Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Facebook Application/About:Blank


  • This topic is locked This topic is locked
38 replies to this topic

#1 Makura

Makura

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 24 August 2012 - 10:18 PM

Hi I have previously posted this topic in another area of bleepingcomputer due to my belief that I did not have a virus, just a software conflict. I was advised otherwise and told to post a new topic here. This is a link to the previous topic and all the things I tried to rectify it: Here

To begin, I have no other issues with my computer except in facebook. I can enter the facebook site fine, logging in is no problem at all. However everytime I try to use an application like farmville then it starts to get a little crazy. The app will start then flash immediatly to a blank screen with the html About:Blank for less than a second, then flash to a partial facebook log in screen, then repeat the process. I've attempted to stop all processes at the log in screen and refresh or log in but it does not work. Strangly I have run rkill and it partially works, it says there are no problems but i will be able to enter the app, but i will not be able to post to my wall. The fix will stop working after a few hours and again rkill will temporarily fix it. the rkill log is in the link provided above. Again, I have not experienced this problem at any time other than facebook apps. Hope you can help me.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Melissa at 17:51:55 on 2012-08-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.5806 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe
C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.fanfiction.net/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
uRun: [Akamai NetSession Interface] "C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 137.118.1.29 137.118.1.32
TCP: Interfaces\{5022411B-8E2C-4080-A40B-C9ED656D2EDD} : DhcpNameServer = 137.118.1.29 137.118.1.32
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-25 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSviA64.sys [2012-8-24 512672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-3 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 sj;sj;C:\AeriaGames\EdenEternal\sjcs64.sys [2012-4-26 47224]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2012-5-21 89560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-23 00:22:56 -------- d-----w- C:\Users\Melissa\AppData\Local\ElevatedDiagnostics
2012-08-21 06:28:52 388096 ----a-r- C:\Users\Melissa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-21 06:28:52 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-16 07:03:34 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-16 07:03:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-16 07:03:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-16 07:03:00 140920 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-08-16 01:28:09 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-16 01:28:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 01:28:06 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 01:28:06 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 01:28:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 01:28:06 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 01:27:17 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 01:27:17 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 01:27:17 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 01:27:17 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 01:27:16 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 00:56:08 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-08-15 00:56:08 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys
2012-08-15 00:56:08 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys
2012-08-15 00:56:08 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-08-15 00:56:08 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys
2012-08-15 00:56:08 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys
2012-08-15 00:56:08 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys
2012-08-15 00:56:03 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E
2012-08-11 16:03:50 4199520 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-08-11 16:03:13 4774 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-08-11 16:03:12 5265 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-08-11 16:02:38 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-08-07 15:23:17 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Malwarebytes
2012-08-07 15:23:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-07 15:23:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-07 15:23:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-26 01:13:48 -------- d-----w- C:\Program Files\Speccy
.
==================== Find3M ====================
.
2012-08-16 00:19:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 00:19:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 17:52:31.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 29 August 2012 - 10:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/466378 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Makura

Makura
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 29 August 2012 - 11:38 PM

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Melissa at 0:28:53 on 2012-08-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.6220 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe
C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.fanfiction.net/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
uRun: [Akamai NetSession Interface] "C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 137.118.1.29 137.118.1.32
TCP: Interfaces\{5022411B-8E2C-4080-A40B-C9ED656D2EDD} : DhcpNameServer = 137.118.1.29 137.118.1.32
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-25 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-6-18 1161376]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120829.001\IDSviA64.sys [2012-8-29 512672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-3 250568]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 sj;sj;C:\AeriaGames\EdenEternal\sjcs64.sys [2012-4-26 47224]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2012-5-21 89560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-29 04:39:46 -------- d-----w- C:\ProgramData\Recovery
2012-08-23 00:22:56 -------- d-----w- C:\Users\Melissa\AppData\Local\ElevatedDiagnostics
2012-08-21 06:28:52 388096 ----a-r- C:\Users\Melissa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-21 06:28:52 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-16 07:03:34 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-16 07:03:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-16 07:03:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-16 07:03:00 140920 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-08-16 01:28:09 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-16 01:28:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 01:28:06 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 01:28:06 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 01:28:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 01:28:06 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 01:27:17 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 01:27:17 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 01:27:17 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 01:27:17 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 01:27:16 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 00:56:08 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-08-15 00:56:08 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys
2012-08-15 00:56:08 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys
2012-08-15 00:56:08 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-08-15 00:56:08 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys
2012-08-15 00:56:08 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys
2012-08-15 00:56:08 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys
2012-08-15 00:56:03 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E
2012-08-11 16:03:50 4199520 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-08-11 16:03:13 4774 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-08-11 16:03:12 5265 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-08-11 16:02:38 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-08-07 15:23:17 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Malwarebytes
2012-08-07 15:23:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-07 15:23:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-07 15:23:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-08-25 16:17:49 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 16:17:49 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 0:29:21.77 ===============

#4 Makura

Makura
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 29 August 2012 - 11:40 PM

first attachment didnt work. Sorry.

Attached Files



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:23 PM

Posted 30 August 2012 - 09:46 PM

Hello Makura, and welcome back to the MRT forums!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

I understand your problem lies with running a facebook application...farmville, correct?

Have you tried just uninstalling and reinstalling the application?

Regardless of your answer, let's check for any rootkits involved here!

==========

But first, a warning:

:step1:

Online Gaming Warning!

Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

More specifically, I noticed you had WildTangent on your computer.
WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.

==========

:step2:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

==========

:step3:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

In your next reply, please include the following:

  • The TDSSKiller log
  • The aswMBR log
bloopie

#6 Makura

Makura
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 31 August 2012 - 09:12 AM

I did try uninstalling and reinstalling the program. It didnt do anything sadly.
TDSS Log:

10:11:11.0055 0896 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:11:13.0067 0896 ============================================================
10:11:13.0067 0896 Current date / time: 2012/08/31 10:11:13.0067
10:11:13.0067 0896 SystemInfo:
10:11:13.0067 0896
10:11:13.0067 0896 OS Version: 6.1.7601 ServicePack: 1.0
10:11:13.0067 0896 Product type: Workstation
10:11:13.0067 0896 ComputerName: MELISSA-HP
10:11:13.0067 0896 UserName: Melissa
10:11:13.0067 0896 Windows directory: C:\Windows
10:11:13.0067 0896 System windows directory: C:\Windows
10:11:13.0067 0896 Running under WOW64
10:11:13.0067 0896 Processor architecture: Intel x64
10:11:13.0067 0896 Number of processors: 4
10:11:13.0067 0896 Page size: 0x1000
10:11:13.0067 0896 Boot type: Normal boot
10:11:13.0067 0896 ============================================================
10:11:14.0050 0896 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:11:14.0066 0896 ============================================================
10:11:14.0066 0896 \Device\Harddisk0\DR0:
10:11:14.0066 0896 MBR partitions:
10:11:14.0066 0896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:11:14.0066 0896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7252A800
10:11:14.0066 0896 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7255D000, BlocksNum 0x21A9000
10:11:14.0066 0896 ============================================================
10:11:14.0097 0896 C: <-> \Device\Harddisk0\DR0\Partition2
10:11:14.0128 0896 D: <-> \Device\Harddisk0\DR0\Partition3
10:11:14.0128 0896 ============================================================
10:11:14.0128 0896 Initialize success
10:11:14.0128 0896 ============================================================
10:11:22.0271 4904 ============================================================
10:11:22.0271 4904 Scan started
10:11:22.0271 4904 Mode: Manual;
10:11:22.0271 4904 ============================================================
10:11:23.0316 4904 ================ Scan system memory ========================
10:11:23.0316 4904 System memory - ok
10:11:23.0316 4904 ================ Scan services =============================
10:11:23.0488 4904 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:11:23.0488 4904 1394ohci - ok
10:11:23.0535 4904 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:11:23.0550 4904 ACPI - ok
10:11:23.0566 4904 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:11:23.0566 4904 AcpiPmi - ok
10:11:23.0706 4904 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:11:23.0706 4904 AdobeFlashPlayerUpdateSvc - ok
10:11:23.0753 4904 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:11:23.0769 4904 adp94xx - ok
10:11:23.0847 4904 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:11:23.0847 4904 adpahci - ok
10:11:23.0878 4904 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:11:23.0878 4904 adpu320 - ok
10:11:23.0909 4904 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:11:23.0909 4904 AeLookupSvc - ok
10:11:23.0956 4904 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:11:23.0956 4904 AFD - ok
10:11:23.0987 4904 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:11:23.0987 4904 agp440 - ok
10:11:24.0003 4904 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:11:24.0018 4904 ALG - ok
10:11:24.0050 4904 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:11:24.0050 4904 aliide - ok
10:11:24.0081 4904 [ A592CA3EC9A5AF7F74D5169D556B976F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:24.0096 4904 AMD External Events Utility - ok
10:11:24.0112 4904 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:11:24.0112 4904 amdide - ok
10:11:24.0143 4904 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:11:24.0143 4904 AmdK8 - ok
10:11:24.0299 4904 [ 1512CEEDC3657082F396A0818528B5E8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:24.0362 4904 amdkmdag - ok
10:11:24.0377 4904 [ 3D00276750E2D6F35228E12868CF1A46 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:24.0377 4904 amdkmdap - ok
10:11:24.0408 4904 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:11:24.0408 4904 AmdPPM - ok
10:11:24.0424 4904 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:11:24.0424 4904 amdsata - ok
10:11:24.0440 4904 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:11:24.0440 4904 amdsbs - ok
10:11:24.0455 4904 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:11:24.0455 4904 amdxata - ok
10:11:24.0471 4904 [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
10:11:24.0471 4904 amd_sata - ok
10:11:24.0502 4904 [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
10:11:24.0502 4904 amd_xata - ok
10:11:24.0533 4904 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:11:24.0533 4904 AppID - ok
10:11:24.0549 4904 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:11:24.0564 4904 AppIDSvc - ok
10:11:24.0580 4904 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:11:24.0580 4904 Appinfo - ok
10:11:24.0611 4904 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:11:24.0611 4904 arc - ok
10:11:24.0627 4904 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:11:24.0627 4904 arcsas - ok
10:11:24.0705 4904 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:11:24.0705 4904 aspnet_state - ok
10:11:24.0736 4904 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:24.0736 4904 AsyncMac - ok
10:11:24.0752 4904 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:11:24.0752 4904 atapi - ok
10:11:24.0783 4904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:24.0798 4904 AudioEndpointBuilder - ok
10:11:24.0814 4904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:11:24.0814 4904 AudioSrv - ok
10:11:24.0845 4904 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:11:24.0861 4904 AxInstSV - ok
10:11:24.0892 4904 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:11:24.0908 4904 b06bdrv - ok
10:11:24.0923 4904 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:24.0923 4904 b57nd60a - ok
10:11:25.0001 4904 [ 28A4012E68BC9597BCB9B26B51AAC4B6 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:11:25.0001 4904 BBSvc - ok
10:11:25.0032 4904 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:11:25.0032 4904 BBUpdate - ok
10:11:25.0126 4904 [ FDE8C8DC07E75347E4C6B455A0964217 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
10:11:25.0142 4904 BCM43XX - ok
10:11:25.0173 4904 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:11:25.0188 4904 BDESVC - ok
10:11:25.0220 4904 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:11:25.0220 4904 Beep - ok
10:11:25.0235 4904 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:11:25.0251 4904 BFE - ok
10:11:25.0407 4904 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx64.sys
10:11:25.0422 4904 BHDrvx64 - ok
10:11:25.0454 4904 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:11:25.0454 4904 BITS - ok
10:11:25.0485 4904 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:11:25.0485 4904 blbdrive - ok
10:11:25.0500 4904 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:11:25.0500 4904 bowser - ok
10:11:25.0516 4904 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:11:25.0516 4904 BrFiltLo - ok
10:11:25.0532 4904 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:11:25.0532 4904 BrFiltUp - ok
10:11:25.0563 4904 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:11:25.0578 4904 Browser - ok
10:11:25.0594 4904 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:11:25.0610 4904 Brserid - ok
10:11:25.0610 4904 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:25.0625 4904 BrSerWdm - ok
10:11:25.0625 4904 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:25.0625 4904 BrUsbMdm - ok
10:11:25.0656 4904 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:25.0656 4904 BrUsbSer - ok
10:11:25.0688 4904 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:11:25.0688 4904 BthEnum - ok
10:11:25.0703 4904 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:11:25.0703 4904 BTHMODEM - ok
10:11:25.0719 4904 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:11:25.0719 4904 BthPan - ok
10:11:25.0734 4904 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:11:25.0750 4904 BTHPORT - ok
10:11:25.0766 4904 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:11:25.0766 4904 bthserv - ok
10:11:25.0781 4904 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:11:25.0781 4904 BTHUSB - ok
10:11:25.0828 4904 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
10:11:25.0844 4904 BTWAMPFL - ok
10:11:25.0859 4904 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:11:25.0859 4904 btwaudio - ok
10:11:25.0890 4904 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
10:11:25.0890 4904 btwavdt - ok
10:11:25.0968 4904 [ 1AD3A2BAF31C4327DCBB2B0ECA4A23BB ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:11:25.0984 4904 btwdins - ok
10:11:25.0984 4904 [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:11:25.0984 4904 btwl2cap - ok
10:11:26.0000 4904 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:11:26.0000 4904 btwrchid - ok
10:11:26.0046 4904 [ A3AD13CA2747953DDD4C9AE4FB925BEC ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
10:11:26.0046 4904 CalendarSynchService - ok
10:11:26.0109 4904 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
10:11:26.0109 4904 ccSet_NIS - ok
10:11:26.0140 4904 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:11:26.0140 4904 cdfs - ok
10:11:26.0187 4904 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:11:26.0187 4904 cdrom - ok
10:11:26.0202 4904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:11:26.0218 4904 CertPropSvc - ok
10:11:26.0249 4904 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:11:26.0249 4904 circlass - ok
10:11:26.0280 4904 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:11:26.0280 4904 CLFS - ok
10:11:26.0327 4904 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:26.0343 4904 clr_optimization_v2.0.50727_32 - ok
10:11:26.0374 4904 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:26.0374 4904 clr_optimization_v2.0.50727_64 - ok
10:11:26.0436 4904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:26.0468 4904 clr_optimization_v4.0.30319_32 - ok
10:11:26.0483 4904 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:26.0514 4904 clr_optimization_v4.0.30319_64 - ok
10:11:26.0546 4904 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:11:26.0546 4904 CmBatt - ok
10:11:26.0561 4904 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:11:26.0561 4904 cmdide - ok
10:11:26.0592 4904 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:11:26.0608 4904 CNG - ok
10:11:26.0624 4904 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:11:26.0624 4904 Compbatt - ok
10:11:26.0639 4904 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:11:26.0655 4904 CompositeBus - ok
10:11:26.0670 4904 COMSysApp - ok
10:11:26.0702 4904 [ A398ED024F739E7BE74ECFFA8A713A89 ] CpqDfw C:\Windows\system32\drivers\CpqDfw.sys
10:11:26.0702 4904 CpqDfw - ok
10:11:26.0733 4904 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:11:26.0733 4904 crcdisk - ok
10:11:26.0764 4904 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:11:26.0780 4904 CryptSvc - ok
10:11:26.0826 4904 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:11:26.0842 4904 cvhsvc - ok
10:11:26.0889 4904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:11:26.0904 4904 DcomLaunch - ok
10:11:26.0920 4904 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:11:26.0936 4904 defragsvc - ok
10:11:26.0967 4904 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:11:26.0967 4904 DfsC - ok
10:11:26.0982 4904 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:11:26.0998 4904 Dhcp - ok
10:11:27.0029 4904 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:11:27.0029 4904 discache - ok
10:11:27.0060 4904 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:11:27.0060 4904 Disk - ok
10:11:27.0092 4904 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:11:27.0107 4904 Dnscache - ok
10:11:27.0138 4904 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:11:27.0138 4904 dot3svc - ok
10:11:27.0170 4904 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:11:27.0185 4904 DPS - ok
10:11:27.0201 4904 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:11:27.0201 4904 drmkaud - ok
10:11:27.0248 4904 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:11:27.0248 4904 DXGKrnl - ok
10:11:27.0279 4904 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:11:27.0279 4904 EapHost - ok
10:11:27.0357 4904 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:11:27.0372 4904 ebdrv - ok
10:11:27.0419 4904 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:11:27.0435 4904 eeCtrl - ok
10:11:27.0450 4904 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:11:27.0450 4904 EFS - ok
10:11:27.0497 4904 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:11:27.0513 4904 ehRecvr - ok
10:11:27.0544 4904 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:11:27.0560 4904 ehSched - ok
10:11:27.0606 4904 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:11:27.0606 4904 elxstor - ok
10:11:27.0653 4904 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:11:27.0653 4904 EraserUtilRebootDrv - ok
10:11:27.0684 4904 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:11:27.0684 4904 ErrDev - ok
10:11:27.0716 4904 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:11:27.0716 4904 EventSystem - ok
10:11:27.0747 4904 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:11:27.0747 4904 exfat - ok
10:11:27.0762 4904 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:11:27.0762 4904 fastfat - ok
10:11:27.0778 4904 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:11:27.0794 4904 Fax - ok
10:11:27.0825 4904 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:11:27.0825 4904 fdc - ok
10:11:27.0825 4904 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:11:27.0825 4904 fdPHost - ok
10:11:27.0840 4904 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:11:27.0856 4904 FDResPub - ok
10:11:27.0872 4904 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:11:27.0872 4904 FileInfo - ok
10:11:27.0903 4904 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:11:27.0903 4904 Filetrace - ok
10:11:27.0903 4904 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:11:27.0918 4904 flpydisk - ok
10:11:27.0934 4904 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:11:27.0934 4904 FltMgr - ok
10:11:27.0996 4904 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:11:28.0012 4904 FontCache - ok
10:11:28.0059 4904 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:28.0059 4904 FontCache3.0.0.0 - ok
10:11:28.0090 4904 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:11:28.0090 4904 FsDepends - ok
10:11:28.0106 4904 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:11:28.0106 4904 Fs_Rec - ok
10:11:28.0137 4904 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:11:28.0137 4904 fvevol - ok
10:11:28.0152 4904 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:11:28.0152 4904 gagp30kx - ok
10:11:28.0199 4904 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:11:28.0199 4904 GamesAppService - ok
10:11:28.0246 4904 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:11:28.0262 4904 gpsvc - ok
10:11:28.0277 4904 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:11:28.0277 4904 hcw85cir - ok
10:11:28.0308 4904 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:28.0324 4904 HdAudAddService - ok
10:11:28.0355 4904 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:11:28.0355 4904 HDAudBus - ok
10:11:28.0371 4904 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:11:28.0371 4904 HidBatt - ok
10:11:28.0386 4904 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:11:28.0386 4904 HidBth - ok
10:11:28.0402 4904 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:11:28.0402 4904 HidIr - ok
10:11:28.0418 4904 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:11:28.0433 4904 hidserv - ok
10:11:28.0464 4904 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:11:28.0464 4904 HidUsb - ok
10:11:28.0480 4904 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:11:28.0480 4904 hkmsvc - ok
10:11:28.0496 4904 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:28.0496 4904 HomeGroupListener - ok
10:11:28.0527 4904 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:28.0527 4904 HomeGroupProvider - ok
10:11:28.0558 4904 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:11:28.0574 4904 HP Support Assistant Service - ok
10:11:28.0620 4904 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
10:11:28.0620 4904 HPAuto - ok
10:11:28.0652 4904 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:11:28.0667 4904 HPClientSvc - ok
10:11:28.0698 4904 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:11:28.0698 4904 HPDrvMntSvc.exe - ok
10:11:28.0730 4904 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:11:28.0745 4904 hpqwmiex - ok
10:11:28.0776 4904 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:11:28.0776 4904 HpSAMD - ok
10:11:28.0823 4904 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:11:28.0839 4904 HTTP - ok
10:11:28.0854 4904 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:11:28.0854 4904 hwpolicy - ok
10:11:28.0886 4904 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:11:28.0886 4904 i8042prt - ok
10:11:28.0917 4904 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:11:28.0932 4904 iaStorV - ok
10:11:28.0964 4904 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:28.0964 4904 idsvc - ok
10:11:29.0042 4904 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120830.001\IDSvia64.sys
10:11:29.0042 4904 IDSVia64 - ok
10:11:29.0166 4904 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:11:29.0213 4904 igfx - ok
10:11:29.0213 4904 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:11:29.0229 4904 iirsp - ok
10:11:29.0260 4904 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:11:29.0260 4904 IKEEXT - ok
10:11:29.0400 4904 [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:11:29.0432 4904 IntcAzAudAddService - ok
10:11:29.0463 4904 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:11:29.0463 4904 intelide - ok
10:11:29.0494 4904 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
10:11:29.0494 4904 intelppm - ok
10:11:29.0510 4904 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:11:29.0525 4904 IPBusEnum - ok
10:11:29.0541 4904 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:29.0541 4904 IpFilterDriver - ok
10:11:29.0556 4904 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:11:29.0588 4904 iphlpsvc - ok
10:11:29.0588 4904 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:11:29.0588 4904 IPMIDRV - ok
10:11:29.0588 4904 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:11:29.0588 4904 IPNAT - ok
10:11:29.0619 4904 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:11:29.0619 4904 IRENUM - ok
10:11:29.0634 4904 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:11:29.0650 4904 isapnp - ok
10:11:29.0666 4904 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:11:29.0666 4904 iScsiPrt - ok
10:11:29.0681 4904 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:29.0681 4904 kbdclass - ok
10:11:29.0697 4904 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:29.0697 4904 kbdhid - ok
10:11:29.0712 4904 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:11:29.0712 4904 KeyIso - ok
10:11:29.0744 4904 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:11:29.0744 4904 KSecDD - ok
10:11:29.0759 4904 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:11:29.0759 4904 KSecPkg - ok
10:11:29.0775 4904 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:11:29.0775 4904 ksthunk - ok
10:11:29.0790 4904 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:11:29.0806 4904 KtmRm - ok
10:11:29.0822 4904 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:11:29.0837 4904 LanmanServer - ok
10:11:29.0868 4904 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:29.0868 4904 LanmanWorkstation - ok
10:11:29.0900 4904 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:11:29.0900 4904 lltdio - ok
10:11:29.0931 4904 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:11:29.0931 4904 lltdsvc - ok
10:11:29.0962 4904 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:11:29.0978 4904 lmhosts - ok
10:11:30.0009 4904 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:11:30.0009 4904 LSI_FC - ok
10:11:30.0024 4904 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:11:30.0024 4904 LSI_SAS - ok
10:11:30.0040 4904 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:11:30.0040 4904 LSI_SAS2 - ok
10:11:30.0071 4904 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:11:30.0071 4904 LSI_SCSI - ok
10:11:30.0087 4904 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:11:30.0087 4904 luafv - ok
10:11:30.0134 4904 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:11:30.0134 4904 Mcx2Svc - ok
10:11:30.0149 4904 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:11:30.0149 4904 megasas - ok
10:11:30.0180 4904 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:11:30.0180 4904 MegaSR - ok
10:11:30.0196 4904 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:11:30.0196 4904 MMCSS - ok
10:11:30.0212 4904 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:11:30.0212 4904 Modem - ok
10:11:30.0243 4904 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:11:30.0243 4904 monitor - ok
10:11:30.0258 4904 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:11:30.0258 4904 mouclass - ok
10:11:30.0274 4904 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:11:30.0274 4904 mouhid - ok
10:11:30.0305 4904 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:11:30.0305 4904 mountmgr - ok
10:11:30.0336 4904 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:11:30.0336 4904 mpio - ok
10:11:30.0352 4904 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:11:30.0352 4904 mpsdrv - ok
10:11:30.0383 4904 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:11:30.0414 4904 MpsSvc - ok
10:11:30.0414 4904 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:11:30.0430 4904 MRxDAV - ok
10:11:30.0446 4904 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:30.0446 4904 mrxsmb - ok
10:11:30.0461 4904 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:30.0477 4904 mrxsmb10 - ok
10:11:30.0492 4904 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:30.0492 4904 mrxsmb20 - ok
10:11:30.0508 4904 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:11:30.0508 4904 msahci - ok
10:11:30.0524 4904 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:11:30.0524 4904 msdsm - ok
10:11:30.0539 4904 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:11:30.0555 4904 MSDTC - ok
10:11:30.0570 4904 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:11:30.0586 4904 Msfs - ok
10:11:30.0586 4904 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:11:30.0602 4904 mshidkmdf - ok
10:11:30.0617 4904 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:11:30.0617 4904 msisadrv - ok
10:11:30.0648 4904 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:11:30.0664 4904 MSiSCSI - ok
10:11:30.0680 4904 msiserver - ok
10:11:30.0695 4904 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:11:30.0695 4904 MSKSSRV - ok
10:11:30.0711 4904 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:30.0711 4904 MSPCLOCK - ok
10:11:30.0726 4904 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:11:30.0726 4904 MSPQM - ok
10:11:30.0742 4904 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:11:30.0742 4904 MsRPC - ok
10:11:30.0758 4904 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:11:30.0758 4904 mssmbios - ok
10:11:30.0773 4904 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:11:30.0773 4904 MSTEE - ok
10:11:30.0789 4904 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:11:30.0789 4904 MTConfig - ok
10:11:30.0804 4904 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:11:30.0804 4904 Mup - ok
10:11:30.0836 4904 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:11:30.0836 4904 napagent - ok
10:11:30.0867 4904 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:11:30.0867 4904 NativeWifiP - ok
10:11:30.0945 4904 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120830.017\ENG64.SYS
10:11:30.0945 4904 NAVENG - ok
10:11:30.0992 4904 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120830.017\EX64.SYS
10:11:31.0007 4904 NAVEX15 - ok
10:11:31.0054 4904 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:11:31.0070 4904 NDIS - ok
10:11:31.0085 4904 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:31.0085 4904 NdisCap - ok
10:11:31.0101 4904 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:31.0101 4904 NdisTapi - ok
10:11:31.0116 4904 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:31.0116 4904 Ndisuio - ok
10:11:31.0132 4904 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:31.0132 4904 NdisWan - ok
10:11:31.0132 4904 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:11:31.0132 4904 NDProxy - ok
10:11:31.0148 4904 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:11:31.0148 4904 NetBIOS - ok
10:11:31.0163 4904 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:11:31.0163 4904 NetBT - ok
10:11:31.0179 4904 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:11:31.0179 4904 Netlogon - ok
10:11:31.0226 4904 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:11:31.0226 4904 Netman - ok
10:11:31.0257 4904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:31.0257 4904 NetMsmqActivator - ok
10:11:31.0257 4904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:31.0257 4904 NetPipeActivator - ok
10:11:31.0272 4904 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:11:31.0288 4904 netprofm - ok
10:11:31.0288 4904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:31.0288 4904 NetTcpActivator - ok
10:11:31.0288 4904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:31.0288 4904 NetTcpPortSharing - ok
10:11:31.0304 4904 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:11:31.0304 4904 nfrd960 - ok
10:11:31.0382 4904 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
10:11:31.0382 4904 NIS - ok
10:11:31.0413 4904 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:11:31.0428 4904 NlaSvc - ok
10:11:31.0506 4904 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:11:31.0522 4904 NOBU - ok
10:11:31.0538 4904 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:11:31.0553 4904 Npfs - ok
10:11:31.0569 4904 npggsvc - ok
10:11:31.0600 4904 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:11:31.0600 4904 nsi - ok
10:11:31.0616 4904 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:11:31.0616 4904 nsiproxy - ok
10:11:31.0678 4904 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:11:31.0678 4904 Ntfs - ok
10:11:31.0694 4904 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:11:31.0694 4904 Null - ok
10:11:31.0725 4904 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:11:31.0725 4904 nvraid - ok
10:11:31.0740 4904 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:11:31.0740 4904 nvstor - ok
10:11:31.0756 4904 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:11:31.0756 4904 nv_agp - ok
10:11:31.0772 4904 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:11:31.0772 4904 ohci1394 - ok
10:11:31.0787 4904 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:31.0803 4904 ose - ok
10:11:31.0928 4904 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:11:31.0974 4904 osppsvc - ok
10:11:32.0006 4904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:11:32.0021 4904 p2pimsvc - ok
10:11:32.0037 4904 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:11:32.0037 4904 p2psvc - ok
10:11:32.0068 4904 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:11:32.0068 4904 Parport - ok
10:11:32.0084 4904 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:11:32.0084 4904 partmgr - ok
10:11:32.0099 4904 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:11:32.0099 4904 PcaSvc - ok
10:11:32.0130 4904 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:11:32.0130 4904 pci - ok
10:11:32.0146 4904 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:11:32.0146 4904 pciide - ok
10:11:32.0162 4904 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:11:32.0162 4904 pcmcia - ok
10:11:32.0177 4904 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:11:32.0193 4904 pcw - ok
10:11:32.0208 4904 pdfcDispatcher - ok
10:11:32.0240 4904 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:11:32.0240 4904 PEAUTH - ok
10:11:32.0302 4904 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:11:32.0318 4904 PerfHost - ok
10:11:32.0396 4904 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:11:32.0411 4904 pla - ok
10:11:32.0458 4904 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:11:32.0458 4904 PlugPlay - ok
10:11:32.0474 4904 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:11:32.0489 4904 PNRPAutoReg - ok
10:11:32.0505 4904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:11:32.0505 4904 PNRPsvc - ok
10:11:32.0536 4904 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:11:32.0552 4904 PolicyAgent - ok
10:11:32.0583 4904 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:11:32.0598 4904 Power - ok
10:11:32.0630 4904 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:11:32.0630 4904 PptpMiniport - ok
10:11:32.0645 4904 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:11:32.0661 4904 Processor - ok
10:11:32.0692 4904 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:11:32.0708 4904 ProfSvc - ok
10:11:32.0723 4904 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:32.0723 4904 ProtectedStorage - ok
10:11:32.0739 4904 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:11:32.0739 4904 Psched - ok
10:11:32.0786 4904 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:11:32.0801 4904 ql2300 - ok
10:11:32.0817 4904 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:11:32.0817 4904 ql40xx - ok
10:11:32.0832 4904 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:11:32.0832 4904 QWAVE - ok
10:11:32.0848 4904 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:11:32.0848 4904 QWAVEdrv - ok
10:11:32.0864 4904 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:11:32.0864 4904 RasAcd - ok
10:11:32.0864 4904 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:32.0864 4904 RasAgileVpn - ok
10:11:32.0879 4904 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:11:32.0895 4904 RasAuto - ok
10:11:32.0910 4904 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:32.0910 4904 Rasl2tp - ok
10:11:32.0910 4904 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:11:32.0926 4904 RasMan - ok
10:11:32.0957 4904 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:32.0957 4904 RasPppoe - ok
10:11:32.0973 4904 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:11:32.0973 4904 RasSstp - ok
10:11:32.0988 4904 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:11:32.0988 4904 rdbss - ok
10:11:32.0988 4904 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
10:11:32.0988 4904 rdpbus - ok
10:11:33.0004 4904 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:33.0004 4904 RDPCDD - ok
10:11:33.0020 4904 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:11:33.0020 4904 RDPENCDD - ok
10:11:33.0035 4904 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:11:33.0035 4904 RDPREFMP - ok
10:11:33.0066 4904 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:11:33.0066 4904 RDPWD - ok
10:11:33.0082 4904 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:11:33.0082 4904 rdyboost - ok
10:11:33.0113 4904 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:11:33.0113 4904 RemoteAccess - ok
10:11:33.0113 4904 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:11:33.0129 4904 RemoteRegistry - ok
10:11:33.0160 4904 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:11:33.0160 4904 RFCOMM - ok
10:11:33.0191 4904 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:11:33.0207 4904 RpcEptMapper - ok
10:11:33.0222 4904 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:11:33.0222 4904 RpcLocator - ok
10:11:33.0254 4904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:11:33.0269 4904 RpcSs - ok
10:11:33.0285 4904 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:11:33.0285 4904 rspndr - ok
10:11:33.0316 4904 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:11:33.0316 4904 RTL8167 - ok
10:11:33.0332 4904 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:11:33.0332 4904 SamSs - ok
10:11:33.0347 4904 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:11:33.0347 4904 sbp2port - ok
10:11:33.0363 4904 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:11:33.0363 4904 SCardSvr - ok
10:11:33.0394 4904 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:11:33.0394 4904 scfilter - ok
10:11:33.0410 4904 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:11:33.0425 4904 Schedule - ok
10:11:33.0456 4904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:11:33.0456 4904 SCPolicySvc - ok
10:11:33.0472 4904 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:11:33.0472 4904 sdbus - ok
10:11:33.0488 4904 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:11:33.0488 4904 SDRSVC - ok
10:11:33.0503 4904 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:11:33.0503 4904 secdrv - ok
10:11:33.0519 4904 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:11:33.0534 4904 seclogon - ok
10:11:33.0550 4904 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:11:33.0566 4904 SENS - ok
10:11:33.0597 4904 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:11:33.0612 4904 SensrSvc - ok
10:11:33.0628 4904 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
10:11:33.0628 4904 Serenum - ok
10:11:33.0659 4904 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
10:11:33.0659 4904 Serial - ok
10:11:33.0675 4904 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:11:33.0675 4904 sermouse - ok
10:11:33.0706 4904 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:11:33.0706 4904 SessionEnv - ok
10:11:33.0722 4904 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:11:33.0722 4904 sffdisk - ok
10:11:33.0737 4904 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:11:33.0737 4904 sffp_mmc - ok
10:11:33.0737 4904 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:11:33.0737 4904 sffp_sd - ok
10:11:33.0768 4904 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:11:33.0768 4904 sfloppy - ok
10:11:33.0800 4904 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
10:11:33.0815 4904 Sftfs - ok
10:11:33.0831 4904 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:11:33.0846 4904 sftlist - ok
10:11:33.0878 4904 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:11:33.0878 4904 Sftplay - ok
10:11:33.0893 4904 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:11:33.0893 4904 Sftredir - ok
10:11:33.0909 4904 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
10:11:33.0909 4904 Sftvol - ok
10:11:33.0909 4904 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:11:33.0924 4904 sftvsa - ok
10:11:33.0956 4904 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:11:33.0956 4904 SharedAccess - ok
10:11:34.0002 4904 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:34.0018 4904 ShellHWDetection - ok
10:11:34.0049 4904 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:11:34.0049 4904 SiSRaid2 - ok
10:11:34.0065 4904 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:11:34.0065 4904 SiSRaid4 - ok
10:11:34.0127 4904 [ 4523268768F70049EA95FFDF8354B4FA ] sj C:\AeriaGames\EdenEternal\sjcs64.sys
10:11:34.0127 4904 sj - ok
10:11:34.0158 4904 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:11:34.0158 4904 Smb - ok
10:11:34.0190 4904 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:11:34.0205 4904 SNMPTRAP - ok
10:11:34.0236 4904 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:11:34.0236 4904 spldr - ok
10:11:34.0268 4904 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:11:34.0283 4904 Spooler - ok
10:11:34.0361 4904 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:11:34.0392 4904 sppsvc - ok
10:11:34.0408 4904 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:11:34.0424 4904 sppuinotify - ok
10:11:34.0486 4904 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
10:11:34.0502 4904 SRTSP - ok
10:11:34.0533 4904 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
10:11:34.0533 4904 SRTSPX - ok
10:11:34.0564 4904 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:11:34.0580 4904 srv - ok
10:11:34.0595 4904 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:11:34.0595 4904 srv2 - ok
10:11:34.0626 4904 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:11:34.0626 4904 srvnet - ok
10:11:34.0658 4904 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:11:34.0673 4904 SSDPSRV - ok
10:11:34.0689 4904 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:11:34.0704 4904 SstpSvc - ok
10:11:34.0720 4904 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:11:34.0720 4904 stexstor - ok
10:11:34.0751 4904 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:11:34.0767 4904 stisvc - ok
10:11:34.0782 4904 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:11:34.0782 4904 swenum - ok
10:11:34.0829 4904 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:11:34.0829 4904 swprv - ok
10:11:34.0860 4904 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
10:11:34.0876 4904 SymDS - ok
10:11:34.0923 4904 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
10:11:34.0938 4904 SymEFA - ok
10:11:34.0970 4904 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:11:34.0970 4904 SymEvent - ok
10:11:34.0985 4904 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
10:11:34.0985 4904 SymIRON - ok
10:11:35.0001 4904 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
10:11:35.0001 4904 SymNetS - ok
10:11:35.0048 4904 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:11:35.0063 4904 SysMain - ok
10:11:35.0079 4904 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:35.0094 4904 TabletInputService - ok
10:11:35.0110 4904 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:11:35.0126 4904 TapiSrv - ok
10:11:35.0141 4904 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:11:35.0141 4904 TBS - ok
10:11:35.0219 4904 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:11:35.0235 4904 Tcpip - ok
10:11:35.0266 4904 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:11:35.0282 4904 TCPIP6 - ok
10:11:35.0313 4904 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:11:35.0313 4904 tcpipreg - ok
10:11:35.0328 4904 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:11:35.0328 4904 TDPIPE - ok
10:11:35.0344 4904 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:11:35.0344 4904 TDTCP - ok
10:11:35.0360 4904 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:11:35.0375 4904 tdx - ok
10:11:35.0391 4904 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:11:35.0391 4904 TermDD - ok
10:11:35.0422 4904 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:11:35.0438 4904 TermService - ok
10:11:35.0453 4904 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:11:35.0453 4904 Themes - ok
10:11:35.0484 4904 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:11:35.0484 4904 THREADORDER - ok
10:11:35.0500 4904 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:11:35.0516 4904 TrkWks - ok
10:11:35.0578 4904 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:35.0594 4904 TrustedInstaller - ok
10:11:35.0609 4904 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:35.0609 4904 tssecsrv - ok
10:11:35.0625 4904 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:11:35.0625 4904 TsUsbFlt - ok
10:11:35.0656 4904 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:11:35.0656 4904 TsUsbGD - ok
10:11:35.0672 4904 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:11:35.0672 4904 tunnel - ok
10:11:35.0703 4904 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:11:35.0703 4904 uagp35 - ok
10:11:35.0718 4904 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:11:35.0718 4904 udfs - ok
10:11:35.0734 4904 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:11:35.0750 4904 UI0Detect - ok
10:11:35.0765 4904 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:11:35.0765 4904 uliagpkx - ok
10:11:35.0796 4904 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:11:35.0796 4904 umbus - ok
10:11:35.0812 4904 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:11:35.0812 4904 UmPass - ok
10:11:35.0828 4904 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:11:35.0843 4904 upnphost - ok
10:11:35.0859 4904 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:11:35.0859 4904 usbaudio - ok
10:11:35.0890 4904 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
10:11:35.0890 4904 usbbus - ok
10:11:35.0906 4904 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:35.0906 4904 usbccgp - ok
10:11:35.0937 4904 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:11:35.0937 4904 usbcir - ok
10:11:35.0952 4904 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
10:11:35.0952 4904 UsbDiag - ok
10:11:35.0968 4904 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:11:35.0968 4904 usbehci - ok
10:11:35.0984 4904 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys
10:11:35.0984 4904 usbfilter - ok
10:11:36.0015 4904 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
10:11:36.0015 4904 usbhub - ok
10:11:36.0015 4904 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
10:11:36.0015 4904 USBModem - ok
10:11:36.0030 4904 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:11:36.0030 4904 usbohci - ok
10:11:36.0046 4904 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:11:36.0046 4904 usbprint - ok
10:11:36.0062 4904 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:36.0062 4904 USBSTOR - ok
10:11:36.0062 4904 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:11:36.0062 4904 usbuhci - ok
10:11:36.0124 4904 [ 659BA43F61FC37609288A5340A8D37D4 ] usj C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
10:11:36.0124 4904 usj - ok
10:11:36.0140 4904 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:11:36.0155 4904 UxSms - ok
10:11:36.0171 4904 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:11:36.0171 4904 VaultSvc - ok
10:11:36.0202 4904 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:11:36.0202 4904 vdrvroot - ok
10:11:36.0233 4904 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:11:36.0264 4904 vds - ok
10:11:36.0296 4904 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:36.0296 4904 vga - ok
10:11:36.0311 4904 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:11:36.0311 4904 VgaSave - ok
10:11:36.0342 4904 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:11:36.0342 4904 vhdmp - ok
10:11:36.0374 4904 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:11:36.0374 4904 viaide - ok
10:11:36.0374 4904 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:11:36.0374 4904 volmgr - ok
10:11:36.0405 4904 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:11:36.0405 4904 volmgrx - ok
10:11:36.0420 4904 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:11:36.0420 4904 volsnap - ok
10:11:36.0452 4904 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:11:36.0452 4904 vsmraid - ok
10:11:36.0483 4904 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:11:36.0530 4904 VSS - ok
10:11:36.0545 4904 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:11:36.0545 4904 vwifibus - ok
10:11:36.0561 4904 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:36.0561 4904 vwififlt - ok
10:11:36.0576 4904 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:11:36.0592 4904 vwifimp - ok
10:11:36.0608 4904 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:11:36.0623 4904 W32Time - ok
10:11:36.0639 4904 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:11:36.0639 4904 WacomPen - ok
10:11:36.0670 4904 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:11:36.0670 4904 WANARP - ok
10:11:36.0686 4904 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:11:36.0686 4904 Wanarpv6 - ok
10:11:36.0748 4904 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:11:36.0764 4904 WatAdminSvc - ok
10:11:36.0826 4904 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:11:36.0857 4904 wbengine - ok
10:11:36.0873 4904 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:11:36.0873 4904 WbioSrvc - ok
10:11:36.0888 4904 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:11:36.0904 4904 wcncsvc - ok
10:11:36.0904 4904 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:36.0904 4904 WcsPlugInService - ok
10:11:36.0920 4904 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:11:36.0920 4904 Wd - ok
10:11:36.0951 4904 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:11:36.0951 4904 Wdf01000 - ok
10:11:36.0966 4904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:11:36.0966 4904 WdiServiceHost - ok
10:11:36.0966 4904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:11:36.0966 4904 WdiSystemHost - ok
10:11:36.0982 4904 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:11:36.0982 4904 WebClient - ok
10:11:36.0998 4904 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:11:37.0013 4904 Wecsvc - ok
10:11:37.0013 4904 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:11:37.0013 4904 wercplsupport - ok
10:11:37.0029 4904 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:11:37.0044 4904 WerSvc - ok
10:11:37.0060 4904 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:11:37.0060 4904 WfpLwf - ok
10:11:37.0076 4904 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:11:37.0076 4904 WIMMount - ok
10:11:37.0091 4904 WinDefend - ok
10:11:37.0091 4904 WinHttpAutoProxySvc - ok
10:11:37.0154 4904 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:11:37.0169 4904 Winmgmt - ok
10:11:37.0232 4904 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:11:37.0247 4904 WinRM - ok
10:11:37.0278 4904 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:11:37.0310 4904 Wlansvc - ok
10:11:37.0356 4904 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:11:37.0388 4904 wlcrasvc - ok
10:11:37.0512 4904 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:11:37.0528 4904 wlidsvc - ok
10:11:37.0559 4904 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:11:37.0559 4904 WmiAcpi - ok
10:11:37.0575 4904 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:11:37.0590 4904 wmiApSrv - ok
10:11:37.0622 4904 WMPNetworkSvc - ok
10:11:37.0637 4904 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:11:37.0653 4904 WPCSvc - ok
10:11:37.0668 4904 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:11:37.0668 4904 WPDBusEnum - ok
10:11:37.0684 4904 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:11:37.0684 4904 ws2ifsl - ok
10:11:37.0700 4904 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:11:37.0715 4904 wscsvc - ok
10:11:37.0731 4904 WSearch - ok
10:11:37.0809 4904 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:11:37.0824 4904 wuauserv - ok
10:11:37.0840 4904 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:11:37.0840 4904 WudfPf - ok
10:11:37.0840 4904 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:11:37.0856 4904 WUDFRd - ok
10:11:37.0856 4904 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:11:37.0871 4904 wudfsvc - ok
10:11:37.0887 4904 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:11:37.0887 4904 WwanSvc - ok
10:11:37.0918 4904 ================ Scan global ===============================
10:11:37.0934 4904 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:11:37.0965 4904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:11:37.0980 4904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:11:37.0996 4904 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:11:38.0012 4904 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:11:38.0027 4904 [Global] - ok
10:11:38.0027 4904 ================ Scan MBR ==================================
10:11:38.0027 4904 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:11:38.0277 4904 \Device\Harddisk0\DR0 - ok
10:11:38.0277 4904 ================ Scan VBR ==================================
10:11:38.0277 4904 [ 986909F94F707445E21543EFBC580456 ] \Device\Harddisk0\DR0\Partition1
10:11:38.0277 4904 \Device\Harddisk0\DR0\Partition1 - ok
10:11:38.0292 4904 [ 62F1DF2E43083041418F8CA71B594EA9 ] \Device\Harddisk0\DR0\Partition2
10:11:38.0308 4904 \Device\Harddisk0\DR0\Partition2 - ok
10:11:38.0339 4904 [ C6BBE9C201E5716F8CB44D39123D4A7E ] \Device\Harddisk0\DR0\Partition3
10:11:38.0339 4904 \Device\Harddisk0\DR0\Partition3 - ok
10:11:38.0339 4904 ============================================================
10:11:38.0339 4904 Scan finished
10:11:38.0339 4904 ============================================================
10:11:38.0355 3132 Detected object count: 0
10:11:38.0355 3132 Actual detected object count: 0

Attached Files


Edited by Makura, 31 August 2012 - 09:17 AM.


#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:23 PM

Posted 31 August 2012 - 06:31 PM

Hi again,

I'm still looking into the information on your issue, and I may have hit on something. I should have lots of time over the next couple of days so keep an eye on this thread. :thumbup2:

In the meantime, let's see what AdwCleaner can find:

Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[RX].txt (where X can be any number, usually 1, 0, or 2).

bloopie

#8 Makura

Makura
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 31 August 2012 - 09:51 PM

here is the log you requested.

Attached Files



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:23 PM

Posted 31 August 2012 - 10:30 PM

Hi again,

Okay, now remove those found:

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.

==========

Now, let's get another log:

OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

After doing the above, please check and see if you are able to use farmville! Let me know of any changes!

bloopie

#10 Makura

Makura
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 01 September 2012 - 02:17 AM

Hello, I could not download otl, everytime I tried my norton would immediatly remove it. Is there a way around that? Here is the other log you requested however:

# AdwCleaner v2.000 - Logfile created 09/01/2012 at 03:10:21
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Melissa - MELISSA-HP
# Boot Mode : Normal
# Running from : C:\Users\Melissa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R3].txt - [1136 octets] - [01/09/2012 03:10:06]
AdwCleaner[S1].txt - [1271 octets] - [01/09/2012 03:10:21]

########## EOF - C:\AdwCleaner[S1].txt - [1331 octets] ##########

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:23 PM

Posted 01 September 2012 - 08:36 AM

Hi again,

I could not download otl, everytime I tried my norton would immediatly remove it. Is there a way around that?

Yes, you can disable your antivirus program. Some info on that >here< or >here<.

Post the log when the scan is finished, then you can re-enable your antivirus software. :thumbup2:

bloopie

#12 Makura

Makura
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 01 September 2012 - 04:37 PM

Here are the otl logs. Still having the issue btw.

Attached Files



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:23 PM

Posted 02 September 2012 - 10:20 AM

Hi again,

Your logs show plenty of orphans we can remove, but it's not necessary. Do you use Searchscopes with your IE browser? If you don't know what it is, then we can remove it.

==========

You mention you've tried uninstalling and reinstalling the application, but which application have you reinstalled? I see you have Facebook installed on your computer. Is this the Facebook messenger service? Have you tried to reinstall that too? That may help, but I don't think it's the culprit.

==========

It seems the latest Adobe Flash player update has had some issues with Zynga:

It appears that a recent update of flash from Adobe affects Farmville because they claim that the Zynga developers have their codes wrong in Farmville.


Just for kicks, try using a different web browser. If you're using IE, try Firefox, if your using Firefox, try google chrome. That may take care of it.

Otherwise...

You can try to rollback your Adobe Flash player. This is not a safe way of using Adobe, but it may pinpoint the problem:

  • Download Flash Player 10.3.183.18, then unzip it to your desktop.
  • Now uninstall Adobe Flash from Add/Remove programs (instructions here).
  • Then, disconnect from the internet, and install the older version.
  • Once installed, reconnect to the internet and see if you still have the problem.

If the problem goes away, then we have our culprit. However using outdated software can leave your system vulnerable to exploits, use at your own risk. We can revert and update again later if you get no change.

If you don't want to risk it, then it's possible you may have to wait for an additional Adobe/Zynga/Farmville/Facebook update or patch to resolve the issue.

Let me know what you think! :)

bloopie

#14 Makura

Makura
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 03 September 2012 - 12:11 AM

I could not find Searchscope to remove it. Also, i've tried a few non-zynga apps just to check, and they cause the same problem so I do not think it is a zynga problem (but you are the expert.) I uninstalled both the facebook on my computer and the apps online. Neither helped. I also tried the old version of flash, it did not work either. Before I try downloading something like firefox, i've been told it might cause me some other issues down the road. What do you think? Also a side question if you don't mind, I got a message on my computer saying my ATI driver failed to work properly. I went to my device manager and it said everything was up to date. Is there a way to find out what is wrong?

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:23 PM

Posted 03 September 2012 - 11:52 AM

Hi again,

I could not find Searchscope to remove it.

I can help you remove it. :wink:

You still haven't answered: What is your normal internet browser? IE, FF, Chrome?

Also, i've tried a few non-zynga apps just to check, and they cause the same problem so I do not think it is a zynga problem

I don't either, I was mentioning an Adobe Flash player problem, but you mention you have a video card driver issue:

I got a message on my computer saying my ATI driver failed to work properly.


If you've never used Firefox, I'd say give it a try! The problems with FF are also with Flashplayer, some key components of the problem! Give it a whirl, and let me know!


Is there a way to find out what is wrong?

Probably, but I'd like to make sure all of the malware is gone from your machine to rule that out first....

Try Firefox in the meantime, and let me know how it goes. I will craft a script for you to remove searchscope from your computer.

Just give me a bit to craft another responce, my baby is very cranky today! :o :)

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users