 4208 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:02:51.0141 4208 ALG - ok
11:02:51.0313 4208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:02:51.0328 4208 aliide - ok
11:02:51.0453 4208 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe
11:02:51.0594 4208 AMD External Events Utility - ok
11:02:51.0765 4208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:02:51.0781 4208 amdide - ok
11:02:51.0828 4208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:02:51.0874 4208 AmdK8 - ok
11:02:52.0296 4208 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys
11:02:52.0654 4208 amdkmdag - ok
11:02:52.0857 4208 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys
11:02:52.0935 4208 amdkmdap - ok
11:02:53.0107 4208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:02:53.0154 4208 AmdPPM - ok
11:02:53.0341 4208 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:02:53.0356 4208 amdsata - ok
11:02:53.0419 4208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:02:53.0450 4208 amdsbs - ok
11:02:53.0622 4208 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:02:53.0653 4208 amdxata - ok
11:02:53.0700 4208 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:02:53.0762 4208 AppID - ok
11:02:53.0887 4208 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:02:53.0996 4208 AppIDSvc - ok
11:02:54.0136 4208 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
11:02:54.0214 4208 Appinfo - ok
11:02:54.0308 4208 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:02:54.0339 4208 Apple Mobile Device - ok
11:02:54.0511 4208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:02:54.0542 4208 arc - ok
11:02:54.0589 4208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:02:54.0604 4208 arcsas - ok
11:02:54.0792 4208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:02:54.0916 4208 AsyncMac - ok
11:02:55.0072 4208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:02:55.0104 4208 atapi - ok
11:02:55.0228 4208 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
11:02:55.0369 4208 athr - ok
11:02:55.0852 4208 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
11:02:55.0868 4208 AtiHdmiService - ok
11:02:56.0024 4208 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
11:02:56.0040 4208 AtiPcie - ok
11:02:56.0102 4208 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:02:56.0196 4208 AudioEndpointBuilder - ok
11:02:56.0211 4208 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:02:56.0258 4208 AudioSrv - ok
11:02:56.0414 4208 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
11:02:56.0476 4208 AxInstSV - ok
11:02:56.0570 4208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:02:56.0632 4208 b06bdrv - ok
11:02:56.0788 4208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:02:56.0882 4208 b57nd60a - ok
11:02:57.0022 4208 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:02:57.0069 4208 BDESVC - ok
11:02:57.0132 4208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:02:57.0241 4208 Beep - ok
11:02:57.0506 4208 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
11:02:57.0568 4208 BHDrvx64 - ok
11:02:57.0709 4208 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
11:02:57.0834 4208 BITS - ok
11:02:57.0990 4208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:02:58.0036 4208 blbdrive - ok
11:02:58.0146 4208 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:02:58.0192 4208 Bonjour Service - ok
11:02:58.0348 4208 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:02:58.0426 4208 bowser - ok
11:02:58.0458 4208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:02:58.0520 4208 BrFiltLo - ok
11:02:58.0676 4208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:02:58.0707 4208 BrFiltUp - ok
11:02:58.0754 4208 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:02:58.0863 4208 Browser - ok
11:02:59.0019 4208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:02:59.0066 4208 Brserid - ok
11:02:59.0113 4208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:02:59.0175 4208 BrSerWdm - ok
11:02:59.0331 4208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:02:59.0394 4208 BrUsbMdm - ok
11:02:59.0440 4208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:02:59.0487 4208 BrUsbSer - ok
11:02:59.0643 4208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:02:59.0706 4208 BTHMODEM - ok
11:02:59.0752 4208 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:02:59.0862 4208 bthserv - ok
11:03:00.0127 4208 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
11:03:00.0158 4208 ccSet_NIS - ok
11:03:00.0205 4208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:03:00.0298 4208 cdfs - ok
11:03:00.0486 4208 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:03:00.0532 4208 cdrom - ok
11:03:00.0688 4208 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:03:00.0798 4208 CertPropSvc - ok
11:03:00.0876 4208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:03:00.0938 4208 circlass - ok
11:03:01.0063 4208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:03:01.0110 4208 CLFS - ok
11:03:01.0156 4208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:01.0188 4208 clr_optimization_v2.0.50727_32 - ok
11:03:01.0281 4208 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:03:01.0297 4208 clr_optimization_v2.0.50727_64 - ok
11:03:01.0359 4208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:03:01.0375 4208 clr_optimization_v4.0.30319_32 - ok
11:03:01.0453 4208 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:03:01.0468 4208 clr_optimization_v4.0.30319_64 - ok
11:03:01.0624 4208 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
11:03:01.0656 4208 clwvd - ok
11:03:01.0749 4208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:03:01.0812 4208 CmBatt - ok
11:03:01.0952 4208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:03:01.0983 4208 cmdide - ok
11:03:02.0030 4208 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:03:02.0108 4208 CNG - ok
11:03:02.0264 4208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:03:02.0295 4208 Compbatt - ok
11:03:02.0342 4208 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:03:02.0498 4208 CompositeBus - ok
11:03:02.0607 4208 COMSysApp - ok
11:03:02.0670 4208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:03:02.0701 4208 crcdisk - ok
11:03:02.0732 4208 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
11:03:02.0857 4208 CryptSvc - ok
11:03:03.0060 4208 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
11:03:03.0091 4208 ctxusbm - ok
11:03:03.0153 4208 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:03:03.0278 4208 DcomLaunch - ok
11:03:03.0403 4208 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:03:03.0512 4208 defragsvc - ok
11:03:03.0590 4208 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:03:03.0668 4208 DfsC - ok
11:03:03.0808 4208 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:03:03.0871 4208 Dhcp - ok
11:03:03.0949 4208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:03:04.0058 4208 discache - ok
11:03:04.0230 4208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:03:04.0245 4208 Disk - ok
11:03:04.0292 4208 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
11:03:04.0339 4208 Dnscache - ok
11:03:04.0448 4208 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:03:04.0557 4208 dot3svc - ok
11:03:04.0573 4208 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:03:04.0651 4208 DPS - ok
11:03:04.0729 4208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:03:04.0760 4208 drmkaud - ok
11:03:04.0932 4208 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:03:04.0994 4208 DXGKrnl - ok
11:03:05.0150 4208 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:03:05.0244 4208 EapHost - ok
11:03:05.0400 4208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:03:05.0540 4208 ebdrv - ok
11:03:05.0680 4208 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:03:05.0712 4208 eeCtrl - ok
11:03:05.0852 4208 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
11:03:05.0899 4208 EFS - ok
11:03:05.0977 4208 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
11:03:06.0039 4208 ehRecvr - ok
11:03:06.0164 4208 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:03:06.0211 4208 ehSched - ok
11:03:06.0320 4208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:03:06.0382 4208 elxstor - ok
11:03:06.0507 4208 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:03:06.0523 4208 EraserUtilRebootDrv - ok
11:03:06.0679 4208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:03:06.0741 4208 ErrDev - ok
11:03:06.0897 4208 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:03:06.0991 4208 EventSystem - ok
11:03:07.0069 4208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:03:07.0178 4208 exfat - ok
11:03:07.0318 4208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:03:07.0396 4208 fastfat - ok
11:03:07.0474 4208 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:03:07.0537 4208 Fax - ok
11:03:07.0693 4208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:03:07.0740 4208 fdc - ok
11:03:07.0802 4208 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:03:07.0864 4208 fdPHost - ok
11:03:07.0958 4208 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:03:08.0067 4208 FDResPub - ok
11:03:08.0145 4208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:03:08.0176 4208 FileInfo - ok
11:03:08.0286 4208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:03:08.0395 4208 Filetrace - ok
11:03:08.0426 4208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:03:08.0473 4208 flpydisk - ok
11:03:08.0520 4208 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:03:08.0551 4208 FltMgr - ok
11:03:08.0691 4208 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
11:03:08.0785 4208 FontCache - ok
11:03:08.0925 4208 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:03:08.0941 4208 FontCache3.0.0.0 - ok
11:03:09.0019 4208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:03:09.0050 4208 FsDepends - ok
11:03:09.0144 4208 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:03:09.0159 4208 Fs_Rec - ok
11:03:09.0253 4208 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:03:09.0300 4208 fvevol - ok
11:03:09.0424 4208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:03:09.0440 4208 gagp30kx - ok
11:03:09.0534 4208 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:03:09.0565 4208 GameConsoleService - ok
11:03:09.0752 4208 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:03:09.0768 4208 GEARAspiWDM - ok
11:03:09.0814 4208 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:03:09.0908 4208 gpsvc - ok
11:03:10.0048 4208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:03:10.0111 4208 hcw85cir - ok
11:03:10.0158 4208 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:03:10.0220 4208 HdAudAddService - ok
11:03:10.0376 4208 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:03:10.0438 4208 HDAudBus - ok
11:03:10.0454 4208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:03:10.0501 4208 HidBatt - ok
11:03:10.0516 4208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:03:10.0579 4208 HidBth - ok
11:03:10.0735 4208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:03:10.0797 4208 HidIr - ok
11:03:10.0844 4208 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:03:10.0922 4208 hidserv - ok
11:03:11.0078 4208 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:03:11.0140 4208 HidUsb - ok
11:03:11.0172 4208 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:03:11.0281 4208 hkmsvc - ok
11:03:11.0406 4208 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:03:11.0468 4208 HomeGroupListener - ok
11:03:11.0499 4208 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:03:11.0546 4208 HomeGroupProvider - ok
11:03:11.0671 4208 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:03:11.0686 4208 HP Support Assistant Service - ok
11:03:11.0796 4208 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:03:11.0811 4208 HP Wireless Assistant Service - ok
11:03:11.0858 4208 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:03:11.0889 4208 HPClientSvc - ok
11:03:12.0108 4208 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:03:12.0123 4208 HPDrvMntSvc.exe - ok
11:03:12.0279 4208 hpdskflt (0ac88fbe4bf315f5f8fd862426c11540) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:03:12.0295 4208 hpdskflt - ok
11:03:12.0404 4208 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:03:12.0451 4208 hpqwmiex - ok
11:03:12.0622 4208 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:03:12.0654 4208 HpSAMD - ok
11:03:12.0669 4208 hpsrv (778ce2c015dec896c5c9323342bd71d4) C:\Windows\system32\Hpservice.exe
11:03:12.0700 4208 hpsrv - ok
11:03:12.0778 4208 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:03:12.0794 4208 HPWMISVC - ok
11:03:12.0966 4208 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:03:13.0059 4208 HTTP - ok
11:03:13.0200 4208 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:03:13.0231 4208 hwpolicy - ok
11:03:13.0293 4208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:03:13.0309 4208 i8042prt - ok
11:03:13.0465 4208 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:03:13.0496 4208 iaStorV - ok
11:03:13.0605 4208 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:03:13.0652 4208 idsvc - ok
11:03:13.0933 4208 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120328.002\IDSvia64.sys
11:03:13.0949 4208 IDSVia64 - ok
11:03:14.0229 4208 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:03:14.0557 4208 igfx - ok
11:03:14.0729 4208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:03:14.0760 4208 iirsp - ok
11:03:14.0838 4208 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:03:14.0947 4208 IKEEXT - ok
11:03:15.0103 4208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:03:15.0134 4208 intelide - ok
11:03:15.0197 4208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:03:15.0243 4208 intelppm - ok
11:03:15.0399 4208 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:03:15.0509 4208 IPBusEnum - ok
11:03:15.0571 4208 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:15.0680 4208 IpFilterDriver - ok
11:03:15.0836 4208 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:03:15.0883 4208 IPMIDRV - ok
11:03:15.0930 4208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:03:16.0039 4208 IPNAT - ok
11:03:16.0133 4208 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
11:03:16.0179 4208 iPod Service - ok
11:03:16.0351 4208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:03:16.0398 4208 IRENUM - ok
11:03:16.0429 4208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:03:16.0445 4208 isapnp - ok
11:03:16.0491 4208 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:03:16.0507 4208 iScsiPrt - ok
11:03:16.0663 4208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:03:16.0694 4208 kbdclass - ok
11:03:16.0725 4208 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:03:16.0788 4208 kbdhid - ok
11:03:16.0913 4208 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:03:16.0944 4208 KeyIso - ok
11:03:17.0022 4208 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:03:17.0053 4208 KSecDD - ok
11:03:17.0225 4208 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:03:17.0256 4208 KSecPkg - ok
11:03:17.0287 4208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:03:17.0381 4208 ksthunk - ok
11:03:17.0521 4208 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:03:17.0630 4208 KtmRm - ok
11:03:17.0693 4208 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
11:03:17.0739 4208 LanmanServer - ok
11:03:17.0880 4208 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:03:17.0973 4208 LanmanWorkstation - ok
11:03:18.0051 4208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:03:18.0161 4208 lltdio - ok
11:03:18.0301 4208 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:03:18.0410 4208 lltdsvc - ok
11:03:18.0457 4208 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:03:18.0519 4208 lmhosts - ok
11:03:18.0691 4208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:03:18.0722 4208 LSI_FC - ok
11:03:18.0753 4208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:03:18.0769 4208 LSI_SAS - ok
11:03:18.0800 4208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:03:18.0816 4208 LSI_SAS2 - ok
11:03:18.0972 4208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:03:19.0003 4208 LSI_SCSI - ok
11:03:19.0034 4208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:03:19.0128 4208 luafv - ok
11:03:19.0331 4208 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:03:19.0346 4208 MBAMProtector - ok
11:03:19.0424 4208 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:03:19.0471 4208 MBAMService - ok
11:03:19.0580 4208 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:03:19.0643 4208 Mcx2Svc - ok
11:03:19.0705 4208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:03:19.0736 4208 megasas - ok
11:03:19.0892 4208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:03:19.0923 4208 MegaSR - ok
11:03:19.0986 4208 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:03:20.0064 4208 MMCSS - ok
11:03:20.0220 4208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:03:20.0298 4208 Modem - ok
11:03:20.0345 4208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:03:20.0391 4208 monitor - ok
11:03:20.0579 4208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:03:20.0594 4208 mouclass - ok
11:03:20.0641 4208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:03:20.0688 4208 mouhid - ok
11:03:20.0844 4208 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:03:20.0875 4208 mountmgr - ok
11:03:20.0906 4208 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:03:20.0922 4208 mpio - ok
11:03:20.0937 4208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:03:20.0984 4208 mpsdrv - ok
11:03:21.0000 4208 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:03:21.0062 4208 MRxDAV - ok
11:03:21.0218 4208 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:21.0312 4208 mrxsmb - ok
11:03:21.0343 4208 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:21.0405 4208 mrxsmb10 - ok
11:03:21.0593 4208 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:21.0624 4208 mrxsmb20 - ok
11:03:21.0655 4208 msahci (d1318d7b87b71003a5c6c7c31ec80288) C:\Windows\system32\DRIVERS\msahci.sys
11:03:21.0686 4208 msahci - ok
11:03:21.0717 4208 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:03:21.0749 4208 msdsm - ok
11:03:21.0873 4208 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:03:21.0936 4208 MSDTC - ok
11:03:22.0014 4208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:03:22.0092 4208 Msfs - ok
11:03:22.0419 4208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:03:22.0529 4208 mshidkmdf - ok
11:03:22.0669 4208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:03:22.0685 4208 msisadrv - ok
11:03:22.0731 4208 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:03:22.0825 4208 MSiSCSI - ok
11:03:22.0919 4208 msiserver - ok
11:03:23.0059 4208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:03:23.0168 4208 MSKSSRV - ok
11:03:23.0231 4208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:03:23.0340 4208 MSPCLOCK - ok
11:03:23.0480 4208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:03:23.0589 4208 MSPQM - ok
11:03:23.0667 4208 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:03:23.0699 4208 MsRPC - ok
11:03:23.0808 4208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:03:23.0823 4208 mssmbios - ok
11:03:23.0933 4208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:03:24.0026 4208 MSTEE - ok
11:03:24.0104 4208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:03:24.0167 4208 MTConfig - ok
11:03:24.0260 4208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:03:24.0291 4208 Mup - ok
11:03:24.0385 4208 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:03:24.0479 4208 napagent - ok
11:03:24.0666 4208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:03:24.0728 4208 NativeWifiP - ok
11:03:24.0962 4208 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120329.002\ENG64.SYS
11:03:24.0978 4208 NAVENG - ok
11:03:25.0290 4208 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120329.002\EX64.SYS
11:03:25.0352 4208 NAVEX15 - ok
11:03:25.0524 4208 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:03:25.0571 4208 NDIS - ok
11:03:25.0742 4208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:03:25.0836 4208 NdisCap - ok
11:03:25.0898 4208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:03:25.0992 4208 NdisTapi - ok
11:03:26.0132 4208 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:03:26.0241 4208 Ndisuio - ok
11:03:26.0273 4208 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:03:26.0351 4208 NdisWan - ok
11:03:26.0366 4208 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:03:26.0460 4208 NDProxy - ok
11:03:26.0616 4208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:03:26.0725 4208 NetBIOS - ok
11:03:26.0772 4208 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:03:26.0881 4208 NetBT - ok
11:03:26.0990 4208 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:03:27.0021 4208 Netlogon - ok
11:03:27.0084 4208 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:03:27.0193 4208 Netman - ok
11:03:27.0333 4208 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:03:27.0443 4208 netprofm - ok
11:03:27.0567 4208 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:03:27.0599 4208 NetTcpPortSharing - ok
11:03:27.0817 4208 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:03:28.0020 4208 netw5v64 - ok
11:03:28.0191 4208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:03:28.0223 4208 nfrd960 - ok
11:03:28.0394 4208 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
11:03:28.0410 4208 NIS - ok
11:03:28.0535 4208 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:03:28.0644 4208 NlaSvc - ok
11:03:28.0691 4208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:03:28.0800 4208 Npfs - ok
11:03:28.0925 4208 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:03:29.0003 4208 nsi - ok
11:03:29.0065 4208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:03:29.0127 4208 nsiproxy - ok
11:03:29.0299 4208 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:03:29.0377 4208 Ntfs - ok
11:03:29.0533 4208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:03:29.0611 4208 Null - ok
11:03:29.0673 4208 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:03:29.0705 4208 nvraid - ok
11:03:29.0845 4208 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:03:29.0876 4208 nvstor - ok
11:03:29.0923 4208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:03:29.0939 4208 nv_agp - ok
11:03:29.0985 4208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:03:30.0048 4208 ohci1394 - ok
11:03:30.0110 4208 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:03:30.0141 4208 ose - ok
11:03:30.0360 4208 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:03:30.0578 4208 osppsvc - ok
11:03:30.0781 4208 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:03:30.0843 4208 p2pimsvc - ok
11:03:30.0906 4208 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:03:30.0937 4208 p2psvc - ok
11:03:31.0077 4208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:03:31.0109 4208 Parport - ok
11:03:31.0155 4208 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:03:31.0171 4208 partmgr - ok
11:03:31.0202 4208 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:03:31.0249 4208 PcaSvc - ok
11:03:31.0389 4208 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:03:31.0436 4208 pci - ok
11:03:31.0467 4208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:03:31.0499 4208 pciide - ok
11:03:31.0530 4208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:03:31.0561 4208 pcmcia - ok
11:03:31.0701 4208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:03:31.0733 4208 pcw - ok
11:03:31.0779 4208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:03:31.0873 4208 PEAUTH - ok
11:03:31.0998 4208 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:03:32.0045 4208 PerfHost - ok
11:03:32.0169 4208 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:03:32.0325 4208 pla - ok
11:03:32.0481 4208 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
11:03:32.0513 4208 PlugPlay - ok
11:03:32.0575 4208 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:03:32.0637 4208 PNRPAutoReg - ok
11:03:32.0778 4208 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:03:32.0809 4208 PNRPsvc - ok
11:03:32.0840 4208 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:03:32.0918 4208 PolicyAgent - ok
11:03:33.0059 4208 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:03:33.0152 4208 Power - ok
11:03:33.0215 4208 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:03:33.0324 4208 PptpMiniport - ok
11:03:33.0464 4208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:03:33.0527 4208 Processor - ok
11:03:33.0573 4208 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
11:03:33.0683 4208 ProfSvc - ok
11:03:33.0854 4208 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:03:33.0885 4208 ProtectedStorage - ok
11:03:33.0963 4208 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:03:34.0041 4208 Psched - ok
11:03:34.0244 4208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:03:34.0307 4208 ql2300 - ok
11:03:34.0447 4208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:03:34.0478 4208 ql40xx - ok
11:03:34.0525 4208 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:03:34.0603 4208 QWAVE - ok
11:03:34.0743 4208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:03:34.0821 4208 QWAVEdrv - ok
11:03:34.0837 4208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:03:34.0915 4208 RasAcd - ok
11:03:35.0071 4208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:03:35.0149 4208 RasAgileVpn - ok
11:03:35.0180 4208 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:03:35.0305 4208 RasAuto - ok
11:03:35.0477 4208 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:03:35.0570 4208 Rasl2tp - ok
11:03:35.0601 4208 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
11:03:35.0711 4208 RasMan - ok
11:03:35.0882 4208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:03:36.0007 4208 RasPppoe - ok
11:03:36.0023 4208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:03:36.0116 4208 RasSstp - ok
11:03:36.0132 4208 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:03:36.0210 4208 rdbss - ok
11:03:36.0366 4208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:03:36.0428 4208 rdpbus - ok
11:03:36.0600 4208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:03:36.0678 4208 RDPCDD - ok
11:03:36.0709 4208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:03:36.0787 4208 RDPENCDD - ok
11:03:36.0959 4208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:03:37.0021 4208 RDPREFMP - ok
11:03:37.0052 4208 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
11:03:37.0115 4208 RDPWD - ok
11:03:37.0286 4208 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
11:03:37.0317 4208 rdyboost - ok
11:03:37.0364 4208 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:03:37.0458 4208 RemoteAccess - ok
11:03:37.0583 4208 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:03:37.0676 4208 RemoteRegistry - ok
11:03:37.0770 4208 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:03:37.0801 4208 RoxioNow Service - ok
11:03:37.0910 4208 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:03:38.0019 4208 RpcEptMapper - ok
11:03:38.0051 4208 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:03:38.0113 4208 RpcLocator - ok
11:03:38.0191 4208 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:03:38.0253 4208 RpcSs - ok
11:03:38.0409 4208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:03:38.0519 4208 rspndr - ok
11:03:38.0690 4208 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
11:03:38.0721 4208 RSUSBSTOR - ok
11:03:38.0784 4208 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:03:38.0815 4208 RTL8167 - ok
11:03:38.0940 4208 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:03:38.0971 4208 SamSs - ok
11:03:39.0033 4208 savpmieh - ok
11:03:39.0065 4208 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:03:39.0096 4208 sbp2port - ok
11:03:39.0221 4208 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:03:39.0314 4208 SCardSvr - ok
11:03:39.0361 4208 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:03:39.0470 4208 scfilter - ok
11:03:39.0611 4208 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
11:03:39.0704 4208 Schedule - ok
11:03:39.0829 4208 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:03:39.0907 4208 SCPolicySvc - ok
11:03:39.0985 4208 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
11:03:40.0016 4208 sdbus - ok
11:03:40.0141 4208 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:03:40.0188 4208 SDRSVC - ok
11:03:40.0266 4208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:03:40.0391 4208 secdrv - ok
11:03:40.0500 4208 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
11:03:40.0625 4208 seclogon - ok
11:03:40.0656 4208 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:03:40.0765 4208 SENS - ok
11:03:40.0781 4208 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:03:40.0827 4208 SensrSvc - ok
11:03:40.0999 4208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:03:41.0061 4208 Serenum - ok
11:03:41.0077 4208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:03:41.0124 4208 Serial - ok
11:03:41.0280 4208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:03:41.0327 4208 sermouse - ok
11:03:41.0389 4208 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
11:03:41.0467 4208 SessionEnv - ok
11:03:41.0592 4208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:03:41.0639 4208 sffdisk - ok
11:03:41.0685 4208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:03:41.0732 4208 sffp_mmc - ok
11:03:41.0889 4208 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:03:41.0936 4208 sffp_sd - ok
11:03:41.0983 4208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:03:42.0014 4208 sfloppy - ok
11:03:42.0170 4208 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:03:42.0279 4208 SharedAccess - ok
11:03:42.0326 4208 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:03:42.0404 4208 ShellHWDetection - ok
11:03:42.0576 4208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:03:42.0607 4208 SiSRaid2 - ok
11:03:42.0638 4208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:03:42.0669 4208 SiSRaid4 - ok
11:03:42.0966 4208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:03:43.0028 4208 Smb - ok
11:03:43.0075 4208 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:03:43.0122 4208 SNMPTRAP - ok
11:03:43.0262 4208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:03:43.0293 4208 spldr - ok
11:03:43.0340 4208 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:03:43.0402 4208 Spooler - ok
11:03:43.0605 4208 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:03:43.0683 4208 sppsvc - ok
11:03:43.0808 4208 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:03:43.0917 4208 sppuinotify - ok
11:03:44.0198 4208 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
11:03:44.0245 4208 SRTSP - ok
11:03:44.0479 4208 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
11:03:44.0510 4208 SRTSPX - ok
11:03:44.0650 4208 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:03:44.0728 4208 srv - ok
11:03:44.0900 4208 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:03:44.0962 4208 srv2 - ok
11:03:45.0181 4208 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:03:45.0228 4208 SrvHsfHDA - ok
11:03:45.0290 4208 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:03:45.0368 4208 SrvHsfV92 - ok
11:03:45.0555 4208 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:03:45.0602 4208 SrvHsfWinac - ok
11:03:45.0742 4208 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:03:45.0805 4208 srvnet - ok
11:03:45.0852 4208 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:03:45.0961 4208 SSDPSRV - ok
11:03:46.0086 4208 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:03:46.0195 4208 SstpSvc - ok
11:03:46.0273 4208 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
11:03:46.0335 4208 STacSV - ok
11:03:46.0491 4208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:03:46.0507 4208 stexstor - ok
11:03:46.0569 4208 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
11:03:46.0647 4208 STHDA - ok
11:03:46.0788 4208 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:03:46.0881 4208 stisvc - ok
11:03:47.0022 4208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:03:47.0053 4208 swenum - ok
11:03:47.0084 4208 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:03:47.0209 4208 swprv - ok
11:03:47.0474 4208 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
11:03:47.0521 4208 SymDS - ok
11:03:47.0802 4208 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
11:03:47.0864 4208 SymEFA - ok
11:03:48.0036 4208 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:03:48.0067 4208 SymEvent - ok
11:03:48.0207 4208 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
11:03:48.0238 4208 SymIRON - ok
11:03:48.0488 4208 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
11:03:48.0519 4208 SymNetS - ok
11:03:48.0706 4208 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
11:03:48.0769 4208 SynTP - ok
11:03:48.0925 4208 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
11:03:49.0050 4208 SysMain - ok
11:03:49.0174 4208 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:03:49.0221 4208 TabletInputService - ok
11:03:49.0252 4208 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:03:49.0346 4208 TapiSrv - ok
11:03:49.0377 4208 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:03:49.0455 4208 TBS - ok
11:03:49.0642 4208 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:03:49.0736 4208 Tcpip - ok
11:03:49.0908 4208 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:03:49.0986 4208 TCPIP6 - ok
11:03:50.0126 4208 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:03:50.0204 4208 tcpipreg - ok
11:03:50.0282 4208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:03:50.0344 4208 TDPIPE - ok
11:03:50.0485 4208 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:03:50.0547 4208 TDTCP - ok
11:03:50.0578 4208 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:03:50.0672 4208 tdx - ok
11:03:50.0828 4208 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:03:50.0859 4208 TermDD - ok
11:03:50.0906 4208 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:03:51.0031 4208 TermService - ok
11:03:51.0156 4208 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:03:51.0218 4208 Themes - ok
11:03:51.0265 4208 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:03:51.0343 4208 THREADORDER - ok
11:03:51.0405 4208 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:03:51.0499 4208 TrkWks - ok
11:03:51.0561 4208 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:03:51.0592 4208 TrustedInstaller - ok
11:03:51.0670 4208 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:03:51.0780 4208 tssecsrv - ok
11:03:51.0936 4208 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:03:52.0045 4208 tunnel - ok
11:03:52.0092 4208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:03:52.0107 4208 uagp35 - ok
11:03:52.0263 4208 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
11:03:52.0310 4208 udfs - ok
11:03:52.0372 4208 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:03:52.0404 4208 UI0Detect - ok
11:03:52.0560 4208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:03:52.0575 4208 uliagpkx - ok
11:03:52.0622 4208 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:03:52.0684 4208 umbus - ok
11:03:52.0840 4208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:03:52.0887 4208 UmPass - ok
11:03:52.0950 4208 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:03:53.0059 4208 upnphost - ok
11:03:53.0340 4208 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:03:53.0371 4208 USBAAPL64 - ok
11:03:53.0402 4208 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
11:03:53.0433 4208 usbccgp - ok
11:03:53.0589 4208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:03:53.0652 4208 usbcir - ok
11:03:53.0698 4208 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
11:03:53.0745 4208 usbehci - ok
11:03:53.0917 4208 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
11:03:53.0948 4208 usbfilter - ok
11:03:53.0979 4208 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
11:03:54.0026 4208 usbhub - ok
11:03:54.0166 4208 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
11:03:54.0198 4208 usbohci - ok
11:03:54.0229 4208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:03:54.0307 4208 usbprint - ok
11:03:54.0447 4208 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:03:54.0494 4208 USBSTOR - ok
11:03:54.0541 4208 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
11:03:54.0572 4208 usbuhci - ok
11:03:54.0744 4208 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
11:03:54.0806 4208 usbvideo - ok
11:03:54.0853 4208 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:03:54.0931 4208 UxSms - ok
11:03:55.0056 4208 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:03:55.0087 4208 VaultSvc - ok
11:03:55.0180 4208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:03:55.0196 4208 vdrvroot - ok
11:03:55.0321 4208 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:03:55.0399 4208 vds - ok
11:03:55.0539 4208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:03:55.0586 4208 vga - ok
11:03:55.0602 4208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:03:55.0711 4208 VgaSave - ok
11:03:55.0867 4208 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:03:55.0898 4208 vhdmp - ok
11:03:55.0945 4208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:03:55.0960 4208 viaide - ok
11:03:55.0992 4208 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:03:56.0023 4208 volmgr - ok
11:03:56.0070 4208 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:03:56.0101 4208 volmgrx - ok
11:03:56.0241 4208 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:03:56.0288 4208 volsnap - ok
11:03:56.0335 4208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:03:56.0350 4208 vsmraid - ok
11:03:56.0506 4208 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:03:56.0600 4208 VSS - ok
11:03:56.0756 4208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:03:56.0818 4208 vwifibus - ok
11:03:56.0881 4208 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:03:56.0943 4208 vwififlt - ok
11:03:57.0099 4208 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:03:57.0130 4208 vwifimp - ok
11:03:57.0177 4208 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:03:57.0271 4208 W32Time - ok
11:03:57.0442 4208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:03:57.0489 4208 WacomPen - ok
11:03:57.0661 4208 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:03:57.0723 4208 WANARP - ok
11:03:57.0723 4208 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:03:57.0754 4208 Wanarpv6 - ok
11:03:57.0864 4208 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:03:57.0926 4208 WatAdminSvc - ok
11:03:58.0082 4208 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:03:58.0176 4208 wbengine - ok
11:03:58.0316 4208 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:03:58.0363 4208 WbioSrvc - ok
11:03:58.0394 4208 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
11:03:58.0456 4208 wcncsvc - ok
11:03:58.0581 4208 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:03:58.0628 4208 WcsPlugInService - ok
11:03:58.0706 4208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:03:58.0722 4208 Wd - ok
11:03:58.0862 4208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:03:58.0924 4208 Wdf01000 - ok
11:03:59.0034 4208 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:03:59.0112 4208 WdiServiceHost - ok
11:03:59.0112 4208 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:03:59.0143 4208 WdiSystemHost - ok
11:03:59.0190 4208 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
11:03:59.0236 4208 WebClient - ok
11:03:59.0377 4208 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:03:59.0486 4208 Wecsvc - ok
11:03:59.0517 4208 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:03:59.0595 4208 wercplsupport - ok
11:03:59.0720 4208 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:03:59.0814 4208 WerSvc - ok
11:03:59.0892 4208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:03:59.0985 4208 WfpLwf - ok
11:04:00.0126 4208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:04:00.0141 4208 WIMMount - ok
11:04:00.0157 4208 WinHttpAutoProxySvc - ok
11:04:00.0219 4208 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:04:00.0313 4208 Winmgmt - ok
11:04:00.0484 4208 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:04:00.0609 4208 WinRM - ok
11:04:00.0781 4208 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:04:00.0843 4208 Wlansvc - ok
11:04:00.0968 4208 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:04:01.0046 4208 wlidsvc - ok
11:04:01.0202 4208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:04:01.0233 4208 WmiAcpi - ok
11:04:01.0296 4208 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:04:01.0358 4208 wmiApSrv - ok
11:04:01.0436 4208 WMPNetworkSvc - ok
11:04:01.0561 4208 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:04:01.0592 4208 WPCSvc - ok
11:04:01.0608 4208 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
11:04:01.0670 4208 WPDBusEnum - ok
11:04:01.0748 4208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:04:01.0826 4208 ws2ifsl - ok
11:04:01.0920 4208 WSearch - ok
11:04:02.0029 4208 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
11:04:02.0138 4208 wuauserv - ok
11:04:02.0372 4208 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:04:02.0450 4208 WudfPf - ok
11:04:02.0466 4208 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:04:02.0528 4208 WUDFRd - ok
11:04:02.0544 4208 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:04:02.0653 4208 wudfsvc - ok
11:04:02.0793 4208 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:04:02.0856 4208 WwanSvc - ok
11:04:02.0965 4208 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:04:03.0027 4208 yukonw7 - ok
11:04:03.0090 4208 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
11:04:03.0121 4208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:04:03.0121 4208 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:04:03.0168 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:04:03.0168 4208 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:04:03.0199 4208 Boot (0x1200) (18347491955cf29deb15fa7c7c808174) \Device\Harddisk0\DR0\Partition0
11:04:03.0199 4208 \Device\Harddisk0\DR0\Partition0 - ok
11:04:03.0214 4208 Boot (0x1200) (e5757913a6cd0a1745621315189cf0cb) \Device\Harddisk0\DR0\Partition1
11:04:03.0230 4208 \Device\Harddisk0\DR0\Partition1 - ok
11:04:03.0261 4208 Boot (0x1200) (b11c07a8a4bda280858180b75cb18401) \Device\Harddisk0\DR0\Partition2
11:04:03.0261 4208 \Device\Harddisk0\DR0\Partition2 - ok
11:04:03.0277 4208 Boot (0x1200) (aebdd64fe74187b05bc4808ea98e1acd) \Device\Harddisk0\DR0\Partition3
11:04:03.0292 4208 \Device\Harddisk0\DR0\Partition3 - ok
11:04:03.0292 4208 ============================================================
11:04:03.0292 4208 Scan finished
11:04:03.0292 4208 ============================================================
11:04:03.0308 4856 Detected object count: 2
11:04:03.0308 4856 Actual detected object count: 2
11:04:40.0405 4856 \Device\Harddisk0\DR0\# - copied to quarantine
11:04:40.0405 4856 \Device\Harddisk0\DR0 - copied to quarantine
11:04:40.0436 4856 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:04:40.0452 4856 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:04:40.0483 4856 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:04:40.0498 4856 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:04:40.0498 4856 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:04:40.0498 4856 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:04:40.0498 4856 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:04:40.0498 4856 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:04:40.0514 4856 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:04:40.0514 4856 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:04:40.0514 4856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:04:40.0514 4856 \Device\Harddisk0\DR0 - ok
11:04:41.0466 4856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:04:41.0466 4856 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:04:41.0466 4856 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:05:01.0246 1428 Deinitialize success

[MrCharlie]

Great, TDSSKiller took care of two rootkits.

Please do this.......

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[jsmiley83]

ComboFix 12-03-31.02 - Jennifer 03/31/2012 11:44:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1854 [GMT -5:00]
Running from: C:\Users\Jennifer\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\ProgramData\~czasnhomoCqfGN
C:\ProgramData\~czasnhomoCqfGNr
C:\ProgramData\~npMrupI8r1SyAs
C:\ProgramData\~npMrupI8r1SyAsr
C:\ProgramData\czasnhomoCqfGN
C:\ProgramData\npMrupI8r1SyAs
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DDEF2A98-0D11-46DE-B87B-16164A2F0E95}.xps
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
C:\Users\Jennifer\Desktop\System Check.lnk
C:\Users\Jennifer\Documents\~WRL0001.tmp
C:\Users\Jennifer\Documents\~WRL0002.tmp
C:\Users\Jennifer\Documents\~WRL0003.tmp
C:\Users\Jennifer\Documents\~WRL3350.tmp
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\svchost.exe
C:\Windows\system32\consrv.dll
C:\Windows\system32\dds_trash_log.cmd
C:\Windows\System64
Infected copy of C:\Windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))

2012-03-31 16:56:32 . 2012-03-31 16:56:32 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-03-31 16:04:40 . 2012-03-31 16:04:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 22:42:28 . 2012-03-29 22:42:28 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2012-03-29 22:42:20 . 2012-03-29 22:42:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 22:42:19 . 2012-03-29 22:42:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 22:42:19 . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-03-29 01:00:13 . 2012-03-29 01:18:38 -------- d--h--w- C:\Users\Jennifer\AppData\Local\NPE
2012-03-28 23:54:09 . 2012-03-29 05:16:05 -------- d--h--w- C:\ProgramData\Spybot - Search & Destroy
2012-03-28 23:54:09 . 2012-03-29 05:16:05 -------- d--h--w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-28 10:03:28 . 2012-03-29 00:39:32 -------- d--h--w- C:\Program Files (x86)\PC Tools
2012-03-28 09:42:00 . 2012-03-29 00:39:32 -------- d--h--w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-28 09:42:00 . 2012-02-24 15:36:50 230952 ---ha-w- C:\Windows\system32\drivers\PCTSD64.sys
2012-03-28 09:41:02 . 2012-03-29 00:36:49 -------- d--h--w- C:\ProgramData\PC Tools
2012-03-28 09:41:01 . 2012-03-28 09:41:01 -------- d--h--w- C:\Users\Jennifer\AppData\Roaming\TestApp
2012-03-28 09:23:31 . 2012-03-31 16:11:30 742884 ----a-w- C:\Windows\system32\PerfStringBackup.TMP
2012-03-28 05:01:02 . 2012-03-28 07:36:33 -------- d--h--w- C:\Windows\system32\MpEngineStore
2012-03-28 02:56:58 . 2012-03-28 02:56:58 -------- d-----w- C:\924691b378dba2f4a401c5
2012-03-15 02:08:43 . 2012-03-15 02:08:43 -------- d--h--w- C:\Users\Jennifer\AppData\Local\ElevatedDiagnostics
2012-03-15 01:35:13 . 2012-03-15 01:35:13 -------- d--h--w- C:\Program Files\iPod
2012-03-15 01:35:12 . 2012-03-15 01:35:47 -------- d--h--w- C:\Program Files\iTunes
2012-03-15 01:35:12 . 2012-03-15 01:35:47 -------- d--h--w- C:\Program Files (x86)\iTunes
2012-03-15 01:23:04 . 2009-05-18 18:17:08 34152 ---ha-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-03-15 01:23:04 . 2008-04-17 17:12:54 126312 ---ha-w- C:\Windows\system32\GEARAspi64.dll
2012-03-15 01:23:04 . 2008-04-17 17:12:54 107368 ---ha-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-15 01:20:31 . 2012-03-15 01:20:33 -------- d--h--w- C:\Program Files\Bonjour
2012-03-15 01:20:31 . 2012-03-15 01:20:33 -------- d--h--w- C:\Program Files (x86)\Bonjour
2012-03-14 10:19:29 . 2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 10:19:26 . 2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 10:19:26 . 2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 10:19:26 . 2012-02-10 06:17:54 902656 ----a-w- C:\Windows\system32\d2d1.dll
2012-03-14 10:19:26 . 2012-02-10 06:17:54 320512 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 10:19:26 . 2012-02-10 06:17:54 197120 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 10:19:26 . 2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 10:19:26 . 2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 10:19:26 . 2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 10:19:26 . 2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 10:19:26 . 2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 10:16:47 . 2012-01-25 06:27:11 76288 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-03-14 10:16:47 . 2012-01-25 06:27:11 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-03-14 10:16:47 . 2012-01-25 06:20:59 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 10:16:44 . 2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-03-14 10:16:44 . 2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 10:16:44 . 2012-02-15 04:47:21 204800 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 10:16:44 . 2012-02-15 04:46:59 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-03-13 08:04:29 . 2012-03-25 23:12:29 -------- d--h--w- C:\Program Files\Symantec
2012-03-13 08:04:29 . 2012-03-25 23:12:28 175736 ---ha-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-13 08:04:29 . 2012-03-13 08:04:29 -------- d--h--w- C:\Program Files\Common Files\Symantec Shared
2012-03-13 07:57:47 . 2012-03-26 03:48:11 -------- d--h--w- C:\Windows\system32\drivers\NISx64
2012-03-13 07:57:43 . 2012-03-13 07:57:47 -------- d--h--w- C:\Program Files (x86)\Norton Internet Security
2012-03-13 07:23:03 . 2012-03-14 01:46:55 -------- d--h--w- C:\Users\Jennifer\AppData\Local\LogMeIn Rescue Applet
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-02-15 16:01:50 . 2012-02-15 16:01:50 52736 ---ha-w- C:\Windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01:50 . 2012-02-15 16:01:50 4547944 ---ha-w- C:\Windows\system32\usbaaplrc.dll
2012-02-04 01:11:20 . 2012-02-04 01:11:20 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\1AFD.tmp
2012-02-04 01:11:20 . 2012-02-04 01:11:20 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\1ADD.tmp
2012-01-27 03:52:19 . 2011-05-23 13:54:46 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 06:03:22 98304]
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 22:12:28 439568]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 06:51:18 37296]
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 23:03:22 300472]
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 20:20:36 586296]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 17:59:52 254696]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 02:28:32 59240]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 20:28:52 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 00:05:34 421736]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 19:53:18 460872]
C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
R1 savpmieh;savpmieh;C:\Windows\system32\drivers\savpmieh.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 19:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 03:34:24 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 23:59:42 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys [x]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120328.002\IDSvia64.sys [2012-03-13 20:44:28 488568]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-09-14 23:57:26 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 23:10:28 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 21:33:00 103992]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 02:51:08 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 21:52:16 103992]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 20:20:34 26680]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 19:53:18 652360]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 05:18:36 138232]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 09:02:22 399344]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-13 07:28:13 138360]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]

Contents of the 'Scheduled Tasks' folder
2012-03-31 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3121252428-3529659432-1314562668-1001Core.job
- C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 08:46:24 . 2011-10-10 08:46:23]
2012-03-31 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3121252428-3529659432-1314562668-1001UA.job
- C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 08:46:24 . 2011-10-10 08:46:23]
2012-03-28 C:\Windows\Tasks\HPCeeScheduleForJennifer.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15:40 . 2010-09-14 05:15:40]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53:46 2210304 ---ha-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53:46 2210304 ---ha-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53:46 2210304 ---ha-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53:46 2210304 ---ha-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53:46 2210304 ---ha-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 01:16:26 611896]
"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 21:33:00 8192]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2010-09-14 23:57:38 487424]
"combofix"="C:\ComboFix\CF21355.3XE" [2009-07-14 01:39:01 344576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 17:43:20 464744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fcprintservice
oracle_load_balancer_60_server-forms6ip9
ELhid
tmmbd
CTMFLT
fsbwsys
websensecamserver
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\wl46aa3h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
- - - - ORPHANS REMOVED - - - -
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - C:\Program Files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

[MrCharlie]

Please upload this file to VirusTotal for a free scan and let me know the results, just copy back the url.

C:\Windows\system32\drivers\savpmieh.sys

http://www.virustotal.com/

You may have to enable hidden files to see it:

http://www.bleepingc...s-in-windows-7/

MrC

[jsmiley83]

Hi, even after enabling hidden files I still cannot find that file to upload.

[MrCharlie]

OK...Please do this.....

Please download SystemLook from the link below and save it to your Desktop.
http://jpshortstuff....temLook_x64.exe

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :Filefind
  savpmieh.sys
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

[jsmiley83]

ystemLook 30.07.11 by jpshortstuff
Log created at 12:56 on 31/03/2012 by Jennifer
Administrator - Elevation successful
========== Filefind ==========
Searching for "savpmieh.sys"
No files found.
-= EOF =-

[MrCharlie]

OK, lets do this

Delete your copy of TDSSKiller and download a fresh one and run it as before, post the log.

Then delete you copy of ComboFix and download a fresh copy to your desktop.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

Quote

File::
C:\Windows\system32\drivers\savpmieh.sys
Driver::
savpmieh

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[jsmiley83]

I'm typing from my phone right now. I deleted and redownloaded and reran. TDSS killer but now Windows won't reload. The logo pops upend then my computer restarts and suggests I do startup repair. If I select start windows normally it does the same thing over again.

[MrCharlie]

Can you do the startup repair? MrC

[jsmiley83]

Yes I'm running it right now but it's taking a little while. Is that normal?

[jsmiley83]

The startup repair finished but it is still doing the same thing. Should I do a system restore?

[jsmiley83]

The startup repair finished but it is still doing the same thing. Should I do a system restore?

[MrCharlie]

Yes try a system restore, MrC

[jsmiley83]

Sorry, it took a really long time for the system restore to finish but it's finally done. It restored back to the ComboFix restore point from earlier today. What should I do next? Thanks again for all your help with this.

[MrCharlie]

I warned you about this infection, it's nasty!!

Did TDSSKiller create a new log, if so can you post it, MrC