Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dns shows porn sites - slow pc - corrupted recycle bin


  • This topic is locked This topic is locked
37 replies to this topic

#1 Braindust

Braindust

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 15 September 2012 - 07:07 PM

Hi.

I tried ipconfig/displaydns which showed porn sites. I cannot access IE unless I right-click on iexplore and run as administrator and Microsoft Fixit said my recycle bin was corrupted. I tried various things in this thread http://www.bleepingcomputer.com/forums/topic468110.html/ and have now followed the most recent instructions.

I could not run GMER as it would not give me a result of the scan, but can show the logs to DDS.

First is DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by nicky at 21:40:26 on 2012-09-15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3002.1469 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\locator.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.bt.yahoo.com/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.8.0.14\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\nicky\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1782B112-4970-4887-BB46-7D6CBB60DBD0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1ACB099C-4DEA-4D3B-8C67-83A8FB76EFB7} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1308000.00e\symds.sys [2012-8-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1308000.00e\symefa.sys [2012-8-15 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\bashdefs\20120905.001\BHDrvx86.sys [2012-8-31 995488]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-8-9 146904]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1308000.00e\ccsetx86.sys [2012-8-15 132768]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\ipsdefs\20120914.001\IDSvix86.sys [2012-9-15 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1308000.00e\ironx86.sys [2012-8-15 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1308000.00e\symtdiv.sys [2012-8-15 345208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-9-30 130000]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-25 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-25 222512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-11 106656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-5-19 173880]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-9 250568]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-09-14 18:31:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-14 12:31:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-11 21:25:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-11 21:25:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-10 18:39:44 -------- d-----w- c:\users\nicky\appdata\roaming\SUPERAntiSpyware.com
2012-09-10 18:39:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-09 11:33:17 -------- d-----w- c:\users\nicky\appdata\local\{4E0F68AB-1F3E-4421-9B2B-C8EB5230757F}
2012-09-09 06:45:27 -------- d-----w- c:\users\nicky\appdata\local\{0475C5D5-667B-4ECB-BAEF-EEAC3FAC643F}
2012-09-08 23:52:17 -------- d-----w- c:\users\nicky\appdata\local\{8D147800-6F71-47CA-9444-2421E8160741}
2012-09-08 14:18:59 -------- d-----w- c:\users\nicky\appdata\local\{291FE8C8-1072-4577-8EAC-53825977454C}
2012-09-08 13:10:21 -------- d-----w- c:\users\nicky\appdata\local\{021BC209-43AB-45FD-8B63-A5CA6928EF5B}
2012-09-08 12:40:11 -------- d-----w- c:\users\nicky\appdata\local\{292EA099-66B4-4C77-A231-BDA85EA02DD3}
2012-09-08 12:19:44 -------- d-----w- c:\users\nicky\appdata\local\{2BF8DE46-5122-42A1-9FAF-1648D03DBDF6}
2012-09-08 12:09:04 -------- d-----w- c:\users\nicky\appdata\local\{B6D78395-39DB-45BD-A9AD-6D9E80412723}
2012-09-07 21:35:24 -------- d-----w- c:\users\nicky\appdata\local\{8CF7DD07-CD34-46E1-B2C9-41B604E34211}
2012-09-06 23:48:18 -------- d-----w- c:\users\nicky\appdata\local\{ED8FE51A-C139-4DF1-92E8-72CFF163BF91}
2012-09-06 23:44:00 -------- d-----w- c:\users\nicky\appdata\local\{E36B7DE5-7CAC-4E99-8099-BF9755BCAAA3}
2012-09-06 13:42:08 -------- d-----w- c:\users\nicky\appdata\local\{CF4F1492-E584-46FB-8DA8-6F16A44759D9}
2012-09-06 00:21:31 -------- d-----w- c:\users\nicky\appdata\local\{B373A22D-B6CD-483B-9515-F73289BD2583}
2012-09-05 20:11:20 -------- d-----w- c:\users\nicky\appdata\local\{27CB5318-E252-40BA-986A-F52CE854D0AD}
2012-09-05 00:05:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-05 00:05:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-04 22:26:46 -------- d-----w- c:\users\nicky\appdata\local\{6D3A811A-B7A1-408E-8D4A-0FF431BE1D58}
2012-09-02 18:39:54 -------- d-----w- c:\users\nicky\appdata\local\{1C5F1261-F6B0-465E-87CB-3AA8C47CFE0B}
2012-09-02 00:03:02 -------- d-----w- c:\users\nicky\appdata\local\{679082E1-F2C1-4040-ACE5-A9B75F719479}
2012-09-01 21:38:52 -------- d-----w- c:\users\nicky\appdata\local\{51DB2F03-3BAF-4FE0-A351-DAFE4EE24470}
2012-09-01 18:20:26 -------- d-----w- c:\users\nicky\appdata\local\{1AB204D0-F0D2-47FF-A6C9-DA31480220A3}
2012-09-01 03:24:06 -------- d-----w- c:\users\nicky\appdata\local\{535CE0C6-2C49-4FC4-972F-4DE60C3012E9}
2012-09-01 00:31:12 -------- d-----w- c:\users\nicky\appdata\local\{91927D7B-A1AF-444C-A7AC-EB44449EA150}
2012-08-30 23:58:06 -------- d-----w- c:\program files\CCleaner
2012-08-30 23:54:59 -------- d-----w- c:\users\nicky\appdata\local\{06E4078E-5292-4133-8FA3-6C8DFE77929E}
2012-08-30 20:54:14 -------- d-----w- c:\users\nicky\appdata\local\{22D99233-FACC-47E7-BDE4-652DDA24BB18}
2012-08-30 18:38:44 -------- d-----w- c:\users\nicky\appdata\local\{714341C0-57AE-4416-B71F-85E9D95D5061}
2012-08-30 14:41:01 -------- d-----w- c:\users\nicky\appdata\local\{D8287935-1B5E-475A-ACB8-1B433F87ECD1}
2012-08-27 22:30:20 -------- d-----w- c:\users\nicky\appdata\local\{02EEA188-EAFC-4800-A683-B50C99E1097C}
2012-08-26 19:18:35 -------- d-----w- c:\users\nicky\appdata\local\{7A2DC10E-6CD7-4ECA-8AC2-0BD5FF3F548D}
2012-08-26 14:08:35 -------- d-----w- c:\users\nicky\appdata\local\{964195C2-3CA1-4D5C-BCE2-19E929AE5A99}
2012-08-25 12:40:37 -------- d-----w- c:\users\nicky\appdata\local\{B1AC00B7-A14E-46B1-A34B-2A0811CE26DF}
2012-08-24 11:24:50 -------- d-----w- c:\users\nicky\appdata\local\{0FEB986A-63E2-4D23-A56D-9A8F89ACCB36}
2012-08-23 13:27:03 -------- d-----w- c:\users\nicky\appdata\local\{5B6314FA-E7C4-4524-95AD-8C7C3428ED2E}
2012-08-22 23:12:25 -------- d-----w- c:\users\nicky\appdata\local\{9DB86E77-77DC-43A3-9917-E65508092461}
2012-08-22 22:16:41 -------- d-----w- c:\users\nicky\appdata\local\{E81D6A65-BB45-41C3-B8A5-859A1228012D}
2012-08-22 00:17:38 -------- d-----w- c:\users\nicky\appdata\local\{B2E38949-A611-426E-A3BB-C5C0931CF5BC}
2012-08-21 23:36:28 -------- d-----w- c:\users\nicky\appdata\local\{77898538-A103-49EF-84DB-8B8EC3FA6723}
2012-08-20 11:30:33 -------- d-----w- c:\users\nicky\appdata\local\{8B673B83-378A-4655-91A9-6371A0A1F3DF}
2012-08-18 22:10:50 -------- d-----w- c:\users\nicky\appdata\local\{8C170CD5-7885-4AD6-A5B1-CB1BA93E6E58}
2012-08-18 22:10:34 -------- d-----w- c:\users\nicky\appdata\local\{BFD71AB2-265B-4E0E-B579-9A09B9E24485}
2012-08-18 16:58:44 -------- d-----w- c:\users\nicky\appdata\local\{A66A5021-5E33-4CA5-A10F-8E22F4F747B9}
2012-08-17 21:32:03 -------- d-----w- c:\program files\Wireshark
2012-08-17 18:10:00 -------- d-----w- c:\users\nicky\appdata\local\{2A6130DF-5E09-488B-885C-35365A7A90C7}
2012-08-17 18:09:39 -------- d-----w- c:\users\nicky\appdata\local\{81EE65EF-4E88-4833-B880-EA948EA7B884}
2012-08-17 16:44:27 -------- d-----w- c:\windows\en
2012-08-17 16:43:31 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-17 16:39:26 19720 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-08-17 16:35:47 15712 ----a-w- c:\program files\common files\windows live\.cache\5a9cd1671cd7c9603\MeshBetaRemover.exe
2012-08-17 16:35:46 89944 ----a-w- c:\program files\common files\windows live\.cache\5a3b39071cd7c9602\DSETUP.dll
2012-08-17 16:35:46 537432 ----a-w- c:\program files\common files\windows live\.cache\5a3b39071cd7c9602\DXSETUP.exe
2012-08-17 16:35:46 1801048 ----a-w- c:\program files\common files\windows live\.cache\5a3b39071cd7c9602\dsetup32.dll
2012-08-17 16:13:33 -------- d-----w- c:\users\nicky\appdata\local\{CAF126C7-410C-4633-B387-5B0D51B2E679}
2012-08-17 16:13:11 -------- d-----w- c:\users\nicky\appdata\local\{96780481-85EB-4F08-B811-C46B2CD48CCE}
2012-08-16 23:08:00 -------- d-----w- c:\users\nicky\appdata\local\{56E27F1A-F8FC-4441-96F9-91B81E115652}
2012-08-16 23:07:39 -------- d-----w- c:\users\nicky\appdata\local\{9647AD11-06B0-4D0E-B253-BF2C79B6CAC9}
.
==================== Find3M ====================
.
2012-09-14 18:31:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 18:31:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 11:29:59 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 11:29:59 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 08:59:47 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-06 02:17:57 574112 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtsp.sys
2012-07-06 02:17:57 32928 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtspx.sys
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:42:35.01 ===============


Now attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 12/04/2009 11:33:40
System Uptime: 15/09/2012 19:38:20 (2 hours ago)
.
Motherboard: Quanta | | 3069
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 96.307 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.233 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP263: 13/09/2012 20:11:19 - Windows Update
RP264: 13/09/2012 23:19:25 - Device Driver Package Install: Microsoft Display adapters
RP265: 14/09/2012 19:29:54 - Installed Java 7 Update 7
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player
AOL Toolbar
Atheros Driver Installation Program
BT Broadband Desktop Help
BT Broadband Support Tools
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Download Updater (AOL LLC)
ESU for Microsoft Vista
Facebook Plug-In
File Type Assistant
GoToAssist Corporate
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 M1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0138
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IDT Audio
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
KeyScrambler
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
neroxml
NirSoft OpenedFilesView
Norton Internet Security
Norton Safe Web Lite
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Un-Rar for Windows 9.22beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
Wireshark 1.8.2 (32-bit)
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
15/09/2012 19:42:33, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated

with service-specific error 2147942438 (0x80070026).
15/09/2012 19:40:48, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
14/09/2012 19:47:31, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
14/09/2012 12:16:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

BHDrvx86 CbFs ccSet_NIS eeCtrl IDSVix86 spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
14/09/2012 12:16:42, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which

failed to start because of the following error: The dependency service or group failed to start.
14/09/2012 12:16:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service

WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
14/09/2012 12:16:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service

WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
14/09/2012 12:15:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service

EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/09/2012 12:15:38, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module

Path: C:\Windows\system32\athihvs.dll Error Code: 21
14/09/2012 12:15:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service

ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
14/09/2012 12:12:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD

BHDrvx86 CbFs ccSet_NIS DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSP SRTSPX

SymIRON SYMTDIv tdx Wanarpv6
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface

Service service which failed to start because of the following error: The dependency service or group failed to start.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected

Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver

service which failed to start because of the following error: The dependency service or group failed to start.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function

Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the

Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not

functioning.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed

to start.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed

to start.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy

service service which failed to start because of the following error: A device attached to the system is not functioning.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location

Awareness service which failed to start because of the following error: The dependency service or group failed to start.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service

service which failed to start because of the following error: The dependency service or group failed to start.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support

Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/09/2012 12:12:29, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for

Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
14/09/2012 12:11:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service

netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
14/09/2012 12:11:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service

netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
14/09/2012 10:18:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the SysMain service.
14/09/2012 10:17:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the TrkWks service.
14/09/2012 03:33:55, Error: EventLog [6008] - The previous system shutdown at 03:30:23 on 14/09/2012 was unexpected.
14/09/2012 03:11:54, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the ShellHWDetection service.
14/09/2012 02:37:05, Error: EventLog [6008] - The previous system shutdown at 02:36:00 on 14/09/2012 was unexpected.
14/09/2012 01:21:02, Error: EventLog [6008] - The previous system shutdown at 01:19:59 on 14/09/2012 was unexpected.
14/09/2012 01:09:50, Error: EventLog [6008] - The previous system shutdown at 01:08:11 on 14/09/2012 was unexpected.
14/09/2012 00:20:33, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1782B112-4970-4887-

BB46-7D6CBB60DBD0} because another computer on the network has the same name. The server could not start.
13/09/2012 23:29:41, Error: Service Control Manager [7030] - The Application Information service is marked as an interactive service.

However, the system is configured to not allow interactive services. This service may not function properly.
13/09/2012 22:59:24, Error: EventLog [6008] - The previous system shutdown at 22:58:08 on 13/09/2012 was unexpected.
13/09/2012 22:52:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the COM+

System Application service to connect.
13/09/2012 22:52:28, Error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the

following error: The service did not respond to the start or control request in a timely fashion.
13/09/2012 21:12:41, Error: EventLog [6008] - The previous system shutdown at 21:11:38 on 13/09/2012 was unexpected.
11/09/2012 23:48:08, Error: EventLog [6008] - The previous system shutdown at 23:46:22 on 11/09/2012 was unexpected.
11/09/2012 23:19:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the

Com4QLBEx service to connect.
11/09/2012 23:19:44, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The

service did not respond to the start or control request in a timely fashion.
11/09/2012 23:19:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service

Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}
11/09/2012 23:16:42, Error: EventLog [6008] - The previous system shutdown at 23:15:03 on 11/09/2012 was unexpected.
10/09/2012 22:01:19, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local

Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user

smallworld\nicky SID (S-1-5-21-2480247224-2208930909-3036185898-1000) from address LocalHost (Using LRPC). This security

permission can be modified using the Component Services administrative tool.
10/09/2012 10:12:24, Error: EventLog [6008] - The previous system shutdown at 10:10:54 on 10/09/2012 was unexpected.
10/09/2012 10:10:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the NIS service.
09/09/2012 07:28:24, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
08/09/2012 13:59:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD

BHDrvx86 CbFs ccSet_NIS DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr

SRTSP SRTSPX SymIRON SYMTDIv tdx Wanarpv6
.
==== End Of File ===========================


I hope this is what you need to see.

BC AdBot (Login to Remove)

 


#2 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 15 September 2012 - 07:11 PM

Should've said am running Vista basic - SP2 - 32bit

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 17 September 2012 - 10:40 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 17 September 2012 - 11:59 PM

Hi, Gringo. Thank you for your response.

1. Defogged.


2. AdwCleaner Log:


# AdwCleaner v2.002 - Logfile created 09/18/2012 at 05:20:52
# Updated 16/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : nicky - SMALLWORLD
# Boot Mode : Normal
# Running from : C:\Users\nicky\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\nicky\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7172 octets] - [18/09/2012 05:18:59]
AdwCleaner[S2].txt - [7682 octets] - [18/09/2012 05:20:52]

########## EOF - C:\AdwCleaner[S2].txt - [7742 octets] ##########



3. RogueKiller Log: (I seem to have 2 logs ?! Will post the 2nd. Hope it's the correct one.)



RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : nicky [Admin rights]
Mode : Remove -- Date : 09/18/2012 05:40:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x820A85C3 -> HOOKED (Unknown @ 0x8751A3E0)
SSDT[14] : NtAlertThread @ 0x82021255 -> HOOKED (Unknown @ 0x8751A4C0)
SSDT[18] : NtAllocateVirtualMemory @ 0x8205D4FB -> HOOKED (Unknown @ 0x8751AE38)
SSDT[21] : NtAlpcConnectPort @ 0x81FFF887 -> HOOKED (Unknown @ 0x87411350)
SSDT[42] : NtAssignProcessToJobObject @ 0x81FD2B43 -> HOOKED (Unknown @ 0x8751BB88)
SSDT[67] : NtCreateMutant @ 0x82035812 -> HOOKED (Unknown @ 0x8751A130)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x81FD535A -> HOOKED (Unknown @ 0x8751B8A8)
SSDT[78] : NtCreateThread @ 0x820A6BE0 -> HOOKED (Unknown @ 0x874E26A0)
SSDT[116] : NtDebugActiveProcess @ 0x82079D22 -> HOOKED (Unknown @ 0x8751BC68)
SSDT[129] : NtDuplicateObject @ 0x8200D551 -> HOOKED (Unknown @ 0x8751A008)
SSDT[147] : NtFreeVirtualMemory @ 0x81E99F1D -> HOOKED (Unknown @ 0x8751ABF0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x81FCFF12 -> HOOKED (Unknown @ 0x8751A220)
SSDT[158] : NtImpersonateThread @ 0x81FE554F -> HOOKED (Unknown @ 0x8751A300)
SSDT[165] : NtLoadDriver @ 0x81F80DEE -> HOOKED (Unknown @ 0x874112D8)
SSDT[177] : NtMapViewOfSection @ 0x8202589A -> HOOKED (Unknown @ 0x8751AAF0)
SSDT[184] : NtOpenEvent @ 0x8200EDCF -> HOOKED (Unknown @ 0x8751A050)
SSDT[194] : NtOpenProcess @ 0x82035FAE -> HOOKED (Unknown @ 0x874E2588)
SSDT[195] : NtOpenProcessToken @ 0x82016A2E -> HOOKED (Unknown @ 0x8751AF28)
SSDT[197] : NtOpenSection @ 0x8202666D -> HOOKED (Unknown @ 0x8751BE90)
SSDT[201] : NtOpenThread @ 0x820314FF -> HOOKED (Unknown @ 0x874E24B8)
SSDT[210] : NtProtectVirtualMemory @ 0x8202F2E2 -> HOOKED (Unknown @ 0x8751BA98)
SSDT[282] : NtResumeThread @ 0x82030B4A -> HOOKED (Unknown @ 0x8751A5A0)
SSDT[289] : NtSetContextThread @ 0x820A806F -> HOOKED (Unknown @ 0x8751A840)
SSDT[305] : NtSetInformationProcess @ 0x820298C8 -> HOOKED (Unknown @ 0x8751A920)
SSDT[317] : NtSetSystemInformation @ 0x81FFBEEB -> HOOKED (Unknown @ 0x8751BD48)
SSDT[330] : NtSuspendProcess @ 0x820A84FF -> HOOKED (Unknown @ 0x8751BF70)
SSDT[331] : NtSuspendThread @ 0x81FAF92B -> HOOKED (Unknown @ 0x8751A680)
SSDT[334] : NtTerminateProcess @ 0x82006143 -> HOOKED (Unknown @ 0x874E2780)
SSDT[335] : NtTerminateThread @ 0x82031534 -> HOOKED (Unknown @ 0x8751A760)
SSDT[348] : NtUnmapViewOfSection @ 0x82025B5D -> HOOKED (Unknown @ 0x8751AA10)
SSDT[358] : NtWriteVirtualMemory @ 0x8202292D -> HOOKED (Unknown @ 0x8751ACE0)
SSDT[382] : NtCreateThreadEx @ 0x82030FE9 -> HOOKED (Unknown @ 0x8751B998)
S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x871D7C10)
S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x87268460)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x87C51058)
S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x8724A4A0)
S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x87C84170)
S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x87C89130)
S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x87319328)
S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x87435B90)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8751D1F8)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x86766120)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 106197a782be68a3a53ae36d3bbc7c39
[BSP] a786e7b7ece45b08f2532ae93000f873 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142397 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291631104 | Size: 10226 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Must sleep. Back in a few hours.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 18 September 2012 - 12:00 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 18 September 2012 - 06:31 AM

Hi, Gringo. Will post Combo log. Didn't have any problems and didn't have to restart computer. Seems to be running faster at the moment, and I don't need to click on 'run as administrator to access the internet now.




ComboFix 12-09-18.02 - nicky 18/09/2012 12:04:25.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3002.1750 [GMT 1:00]
Running from: c:\users\nicky\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\nicky\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75AC.tmp
c:\users\nicky\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC458.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 11:14 . 2012-09-18 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-18 01:28 . 2012-09-18 02:04 -------- d-----w- c:\users\nicky\AppData\Local\NPE
2012-09-16 21:27 . 2012-09-16 21:27 100864 ----a-w- C:\pwtdyfod.sys
2012-09-16 11:16 . 2012-09-16 11:17 -------- d-----w- c:\users\Nicola
2012-09-14 18:31 . 2012-09-14 18:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-11 21:25 . 2012-09-11 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-11 21:25 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 00:05 . 2012-09-10 17:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-05 00:05 . 2012-09-10 17:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-30 23:58 . 2012-08-30 23:58 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 18:31 . 2012-07-31 03:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 18:31 . 2010-06-07 23:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 11:29 . 2012-08-09 19:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 11:29 . 2012-08-09 19:37 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 16:39 . 2012-08-17 16:39 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-31 08:59 . 2011-09-30 10:37 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-16 01:41 . 2012-07-31 05:07 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A05D84F6-F699-46AC-AED2-74A22A8AAD6D}\mpengine.dll
2012-07-06 02:17 . 2012-08-15 16:42 32928 ----a-w- c:\windows\system32\drivers\NIS\1308000.00E\srtspx.sys
2012-07-06 02:17 . 2012-08-15 16:42 574112 ----a-w- c:\windows\system32\drivers\NIS\1308000.00E\srtsp.sys
2012-07-04 14:02 . 2012-08-16 18:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16 . 2012-08-16 18:29 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 18:29 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 18:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 18:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 18:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2012-06-08 431760]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\nicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-11 17:41 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 11:29]
.
2012-09-10 c:\windows\Tasks\HPCeeScheduleFornicky.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-25 19:34]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{AE3C87F7-D8DA-4BD8-B192-48CA9B53154F}.job
- c:\windows\system32\msfeedssync.exe [2011-05-06 15:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
ShellIconOverlayIdentifiers-{B44A5D93-1351-41A1-BD91-5E92435D8ECD} - (no file)
ShellIconOverlayIdentifiers-{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} - (no file)
ShellIconOverlayIdentifiers-{84CEF1E4-1356-4063-845F-05047F4DD52C} - (no file)
ShellIconOverlayIdentifiers-{42058329-2FBF-4B33-8E52-3BE5754DE0C1} - (no file)
ShellIconOverlayIdentifiers-{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} - (no file)
AddRemove-{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} - c:\program files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-18 12:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-09-18 12:17:53
ComboFix-quarantined-files.txt 2012-09-18 11:17
.
Pre-Run: 106,911,514,624 bytes free
Post-Run: 107,019,649,024 bytes free
.
- - End Of File - - A86B7AAD23DCF6B421057E2166176C36

#7 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 18 September 2012 - 06:42 AM

Update: Just rebooted PC, have to 'run as administrator' again to access internet.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 18 September 2012 - 07:16 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 18 September 2012 - 07:39 AM

13:33:11.0214 3900 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:33:11.0713 3900 ============================================================
13:33:11.0713 3900 Current date / time: 2012/09/18 13:33:11.0713
13:33:11.0713 3900 SystemInfo:
13:33:11.0713 3900
13:33:11.0713 3900 OS Version: 6.0.6002 ServicePack: 2.0
13:33:11.0713 3900 Product type: Workstation
13:33:11.0713 3900 ComputerName: SMALLWORLD
13:33:11.0713 3900 UserName: nicky
13:33:11.0713 3900 Windows directory: C:\Windows
13:33:11.0713 3900 System windows directory: C:\Windows
13:33:11.0713 3900 Processor architecture: Intel x86
13:33:11.0713 3900 Number of processors: 2
13:33:11.0713 3900 Page size: 0x1000
13:33:11.0713 3900 Boot type: Normal boot
13:33:11.0713 3900 ============================================================
13:33:13.0710 3900 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:33:13.0710 3900 ============================================================
13:33:13.0710 3900 \Device\Harddisk0\DR0:
13:33:13.0710 3900 MBR partitions:
13:33:13.0710 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1161E800
13:33:13.0710 3900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1161F000, BlocksNum 0x13F9000
13:33:13.0710 3900 ============================================================
13:33:13.0741 3900 C: <-> \Device\Harddisk0\DR0\Partition1
13:33:13.0788 3900 D: <-> \Device\Harddisk0\DR0\Partition2
13:33:13.0788 3900 ============================================================
13:33:13.0788 3900 Initialize success
13:33:13.0788 3900 ============================================================
13:34:02.0585 2152 ============================================================
13:34:02.0585 2152 Scan started
13:34:02.0585 2152 Mode: Manual;
13:34:02.0585 2152 ============================================================
13:34:03.0926 2152 ================ Scan system memory ========================
13:34:03.0926 2152 System memory - ok
13:34:03.0926 2152 ================ Scan services =============================
13:34:04.0113 2152 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:34:04.0129 2152 ACPI - ok
13:34:04.0301 2152 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:34:04.0301 2152 AdobeARMservice - ok
13:34:04.0394 2152 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:34:04.0394 2152 AdobeFlashPlayerUpdateSvc - ok
13:34:04.0441 2152 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:34:04.0457 2152 adp94xx - ok
13:34:04.0472 2152 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:34:04.0472 2152 adpahci - ok
13:34:04.0488 2152 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:34:04.0488 2152 adpu160m - ok
13:34:04.0503 2152 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:34:04.0503 2152 adpu320 - ok
13:34:04.0566 2152 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:34:04.0566 2152 AeLookupSvc - ok
13:34:04.0737 2152 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
13:34:04.0737 2152 AESTFilters - ok
13:34:04.0784 2152 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:34:04.0784 2152 AFD - ok
13:34:04.0847 2152 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:34:04.0862 2152 agp440 - ok
13:34:04.0878 2152 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:34:04.0909 2152 aic78xx - ok
13:34:04.0940 2152 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:34:04.0956 2152 ALG - ok
13:34:04.0987 2152 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
13:34:04.0987 2152 aliide - ok
13:34:05.0049 2152 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:34:05.0049 2152 amdagp - ok
13:34:05.0065 2152 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
13:34:05.0065 2152 amdide - ok
13:34:05.0081 2152 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:34:05.0081 2152 AmdK7 - ok
13:34:05.0096 2152 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:34:05.0096 2152 AmdK8 - ok
13:34:05.0159 2152 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:34:05.0159 2152 Appinfo - ok
13:34:05.0190 2152 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
13:34:05.0190 2152 arc - ok
13:34:05.0221 2152 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:34:05.0221 2152 arcsas - ok
13:34:05.0268 2152 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:34:05.0268 2152 AsyncMac - ok
13:34:05.0299 2152 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:34:05.0299 2152 atapi - ok
13:34:05.0377 2152 [ 8B412DDC62A0510767C5D48192EE1324 ] athr C:\Windows\system32\DRIVERS\athr.sys
13:34:05.0408 2152 athr - ok
13:34:05.0486 2152 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:34:05.0486 2152 AudioEndpointBuilder - ok
13:34:05.0517 2152 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:34:05.0517 2152 Audiosrv - ok
13:34:05.0580 2152 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:34:05.0595 2152 Beep - ok
13:34:05.0673 2152 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:34:05.0673 2152 BFE - ok
13:34:05.0985 2152 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
13:34:06.0017 2152 BHDrvx86 - ok
13:34:06.0079 2152 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
13:34:06.0126 2152 BITS - ok
13:34:06.0141 2152 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:34:06.0141 2152 blbdrive - ok
13:34:06.0173 2152 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:34:06.0173 2152 bowser - ok
13:34:06.0219 2152 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:34:06.0219 2152 BrFiltLo - ok
13:34:06.0235 2152 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:34:06.0235 2152 BrFiltUp - ok
13:34:06.0266 2152 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:34:06.0266 2152 Browser - ok
13:34:06.0313 2152 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:34:06.0313 2152 Brserid - ok
13:34:06.0329 2152 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:34:06.0360 2152 BrSerWdm - ok
13:34:06.0391 2152 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:34:06.0391 2152 BrUsbMdm - ok
13:34:06.0407 2152 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:34:06.0407 2152 BrUsbSer - ok
13:34:06.0453 2152 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:34:06.0453 2152 BTHMODEM - ok
13:34:06.0781 2152 catchme - ok
13:34:06.0890 2152 [ A975187F3C8867F8D00A698A5282672B ] CbFs C:\Windows\system32\drivers\cbfs.sys
13:34:06.0890 2152 CbFs - ok
13:34:06.0999 2152 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys
13:34:06.0999 2152 ccSet_NIS - ok
13:34:07.0046 2152 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:34:07.0046 2152 cdfs - ok
13:34:07.0109 2152 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:34:07.0140 2152 cdrom - ok
13:34:07.0187 2152 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:34:07.0187 2152 CertPropSvc - ok
13:34:07.0218 2152 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
13:34:07.0218 2152 circlass - ok
13:34:07.0265 2152 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:34:07.0265 2152 CLFS - ok
13:34:07.0343 2152 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:34:07.0343 2152 clr_optimization_v2.0.50727_32 - ok
13:34:07.0452 2152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:34:07.0452 2152 clr_optimization_v4.0.30319_32 - ok
13:34:07.0499 2152 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:34:07.0514 2152 CmBatt - ok
13:34:07.0514 2152 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:34:07.0530 2152 cmdide - ok
13:34:07.0686 2152 [ 2F27104F5D6ED63FDAC38CACB9D19DFD ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:34:07.0686 2152 Com4QLBEx - ok
13:34:07.0701 2152 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:34:07.0701 2152 Compbatt - ok
13:34:07.0717 2152 COMSysApp - ok
13:34:07.0717 2152 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:34:07.0717 2152 crcdisk - ok
13:34:07.0748 2152 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:34:07.0764 2152 Crusoe - ok
13:34:07.0889 2152 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:34:07.0889 2152 CryptSvc - ok
13:34:07.0967 2152 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:34:07.0998 2152 DcomLaunch - ok
13:34:08.0076 2152 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:34:08.0076 2152 DfsC - ok
13:34:08.0185 2152 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:34:08.0247 2152 DFSR - ok
13:34:08.0341 2152 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:34:08.0341 2152 Dhcp - ok
13:34:08.0403 2152 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:34:08.0419 2152 disk - ok
13:34:08.0466 2152 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:34:08.0466 2152 Dnscache - ok
13:34:08.0513 2152 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:34:08.0513 2152 dot3svc - ok
13:34:08.0575 2152 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:34:08.0575 2152 DPS - ok
13:34:08.0637 2152 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:34:08.0637 2152 drmkaud - ok
13:34:08.0700 2152 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:34:08.0715 2152 DXGKrnl - ok
13:34:08.0778 2152 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:34:08.0793 2152 E1G60 - ok
13:34:08.0840 2152 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:34:08.0871 2152 EapHost - ok
13:34:08.0918 2152 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:34:08.0934 2152 Ecache - ok
13:34:09.0043 2152 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:34:09.0043 2152 eeCtrl - ok
13:34:09.0090 2152 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:34:09.0105 2152 elxstor - ok
13:34:09.0168 2152 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:34:09.0199 2152 EMDMgmt - ok
13:34:09.0215 2152 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:34:09.0215 2152 ErrDev - ok
13:34:09.0277 2152 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:34:09.0293 2152 EventSystem - ok
13:34:09.0324 2152 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:34:09.0324 2152 exfat - ok
13:34:09.0371 2152 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
13:34:09.0371 2152 ezSharedSvc - ok
13:34:09.0417 2152 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:34:09.0417 2152 fastfat - ok
13:34:09.0433 2152 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:34:09.0433 2152 fdc - ok
13:34:09.0464 2152 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:34:09.0480 2152 fdPHost - ok
13:34:09.0511 2152 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:34:09.0511 2152 FDResPub - ok
13:34:09.0558 2152 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:34:09.0558 2152 FileInfo - ok
13:34:09.0573 2152 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:34:09.0589 2152 Filetrace - ok
13:34:09.0605 2152 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:34:09.0620 2152 flpydisk - ok
13:34:09.0636 2152 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:34:09.0636 2152 FltMgr - ok
13:34:09.0714 2152 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:34:09.0729 2152 FontCache - ok
13:34:09.0776 2152 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:34:09.0776 2152 FontCache3.0.0.0 - ok
13:34:09.0823 2152 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:34:09.0839 2152 fssfltr - ok
13:34:10.0010 2152 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:34:10.0057 2152 fsssvc - ok
13:34:10.0119 2152 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:34:10.0119 2152 Fs_Rec - ok
13:34:10.0151 2152 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:34:10.0151 2152 gagp30kx - ok
13:34:10.0197 2152 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
13:34:10.0213 2152 GameConsoleService - ok
13:34:10.0244 2152 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:34:10.0244 2152 GEARAspiWDM - ok
13:34:10.0322 2152 [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
13:34:10.0322 2152 GoToAssist - ok
13:34:10.0369 2152 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:34:10.0400 2152 gpsvc - ok
13:34:10.0463 2152 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:34:10.0463 2152 HdAudAddService - ok
13:34:10.0509 2152 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:34:10.0541 2152 HDAudBus - ok
13:34:10.0556 2152 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:34:10.0556 2152 HidBth - ok
13:34:10.0572 2152 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:34:10.0572 2152 HidIr - ok
13:34:10.0603 2152 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
13:34:10.0619 2152 hidserv - ok
13:34:10.0619 2152 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:34:10.0634 2152 HidUsb - ok
13:34:10.0650 2152 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:34:10.0650 2152 hkmsvc - ok
13:34:10.0728 2152 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:34:10.0728 2152 HP Health Check Service - ok
13:34:10.0743 2152 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:34:10.0743 2152 HpCISSs - ok
13:34:10.0790 2152 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:34:10.0790 2152 HpqKbFiltr - ok
13:34:10.0853 2152 [ 188FF0ADF66768D53AD94F43972E1E9A ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:34:10.0853 2152 hpqwmiex - ok
13:34:10.0931 2152 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:34:10.0946 2152 HTTP - ok
13:34:10.0946 2152 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:34:10.0946 2152 i2omp - ok
13:34:11.0024 2152 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:34:11.0024 2152 i8042prt - ok
13:34:11.0071 2152 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:34:11.0087 2152 iaStorV - ok
13:34:11.0149 2152 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:34:11.0165 2152 idsvc - ok
13:34:11.0430 2152 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120917.001\IDSvix86.sys
13:34:11.0445 2152 IDSVix86 - ok
13:34:11.0539 2152 [ 0391268713612372E4E0ECEAADAD41D5 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:34:11.0601 2152 igfx - ok
13:34:11.0617 2152 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:34:11.0617 2152 iirsp - ok
13:34:11.0664 2152 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:34:11.0679 2152 IKEEXT - ok
13:34:11.0695 2152 [ 092A78E9C6F71BF0E22379503B90E800 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:34:11.0695 2152 IntcHdmiAddService - ok
13:34:11.0726 2152 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
13:34:11.0726 2152 intelide - ok
13:34:11.0773 2152 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:34:11.0820 2152 intelppm - ok
13:34:11.0867 2152 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:34:11.0976 2152 IPBusEnum - ok
13:34:12.0007 2152 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:34:12.0007 2152 IpFilterDriver - ok
13:34:12.0147 2152 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:34:12.0163 2152 iphlpsvc - ok
13:34:12.0179 2152 IpInIp - ok
13:34:12.0210 2152 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:34:12.0210 2152 IPMIDRV - ok
13:34:12.0241 2152 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:34:12.0428 2152 IPNAT - ok
13:34:12.0459 2152 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:34:12.0459 2152 IRENUM - ok
13:34:12.0475 2152 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:34:12.0475 2152 isapnp - ok
13:34:12.0522 2152 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:34:12.0537 2152 iScsiPrt - ok
13:34:12.0537 2152 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:34:12.0553 2152 iteatapi - ok
13:34:12.0584 2152 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:34:12.0584 2152 iteraid - ok
13:34:12.0615 2152 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:34:12.0615 2152 kbdclass - ok
13:34:12.0631 2152 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:34:12.0631 2152 kbdhid - ok
13:34:12.0662 2152 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
13:34:12.0662 2152 KeyIso - ok
13:34:12.0740 2152 [ 1223A8B567FFDB4B8BB5F59E5F033FDB ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
13:34:12.0740 2152 KeyScrambler - ok
13:34:12.0787 2152 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:34:12.0803 2152 KSecDD - ok
13:34:12.0865 2152 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:34:12.0881 2152 KtmRm - ok
13:34:12.0943 2152 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
13:34:12.0943 2152 LanmanServer - ok
13:34:13.0005 2152 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:34:13.0005 2152 LanmanWorkstation - ok
13:34:13.0083 2152 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:34:13.0083 2152 LightScribeService - ok
13:34:13.0115 2152 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:34:13.0115 2152 lltdio - ok
13:34:13.0177 2152 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:34:13.0177 2152 lltdsvc - ok
13:34:13.0208 2152 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:34:13.0208 2152 lmhosts - ok
13:34:13.0224 2152 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:34:13.0239 2152 LSI_FC - ok
13:34:13.0239 2152 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:34:13.0255 2152 LSI_SAS - ok
13:34:13.0255 2152 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:34:13.0271 2152 LSI_SCSI - ok
13:34:13.0271 2152 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:34:13.0271 2152 luafv - ok
13:34:13.0364 2152 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
13:34:13.0380 2152 MatSvc - ok
13:34:13.0427 2152 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
13:34:13.0442 2152 McciCMService - ok
13:34:13.0458 2152 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
13:34:13.0458 2152 megasas - ok
13:34:13.0505 2152 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:34:13.0505 2152 MegaSR - ok
13:34:13.0536 2152 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:34:13.0536 2152 MMCSS - ok
13:34:13.0551 2152 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:34:13.0567 2152 Modem - ok
13:34:13.0583 2152 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:34:13.0583 2152 monitor - ok
13:34:13.0598 2152 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:34:13.0614 2152 mouclass - ok
13:34:13.0629 2152 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:34:13.0629 2152 mouhid - ok
13:34:13.0645 2152 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:34:13.0645 2152 MountMgr - ok
13:34:13.0676 2152 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
13:34:13.0676 2152 mpio - ok
13:34:13.0707 2152 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:34:13.0707 2152 mpsdrv - ok
13:34:13.0754 2152 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:34:13.0754 2152 MpsSvc - ok
13:34:13.0770 2152 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:34:13.0770 2152 Mraid35x - ok
13:34:13.0801 2152 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:34:13.0801 2152 MREMP50 - ok
13:34:13.0817 2152 MREMP50a64 - ok
13:34:13.0817 2152 MREMPR5 - ok
13:34:13.0832 2152 MRENDIS5 - ok
13:34:13.0848 2152 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:34:13.0848 2152 MRESP50 - ok
13:34:13.0863 2152 MRESP50a64 - ok
13:34:13.0910 2152 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:34:13.0910 2152 MRxDAV - ok
13:34:13.0957 2152 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:34:13.0957 2152 mrxsmb - ok
13:34:14.0004 2152 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:34:14.0004 2152 mrxsmb10 - ok
13:34:14.0019 2152 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:34:14.0035 2152 mrxsmb20 - ok
13:34:14.0082 2152 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
13:34:14.0082 2152 msahci - ok
13:34:14.0097 2152 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:34:14.0097 2152 msdsm - ok
13:34:14.0129 2152 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:34:14.0129 2152 MSDTC - ok
13:34:14.0175 2152 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:34:14.0191 2152 Msfs - ok
13:34:14.0222 2152 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:34:14.0222 2152 msisadrv - ok
13:34:14.0253 2152 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:34:14.0253 2152 MSiSCSI - ok
13:34:14.0269 2152 msiserver - ok
13:34:14.0316 2152 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:34:14.0316 2152 MSKSSRV - ok
13:34:14.0331 2152 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:34:14.0331 2152 MSPCLOCK - ok
13:34:14.0347 2152 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:34:14.0347 2152 MSPQM - ok
13:34:14.0378 2152 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:34:14.0394 2152 MsRPC - ok
13:34:14.0409 2152 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:34:14.0409 2152 mssmbios - ok
13:34:14.0441 2152 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:34:14.0441 2152 MSTEE - ok
13:34:14.0472 2152 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:34:14.0487 2152 Mup - ok
13:34:14.0534 2152 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:34:14.0534 2152 napagent - ok
13:34:14.0581 2152 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:34:14.0597 2152 NativeWifiP - ok
13:34:14.0690 2152 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120917.016\NAVENG.SYS
13:34:14.0690 2152 NAVENG - ok
13:34:14.0768 2152 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120917.016\NAVEX15.SYS
13:34:14.0815 2152 NAVEX15 - ok
13:34:14.0877 2152 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:34:14.0909 2152 NDIS - ok
13:34:14.0971 2152 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:34:14.0971 2152 NdisTapi - ok
13:34:14.0987 2152 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:34:14.0987 2152 Ndisuio - ok
13:34:15.0033 2152 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:34:15.0033 2152 NdisWan - ok
13:34:15.0049 2152 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:34:15.0049 2152 NDProxy - ok
13:34:15.0065 2152 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:34:15.0065 2152 NetBIOS - ok
13:34:15.0143 2152 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:34:15.0143 2152 netbt - ok
13:34:15.0158 2152 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
13:34:15.0158 2152 Netlogon - ok
13:34:15.0189 2152 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:34:15.0205 2152 Netman - ok
13:34:15.0221 2152 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:34:15.0221 2152 netprofm - ok
13:34:15.0252 2152 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:34:15.0283 2152 NetTcpPortSharing - ok
13:34:15.0377 2152 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
13:34:15.0423 2152 NETw3v32 - ok
13:34:15.0455 2152 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:34:15.0455 2152 nfrd960 - ok
13:34:15.0657 2152 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
13:34:15.0657 2152 NIS - ok
13:34:15.0704 2152 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:34:15.0704 2152 NlaSvc - ok
13:34:15.0751 2152 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
13:34:15.0751 2152 NPF - ok
13:34:15.0798 2152 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:34:15.0798 2152 Npfs - ok
13:34:15.0813 2152 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:34:15.0813 2152 nsi - ok
13:34:15.0829 2152 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:34:15.0845 2152 nsiproxy - ok
13:34:15.0923 2152 [ 18654D5E0DC33B7F0F895264A5DE80DA ] NSL C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
13:34:15.0923 2152 NSL - ok
13:34:16.0016 2152 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:34:16.0047 2152 Ntfs - ok
13:34:16.0063 2152 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:34:16.0079 2152 ntrigdigi - ok
13:34:16.0110 2152 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:34:16.0110 2152 Null - ok
13:34:16.0110 2152 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:34:16.0125 2152 nvraid - ok
13:34:16.0125 2152 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:34:16.0125 2152 nvstor - ok
13:34:16.0172 2152 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:34:16.0172 2152 nv_agp - ok
13:34:16.0172 2152 NwlnkFlt - ok
13:34:16.0188 2152 NwlnkFwd - ok
13:34:16.0281 2152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:34:16.0297 2152 odserv - ok
13:34:16.0344 2152 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:34:16.0344 2152 ohci1394 - ok
13:34:16.0375 2152 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:34:16.0391 2152 ose - ok
13:34:16.0437 2152 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:34:16.0469 2152 p2pimsvc - ok
13:34:16.0484 2152 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:34:16.0484 2152 p2psvc - ok
13:34:16.0500 2152 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
13:34:16.0515 2152 Parport - ok
13:34:16.0609 2152 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:34:16.0734 2152 partmgr - ok
13:34:16.0781 2152 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:34:16.0781 2152 Parvdm - ok
13:34:16.0812 2152 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:34:16.0812 2152 PcaSvc - ok
13:34:16.0859 2152 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:34:16.0874 2152 pci - ok
13:34:16.0890 2152 [ 1D8B3D8DF8EB7FCF2F0AC02F9F947802 ] pciide C:\Windows\system32\drivers\pciide.sys
13:34:16.0890 2152 pciide - ok
13:34:16.0921 2152 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:34:16.0921 2152 pcmcia - ok
13:34:16.0999 2152 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:34:17.0030 2152 PEAUTH - ok
13:34:17.0124 2152 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:34:17.0171 2152 pla - ok
13:34:17.0217 2152 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:34:17.0233 2152 PlugPlay - ok
13:34:17.0264 2152 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:34:17.0280 2152 PNRPAutoReg - ok
13:34:17.0295 2152 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:34:17.0311 2152 PNRPsvc - ok
13:34:17.0358 2152 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:34:17.0373 2152 PolicyAgent - ok
13:34:17.0405 2152 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:34:17.0420 2152 PptpMiniport - ok
13:34:17.0451 2152 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
13:34:17.0451 2152 Processor - ok
13:34:17.0498 2152 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:34:17.0498 2152 ProfSvc - ok
13:34:17.0514 2152 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:34:17.0514 2152 ProtectedStorage - ok
13:34:17.0561 2152 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:34:17.0576 2152 PSched - ok
13:34:17.0639 2152 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:34:17.0670 2152 ql2300 - ok
13:34:17.0685 2152 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:34:17.0685 2152 ql40xx - ok
13:34:17.0732 2152 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:34:17.0732 2152 QWAVE - ok
13:34:17.0748 2152 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:34:17.0748 2152 QWAVEdrv - ok
13:34:17.0763 2152 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:34:17.0763 2152 RasAcd - ok
13:34:17.0795 2152 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:34:17.0795 2152 RasAuto - ok
13:34:17.0841 2152 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:34:17.0857 2152 Rasl2tp - ok
13:34:17.0888 2152 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:34:17.0904 2152 RasMan - ok
13:34:17.0935 2152 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:34:17.0966 2152 RasPppoe - ok
13:34:17.0997 2152 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:34:18.0013 2152 RasSstp - ok
13:34:18.0060 2152 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:34:18.0075 2152 rdbss - ok
13:34:18.0075 2152 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:34:18.0075 2152 RDPCDD - ok
13:34:18.0138 2152 [ 3A3A4C256B91276210D3A2FAF019313D ] RDPDISPM C:\Windows\system32\DRIVERS\rdpdispm.sys
13:34:18.0138 2152 RDPDISPM - ok
13:34:18.0169 2152 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:34:18.0200 2152 rdpdr - ok
13:34:18.0200 2152 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:34:18.0216 2152 RDPENCDD - ok
13:34:18.0247 2152 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:34:18.0263 2152 RDPWD - ok
13:34:18.0341 2152 [ 2063D6B51FD874E67502B31A9FDBA685 ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
13:34:18.0341 2152 Recovery Service for Windows - ok
13:34:18.0403 2152 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:34:18.0403 2152 RemoteAccess - ok
13:34:18.0450 2152 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:34:18.0450 2152 RemoteRegistry - ok
13:34:18.0528 2152 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:34:18.0543 2152 RichVideo - ok
13:34:18.0606 2152 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
13:34:18.0606 2152 rpcapd - ok
13:34:18.0637 2152 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:34:18.0637 2152 RpcLocator - ok
13:34:18.0653 2152 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:34:18.0668 2152 RpcSs - ok
13:34:18.0699 2152 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:34:18.0699 2152 rspndr - ok
13:34:18.0762 2152 [ 5163F804256DEB8CF1EF64B780A18CAA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:34:18.0777 2152 RTL8169 - ok
13:34:18.0793 2152 [ 2B7DA5A2D2C4AAE01098D910007EDAC5 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
13:34:18.0809 2152 RTSTOR - ok
13:34:18.0809 2152 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
13:34:18.0824 2152 SamSs - ok
13:34:18.0840 2152 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:34:18.0840 2152 sbp2port - ok
13:34:18.0887 2152 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:34:18.0918 2152 SCardSvr - ok
13:34:18.0965 2152 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:34:18.0996 2152 Schedule - ok
13:34:19.0043 2152 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:34:19.0043 2152 SCPolicySvc - ok
13:34:19.0105 2152 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:34:19.0105 2152 sdbus - ok
13:34:19.0152 2152 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:34:19.0152 2152 SDRSVC - ok
13:34:19.0245 2152 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:34:19.0261 2152 SeaPort - ok
13:34:19.0277 2152 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:34:19.0277 2152 secdrv - ok
13:34:19.0292 2152 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:34:19.0308 2152 seclogon - ok
13:34:19.0323 2152 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
13:34:19.0323 2152 SENS - ok
13:34:19.0355 2152 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:34:19.0355 2152 Serenum - ok
13:34:19.0370 2152 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
13:34:19.0370 2152 Serial - ok
13:34:19.0401 2152 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:34:19.0401 2152 sermouse - ok
13:34:19.0417 2152 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:34:19.0433 2152 SessionEnv - ok
13:34:19.0448 2152 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:34:19.0448 2152 sffdisk - ok
13:34:19.0464 2152 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:34:19.0464 2152 sffp_mmc - ok
13:34:19.0479 2152 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:34:19.0479 2152 sffp_sd - ok
13:34:19.0511 2152 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:34:19.0511 2152 sfloppy - ok
13:34:19.0542 2152 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:34:19.0557 2152 SharedAccess - ok
13:34:19.0589 2152 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:34:19.0604 2152 ShellHWDetection - ok
13:34:19.0620 2152 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:34:19.0620 2152 sisagp - ok
13:34:19.0635 2152 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:34:19.0635 2152 SiSRaid2 - ok
13:34:19.0651 2152 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:34:19.0651 2152 SiSRaid4 - ok
13:34:19.0776 2152 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:34:19.0869 2152 slsvc - ok
13:34:19.0916 2152 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:34:19.0916 2152 SLUINotify - ok
13:34:19.0963 2152 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:34:19.0963 2152 Smb - ok
13:34:20.0010 2152 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:34:20.0010 2152 SNMPTRAP - ok
13:34:20.0025 2152 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:34:20.0041 2152 spldr - ok
13:34:20.0072 2152 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:34:20.0072 2152 Spooler - ok
13:34:20.0197 2152 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
13:34:20.0228 2152 SRTSP - ok
13:34:20.0259 2152 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
13:34:20.0259 2152 SRTSPX - ok
13:34:20.0306 2152 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:34:20.0306 2152 srv - ok
13:34:20.0353 2152 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:34:20.0353 2152 srv2 - ok
13:34:20.0384 2152 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:34:20.0384 2152 srvnet - ok
13:34:20.0415 2152 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:34:20.0415 2152 SSDPSRV - ok
13:34:20.0478 2152 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:34:20.0478 2152 SstpSvc - ok
13:34:20.0603 2152 [ 2E3DB7DBC4D96949F4DA4383AA02AE72 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
13:34:20.0618 2152 STacSV - ok
13:34:20.0696 2152 [ E3C50B029BD08A35FC6A5F0B1CF5D300 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
13:34:20.0712 2152 STHDA - ok
13:34:20.0774 2152 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:34:20.0790 2152 stisvc - ok
13:34:20.0821 2152 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:34:20.0821 2152 swenum - ok
13:34:20.0852 2152 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:34:20.0883 2152 swprv - ok
13:34:20.0899 2152 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:34:20.0899 2152 Symc8xx - ok
13:34:20.0946 2152 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS
13:34:20.0946 2152 SymDS - ok
13:34:21.0039 2152 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS
13:34:21.0071 2152 SymEFA - ok
13:34:21.0117 2152 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
13:34:21.0117 2152 SymEvent - ok
13:34:21.0164 2152 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS
13:34:21.0164 2152 SymIRON - ok
13:34:21.0211 2152 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDIV.SYS
13:34:21.0227 2152 SYMTDIv - ok
13:34:21.0242 2152 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:34:21.0242 2152 Sym_hi - ok
13:34:21.0258 2152 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:34:21.0258 2152 Sym_u3 - ok
13:34:21.0289 2152 [ AEE6E411A915F50101895BA8DC5C15D4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:34:21.0305 2152 SynTP - ok
13:34:21.0351 2152 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:34:21.0367 2152 SysMain - ok
13:34:21.0398 2152 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:34:21.0414 2152 TabletInputService - ok
13:34:21.0445 2152 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:34:21.0461 2152 TapiSrv - ok
13:34:21.0476 2152 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:34:21.0476 2152 TBS - ok
13:34:21.0554 2152 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:34:21.0585 2152 Tcpip - ok
13:34:21.0632 2152 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:34:21.0632 2152 Tcpip6 - ok
13:34:21.0679 2152 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:34:21.0679 2152 tcpipreg - ok
13:34:21.0695 2152 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:34:21.0710 2152 TDPIPE - ok
13:34:21.0726 2152 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:34:21.0726 2152 TDTCP - ok
13:34:21.0757 2152 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:34:21.0773 2152 tdx - ok
13:34:21.0835 2152 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:34:21.0835 2152 TermDD - ok
13:34:21.0897 2152 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:34:21.0913 2152 TermService - ok
13:34:21.0944 2152 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:34:21.0944 2152 Themes - ok
13:34:21.0960 2152 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:34:21.0960 2152 THREADORDER - ok
13:34:21.0991 2152 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:34:22.0007 2152 TrkWks - ok
13:34:22.0069 2152 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:34:22.0069 2152 TrustedInstaller - ok
13:34:22.0100 2152 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:34:22.0116 2152 tssecsrv - ok
13:34:22.0163 2152 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:34:22.0163 2152 tunmp - ok
13:34:22.0194 2152 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:34:22.0194 2152 tunnel - ok
13:34:22.0225 2152 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:34:22.0225 2152 uagp35 - ok
13:34:22.0256 2152 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:34:22.0272 2152 udfs - ok
13:34:22.0319 2152 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:34:22.0334 2152 UI0Detect - ok
13:34:22.0350 2152 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:34:22.0350 2152 uliagpkx - ok
13:34:22.0365 2152 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:34:22.0365 2152 uliahci - ok
13:34:22.0381 2152 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:34:22.0381 2152 UlSata - ok
13:34:22.0397 2152 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:34:22.0397 2152 ulsata2 - ok
13:34:22.0412 2152 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:34:22.0443 2152 umbus - ok
13:34:22.0475 2152 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:34:22.0490 2152 upnphost - ok
13:34:22.0506 2152 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:34:22.0521 2152 usbccgp - ok
13:34:22.0537 2152 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:34:22.0537 2152 usbcir - ok
13:34:22.0599 2152 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:34:22.0599 2152 usbehci - ok
13:34:22.0615 2152 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:34:22.0631 2152 usbhub - ok
13:34:22.0662 2152 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:34:22.0662 2152 usbohci - ok
13:34:22.0677 2152 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:34:22.0677 2152 usbprint - ok
13:34:22.0724 2152 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:34:22.0724 2152 USBSTOR - ok
13:34:22.0755 2152 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:34:22.0755 2152 usbuhci - ok
13:34:22.0802 2152 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:34:22.0802 2152 usbvideo - ok
13:34:22.0849 2152 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:34:22.0849 2152 UxSms - ok
13:34:22.0896 2152 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:34:22.0927 2152 vds - ok
13:34:22.0974 2152 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:34:22.0974 2152 vga - ok
13:34:23.0005 2152 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:34:23.0005 2152 VgaSave - ok
13:34:23.0021 2152 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:34:23.0021 2152 viaagp - ok
13:34:23.0052 2152 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:34:23.0052 2152 ViaC7 - ok
13:34:23.0067 2152 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
13:34:23.0067 2152 viaide - ok
13:34:23.0083 2152 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:34:23.0083 2152 volmgr - ok
13:34:23.0114 2152 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:34:23.0130 2152 volmgrx - ok
13:34:23.0145 2152 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:34:23.0145 2152 volsnap - ok
13:34:23.0161 2152 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:34:23.0161 2152 vsmraid - ok
13:34:23.0255 2152 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:34:23.0301 2152 VSS - ok
13:34:23.0333 2152 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:34:23.0348 2152 W32Time - ok
13:34:23.0364 2152 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:34:23.0364 2152 WacomPen - ok
13:34:23.0379 2152 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:34:23.0395 2152 Wanarp - ok
13:34:23.0395 2152 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:34:23.0395 2152 Wanarpv6 - ok
13:34:23.0426 2152 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:34:23.0442 2152 wcncsvc - ok
13:34:23.0473 2152 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:34:23.0473 2152 WcsPlugInService - ok
13:34:23.0489 2152 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
13:34:23.0489 2152 Wd - ok
13:34:23.0520 2152 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:34:23.0535 2152 Wdf01000 - ok
13:34:23.0551 2152 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:34:23.0567 2152 WdiServiceHost - ok
13:34:23.0567 2152 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:34:23.0567 2152 WdiSystemHost - ok
13:34:23.0582 2152 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:34:23.0598 2152 WebClient - ok
13:34:23.0629 2152 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:34:23.0629 2152 Wecsvc - ok
13:34:23.0645 2152 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:34:23.0660 2152 wercplsupport - ok
13:34:23.0691 2152 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:34:23.0707 2152 WerSvc - ok
13:34:23.0738 2152 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:34:23.0738 2152 WinDefend - ok
13:34:23.0754 2152 WinHttpAutoProxySvc - ok
13:34:23.0816 2152 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:34:23.0816 2152 Winmgmt - ok
13:34:23.0879 2152 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:34:23.0910 2152 WinRM - ok
13:34:23.0957 2152 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:34:23.0988 2152 Wlansvc - ok
13:34:24.0113 2152 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:34:24.0113 2152 wlcrasvc - ok
13:34:24.0222 2152 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:34:24.0284 2152 wlidsvc - ok
13:34:24.0315 2152 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:34:24.0331 2152 WmiAcpi - ok
13:34:24.0409 2152 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:34:24.0409 2152 wmiApSrv - ok
13:34:24.0471 2152 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:34:24.0487 2152 WMPNetworkSvc - ok
13:34:24.0503 2152 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:34:24.0518 2152 WPCSvc - ok
13:34:24.0565 2152 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:34:24.0565 2152 WPDBusEnum - ok
13:34:24.0721 2152 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:34:24.0737 2152 WPFFontCache_v0400 - ok
13:34:24.0768 2152 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:34:24.0768 2152 ws2ifsl - ok
13:34:24.0799 2152 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
13:34:24.0815 2152 wscsvc - ok
13:34:24.0815 2152 WSearch - ok
13:34:24.0908 2152 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:34:24.0971 2152 wuauserv - ok
13:34:24.0971 2152 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:34:24.0986 2152 WUDFRd - ok
13:34:25.0002 2152 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:34:25.0017 2152 wudfsvc - ok
13:34:25.0064 2152 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
13:34:25.0064 2152 yukonwlh - ok
13:34:25.0095 2152 ================ Scan global ===============================
13:34:25.0127 2152 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:34:25.0173 2152 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:34:25.0205 2152 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:34:25.0251 2152 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:34:25.0251 2152 [Global] - ok
13:34:25.0251 2152 ================ Scan MBR ==================================
13:34:25.0267 2152 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
13:34:25.0641 2152 \Device\Harddisk0\DR0 - ok
13:34:25.0641 2152 ================ Scan VBR ==================================
13:34:25.0657 2152 [ 9F2EDFE7AC3783EA1CBDFE76B112D6B7 ] \Device\Harddisk0\DR0\Partition1
13:34:25.0657 2152 \Device\Harddisk0\DR0\Partition1 - ok
13:34:25.0657 2152 [ EC62009230D9D5F0F540A0A1D868CBDC ] \Device\Harddisk0\DR0\Partition2
13:34:25.0657 2152 \Device\Harddisk0\DR0\Partition2 - ok
13:34:25.0673 2152 ============================================================
13:34:25.0673 2152 Scan finished
13:34:25.0673 2152 ============================================================
13:34:25.0688 5088 Detected object count: 0
13:34:25.0688 5088 Actual detected object count: 0



Sorry, just got to do aswmbr. Won't be long.

#10 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 18 September 2012 - 08:12 AM

Sorry, again. First scan forced a shutdown, second scan was a bit slow and stalled.



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 13:47:49
-----------------------------
13:47:49.030 OS Version: Windows 6.0.6002 Service Pack 2
13:47:49.030 Number of processors: 2 586 0x170A
13:47:49.030 ComputerName: SMALLWORLD UserName: nicky
13:47:50.808 Initialize success
13:48:49.692 AVAST engine defs: 12091400
13:48:53.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:48:53.889 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 3
13:48:53.904 Disk 0 MBR read successfully
13:48:53.904 Disk 0 MBR scan
13:48:53.920 Disk 0 unknown MBR code
13:48:53.935 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142397 MB offset 2048
13:48:53.967 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10226 MB offset 291631104
13:48:53.982 Disk 0 scanning sectors +312573952
13:48:54.247 Disk 0 scanning C:\Windows\system32\drivers
13:49:09.145 Service scanning
13:49:36.648 Modules scanning
13:49:51.843 Disk 0 trace - called modules:
13:49:51.889 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
13:49:51.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860b3498]
13:49:51.905 3 CLASSPNP.SYS[8a4128b3] -> nt!IofCallDriver -> [0x859548a8]
13:49:51.921 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858a4b98]
13:49:53.059 AVAST engine scan C:\Windows
13:49:57.100 AVAST engine scan C:\Windows\system32
13:53:59.305 AVAST engine scan C:\Windows\system32\drivers
13:54:22.159 AVAST engine scan C:\Users\nicky
14:00:39.087 AVAST engine scan C:\ProgramData
14:08:04.935 Scan finished successfully
14:08:27.664 Disk 0 MBR has been saved successfully to "C:\Users\nicky\Desktop\MBR.dat"
14:08:27.679 The log file has been saved successfully to "C:\Users\nicky\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 18 September 2012 - 11:26 AM

Hello


I am sorry I do not understand what you are having to do - have to 'run as administrator' again to access internet.

can you give a Little more details
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 18 September 2012 - 11:48 AM

Hi, Gringo.

If I double click to open my browser the pages won't load, so I have to right click and run as administrator.. that's the only way I can get IE to run.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 18 September 2012 - 12:02 PM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Braindust

Braindust
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:34 PM

Posted 18 September 2012 - 12:23 PM

I'm afraid that didn't make any difference.. still have to right click and run as administrator to get IE to load. On the upside, tried displaydns and those porn sites have gone.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 PM

Posted 18 September 2012 - 12:32 PM

Hello


first did you restart the computer if not go ahead and do that and check IE again


if it still does it try using IE without add/ons - see here - http://blogs.msdn.com/b/ie/archive/2006/07/25/678113.aspx


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users