Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty pceu virus


  • This topic is locked This topic is locked
33 replies to this topic

#1 bartolli62

bartolli62

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 14 March 2013 - 10:33 AM

Hi folks!

 

Just got a new laptop which is running fine, but hate windows 8 at the moment!

 

Anyway, my other laptop got infected with the pceu ransomware virus thing, particularly nasty thing!

 

From browsing around on the web, what happened to me seems to have happened to a few others with some differences.

 

After getting the main ransom demand screen and finding I couldn't get rid of it, I tried ctrl+alt+del to bring up task manager but that wouldn't open. The only thing I could think of  doing was power down my pc, using ctrl+alt+del.

 

On trying to restart, the ransom demand screen reappeared. OK, I powered down again and tried to restart into safe mode, nothing doing, I couldn't even get the pc to turn on, just a whirr of the fan then "click" + it stopped.

 

I kept trying to restart into safe mode, and eventually the whirr of the fan continued, hurrah I thought, but no, nothing else happened just the continued whirr of the fan and a black screen, although the power light stayed on.

 

Nothing I could do at this point, couldn't even turn the flipping thing off! In desperation I unplugged the pc and waited for the battery to go dead, which it eventually did.

 

So, heyho, here I am on my nice shiny new laptop + windows8!

 

Ideally, I want to try to rescue my other old laptop and use it as a standby thing, if I can't do that then I would like to rescue some data off the hard drive.

 

Guess the first thing is to try to rescue it and if that fails I presume I can just whip out the hard drive and plug it into a hard drive case I have or will this risk infecting my new one?

 

Any assistance on rescuing the old laptop would be much appreciated!

 

Thanks

 

bartolli62

 

 



BC AdBot (Login to Remove)

 


#2 bartolli62

bartolli62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 19 March 2013 - 03:11 AM

OK, could someone tell me whether it would be safe to take out the old HD and try to copy a few data files over, or are these likely to be infected?

thanks



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:16 PM

Posted 25 March 2013 - 07:28 PM

I will ask someone to look and and fix this. You will need aces to a flash drive or CD.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 bartolli62

bartolli62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 26 March 2013 - 02:16 AM

Hi Boopme

Many thanks. I have my new laptop, flash drives and a CD writer.



#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 26 March 2013 - 02:25 PM

Hi, my name is etavares and I'll be helping you with this thread.

 

What version of Windows is running on the infected laptop?  Windows Vista or 7?  Or XP?  It will influence the tools we use to reclaim control of your computer.


Can you hold off transferring files or is it something you need to do ASAP?  I'd prefer to get it booting and clean first.  There is always a chance of reinfection if we copy files off of it, but we can minimize the risk.  I'd prefer to get it booting and fixed first.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 bartolli62

bartolli62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 27 March 2013 - 03:07 AM

Hi etavares

 

the infected laptop is windows 7 home premium, (the new one is win8).

 

I can hold off transferring files for a while, or at least till one particular customer asks for some of his work! Should be ok for a couple of weeks!

 

bartolli



#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 27 March 2013 - 04:28 PM

Hello, bartolli62.
 
Perfect...I was hoping for Vista or higher, this tool is the easiest way to attack this lockout.
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Plug the flashdrive into the infected PC.
 
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
 
If you are using Vista or Windows 7 enter System Recovery Options
 
To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.


  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.


  • Use the arrow keys to select the Repair your computer menu item.


  • Select US as the keyboard language settings, and then click Next.


  • Select the operating system you want to repair, and then click Next.


  • Select your user account an click Next.

 
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.


  • Restart your computer.


  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.


  • Click Repair your computer.


  • Select US as the keyboard language settings, and then click Next.


  • Select the operating system you want to repair, and then click Next.


  • Select your user account and click Next.

 
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
 
Select Command Prompt
 
Once in the Command Prompt:
  • In the command window type in notepad and press Enter.

  • The notepad opens. Under File menu select Open.

  • Select "Computer" and find your flash drive letter and close the notepad.

  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter.  (Note: Replace letter e with the drive letter of your flash drive.)

  • The tool will start to run.

  • When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 
etavares

Edited by etavares, 27 March 2013 - 04:29 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 bartolli62

bartolli62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 28 March 2013 - 06:22 AM

Hi Etavares, excellent!

 

I ran through all the steps as you said, all in order except for the following comments, probably not important, but thought I'd mention them:

 

1. It took about 15 tries on the power button to get the laptop to start up;

2. After I'd selected the "US" option, it did not ask me for "the OS to repair" presumably cos I've only got the one!

3. After selecting the user account, the system recovery options were slightly different. I didn't get the "windows complete pc restore" option, but I did get a "recovery manager" option.

 

Anyway, the above probably doesn't matter? I ran through everything else and got the following frst.txt log on the flash drive:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 15 days old)
Ran by SYSTEM at 28-03-2013 11:06:19
Running from H:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Cathie\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Cathie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-13] (Google Inc.)
HKU\Cathie\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Cathie\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [692152 2012-10-15] (Adobe Systems Incorporated)
HKU\Cathie\...\Policies\system: [LogonHoursAction] 2
HKU\Cathie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\NickB\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\NickB\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-13] (Google Inc.)
HKU\NickB\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\NickB\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\NickB\...\Policies\system: [LogonHoursAction] 2
HKU\NickB\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
Startup: C:\Users\NickB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
ShortcutTarget: runctf.lnk -> C:\Users\NickB\2811152.dll (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
3 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [77944 2010-04-27] (Autodesk)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130312.001\IDSvia64.sys [513184 2012-09-05] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130312.024\ENG64.SYS [126192 2013-01-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130312.024\EX64.SYS [2087664 2013-01-16] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-04-20] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
2 WinDriver; C:\Windows\System32\Drivers\windrvr.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-28 11:05 - 2013-03-28 11:05 - 00000000 ____D C:\FRST
2013-03-13 05:27 - 2013-03-13 05:42 - 95023320 ___AT C:\ProgramData\2511182.pad
2013-03-13 05:27 - 2013-03-13 05:27 - 00000153 ____A C:\ProgramData\2511182.reg
2013-03-13 05:27 - 2013-03-13 05:27 - 00000060 ____A C:\ProgramData\2511182.bat
2013-03-13 05:26 - 2013-03-13 05:27 - 00140800 ____A (Microsoft Corporation) C:\Users\NickB\2811152.dll
2013-03-13 00:00 - 2013-03-13 00:00 - 00000000 ____D C:\Users\NickB\AppData\Local\{715C0A74-F7A3-4860-ADFB-1F0236D569E6}
2013-03-12 00:23 - 2013-03-12 00:23 - 00000000 ____D C:\Users\NickB\AppData\Local\{1916F0D5-06F7-4350-9BD9-9F80C770F51D}
2013-03-11 11:48 - 2013-03-11 11:49 - 00000000 ____D C:\Users\NickB\AppData\Local\{A5F449E2-07EF-4DCA-A455-E7AD1D7E78FB}
2013-03-10 23:48 - 2013-03-10 23:48 - 00000000 ____D C:\Users\NickB\AppData\Local\{22015A7C-9396-4B1A-862E-F7CCFC909D4D}
2013-03-10 00:17 - 2013-03-10 00:17 - 00000000 ____D C:\Users\NickB\AppData\Local\{5A3A1FA9-C5D1-46BB-9906-C3C7511FCE72}
2013-03-09 00:29 - 2013-03-09 00:30 - 00000000 ____D C:\Users\NickB\AppData\Local\{B6BC0747-24FE-42BE-A717-A8CD0F2E0697}
2013-03-07 23:48 - 2013-03-07 23:48 - 00000000 ____D C:\Users\NickB\AppData\Local\{059358B2-53D2-402B-9356-CD72AA058E81}
2013-03-06 23:25 - 2013-03-06 23:25 - 00000000 ____D C:\Users\NickB\AppData\Local\{6DD08B6D-CEE8-4004-8329-F4DFA4DB9579}
2013-03-05 23:30 - 2013-03-05 23:30 - 00000000 ____D C:\Users\NickB\AppData\Local\{7F8D5B5C-213C-46F0-B189-C54DDE380B7E}
2013-03-04 23:46 - 2013-03-04 23:47 - 00000000 ____D C:\Users\NickB\AppData\Local\{AD73D723-86D4-450C-857E-C102E42D1DA7}
2013-03-04 19:56 - 2013-03-04 19:56 - 00000000 ____D C:\Users\NickB\AppData\Local\{44B2E87F-0841-4BF6-A58A-A6F0FC707F3C}
2013-03-03 23:40 - 2013-03-03 23:41 - 00000000 ____D C:\Users\NickB\AppData\Local\{B83548A0-7F90-40E1-BE4A-C5744C7FCD9A}
2013-03-02 23:44 - 2013-03-02 23:44 - 00000000 ____D C:\Users\NickB\AppData\Local\{581F19D6-875D-4669-8125-FD99B46E6FD7}
2013-03-01 23:55 - 2013-03-01 23:55 - 00000000 ____D C:\Users\NickB\AppData\Local\{9022E841-3A53-4C9B-ADB2-AAAF1313225E}
2013-02-28 23:35 - 2013-02-28 23:35 - 00000000 ____D C:\Users\NickB\AppData\Local\{87F6B4FC-F1D1-46E3-93C7-676BC53F3D8A}
2013-02-27 23:26 - 2013-02-27 23:26 - 00000000 ____D C:\Users\NickB\AppData\Local\{D3CF0652-4F88-40AA-AB93-46AFA3B7C7FE}
2013-02-27 10:52 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-27 10:52 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 10:52 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-27 10:52 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-27 10:52 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-27 10:52 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-27 10:52 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-27 10:52 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-27 10:52 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-27 10:52 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-27 10:52 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-27 10:52 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-27 10:52 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-27 10:52 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-27 10:52 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-27 10:52 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-27 10:52 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-27 10:52 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-27 10:52 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-27 10:52 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-27 10:52 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-27 10:52 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-27 10:52 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-27 10:52 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-27 10:52 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-27 10:52 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-27 10:52 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-27 10:52 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-27 10:52 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-27 10:52 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-27 10:52 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-27 10:52 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-27 10:52 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-27 10:52 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-27 10:52 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-27 10:52 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-27 08:11 - 2013-02-27 08:11 - 00000000 ____D C:\Users\NickB\AppData\Local\{1C18CB3D-C40F-4B01-9EA9-BA6B4119768A}

==================== One Month Modified Files and Folders =======

2013-03-28 11:05 - 2013-03-28 11:05 - 00000000 ____D C:\FRST
2013-03-13 05:43 - 2010-01-28 01:31 - 01411667 ____A C:\Windows\WindowsUpdate.log
2013-03-13 05:43 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-13 05:43 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-13 05:42 - 2013-03-13 05:27 - 95023320 ___AT C:\ProgramData\2511182.pad
2013-03-13 05:37 - 2010-04-21 02:43 - 00000000 ____D C:\Users\NickB\Tracing
2013-03-13 05:35 - 2010-04-13 01:42 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-13 05:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-13 05:34 - 2009-07-13 20:51 - 00224435 ____A C:\Windows\setupact.log
2013-03-13 05:27 - 2013-03-13 05:27 - 00000153 ____A C:\ProgramData\2511182.reg
2013-03-13 05:27 - 2013-03-13 05:27 - 00000060 ____A C:\ProgramData\2511182.bat
2013-03-13 05:27 - 2013-03-13 05:26 - 00140800 ____A (Microsoft Corporation) C:\Users\NickB\2811152.dll
2013-03-13 05:27 - 2010-04-21 05:51 - 00000000 ____D C:\Users\NickB\AppData\Local\CrashDumps
2013-03-13 05:26 - 2010-04-07 01:57 - 00000000 ____D C:\users\NickB
2013-03-13 04:57 - 2010-04-13 01:42 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-13 00:00 - 2013-03-13 00:00 - 00000000 ____D C:\Users\NickB\AppData\Local\{715C0A74-F7A3-4860-ADFB-1F0236D569E6}
2013-03-12 03:58 - 2010-04-20 01:47 - 00000000 ____D C:\Users\NickB\AppData\Local\Paint.NET
2013-03-12 00:48 - 2011-05-03 00:55 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-03-12 00:23 - 2013-03-12 00:23 - 00000000 ____D C:\Users\NickB\AppData\Local\{1916F0D5-06F7-4350-9BD9-9F80C770F51D}
2013-03-11 11:49 - 2013-03-11 11:48 - 00000000 ____D C:\Users\NickB\AppData\Local\{A5F449E2-07EF-4DCA-A455-E7AD1D7E78FB}
2013-03-10 23:48 - 2013-03-10 23:48 - 00000000 ____D C:\Users\NickB\AppData\Local\{22015A7C-9396-4B1A-862E-F7CCFC909D4D}
2013-03-10 00:17 - 2013-03-10 00:17 - 00000000 ____D C:\Users\NickB\AppData\Local\{5A3A1FA9-C5D1-46BB-9906-C3C7511FCE72}
2013-03-09 00:30 - 2013-03-09 00:29 - 00000000 ____D C:\Users\NickB\AppData\Local\{B6BC0747-24FE-42BE-A717-A8CD0F2E0697}
2013-03-07 23:48 - 2013-03-07 23:48 - 00000000 ____D C:\Users\NickB\AppData\Local\{059358B2-53D2-402B-9356-CD72AA058E81}
2013-03-06 23:25 - 2013-03-06 23:25 - 00000000 ____D C:\Users\NickB\AppData\Local\{6DD08B6D-CEE8-4004-8329-F4DFA4DB9579}
2013-03-05 23:30 - 2013-03-05 23:30 - 00000000 ____D C:\Users\NickB\AppData\Local\{7F8D5B5C-213C-46F0-B189-C54DDE380B7E}
2013-03-04 23:47 - 2013-03-04 23:46 - 00000000 ____D C:\Users\NickB\AppData\Local\{AD73D723-86D4-450C-857E-C102E42D1DA7}
2013-03-04 19:56 - 2013-03-04 19:56 - 00000000 ____D C:\Users\NickB\AppData\Local\{44B2E87F-0841-4BF6-A58A-A6F0FC707F3C}
2013-03-03 23:41 - 2013-03-03 23:40 - 00000000 ____D C:\Users\NickB\AppData\Local\{B83548A0-7F90-40E1-BE4A-C5744C7FCD9A}
2013-03-02 23:44 - 2013-03-02 23:44 - 00000000 ____D C:\Users\NickB\AppData\Local\{581F19D6-875D-4669-8125-FD99B46E6FD7}
2013-03-01 23:55 - 2013-03-01 23:55 - 00000000 ____D C:\Users\NickB\AppData\Local\{9022E841-3A53-4C9B-ADB2-AAAF1313225E}
2013-02-28 23:35 - 2013-02-28 23:35 - 00000000 ____D C:\Users\NickB\AppData\Local\{87F6B4FC-F1D1-46E3-93C7-676BC53F3D8A}
2013-02-28 08:04 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-27 23:26 - 2013-02-27 23:26 - 00000000 ____D C:\Users\NickB\AppData\Local\{D3CF0652-4F88-40AA-AB93-46AFA3B7C7FE}
2013-02-27 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-27 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-27 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-27 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-27 08:11 - 2013-02-27 08:11 - 00000000 ____D C:\Users\NickB\AppData\Local\{1C18CB3D-C40F-4B01-9EA9-BA6B4119768A}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2812.2 MB
Available physical RAM: 2177.46 MB
Total Pagefile: 2810.35 MB
Available Pagefile: 2176.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:219.28 GB) (Free:20.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.31 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB      0 B        
  Disk 1    Online           15 GB      0 B        

Partitions of Disk 0:
===============

Disk ID: 7661831D

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            219 GB   200 MB
  Partition 3    Primary             13 GB   219 GB
  Partition 4    Primary            103 MB   232 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Healthy           

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    219 GB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   RECOVERY     NTFS   Partition     13 GB  Healthy           

=========================================================

Disk: 0
Partition 4
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   HP_TOOLS     FAT32  Partition    103 MB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             15 GB    24 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H   USB20FD      FAT32  Removable     15 GB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 7661831D

Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB

Partition 2:
=========
Hex: 007E261907FEFFFF0040060000D8681B
Active: NO
Type: 07 (NTFS)
Size: 219 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00186F1B0000AA01
Active: NO
Type: 07 (NTFS)
Size: 13 GB

Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF0018191D70390300
Active: NO
Type: 0C
Size: 103 MB

==============================
Partitions of Disk 1:
===============
Disk ID: C3072E18

Partition 1:
=========
Hex: 800101000CFFD2DE300000005087E701
Active: YES
Type: 0C
Size: 15 GB


Last Boot: 2013-02-07 07:41

==================== End Of Log =============================

 

 

After doing all that, I closed the various windows and clicked shutdown the (infected) pc from the recovery menu. Hope this was the right thing to do? Let me know if I need to leave the infected laptop on for the duration of this treatment! I hope I can get it started again tomorrow!

 

Many thanks

 

Bartolli



#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 28 March 2013 - 07:39 PM

Hi,

 

Let's try and get this booting...it won't be fully cleaned, but this should allow us to boot so our tools will work.

 

  • Open notepad.
  • Please save the attached file fixlist.txt to the FRST flash drive you created.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

 

  • On Vista or Windows 7: Now please enter System Recovery Options
  • Run FRST as before and press the Fix button just once and wait.
  • When done, the tool will make a log on the flashdrive (Fixlog.txt).
  • You can shutdown at that point.
  • Open up fixlog.txt from your working computer and copy/paste the contents of it into your reply.

 

Next, try to boot the infected computer into Windows.

 

-etavares

Attached Files



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 bartolli62

bartolli62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 29 March 2013 - 05:15 AM

Hi etavares,

 

OK, the first time I tried to boot it took about 8 goes to get it going, but then I did as instructed, all ok, and fixlog.txt is below.

 

I then shut down and restarted the infected laptop into windows, it turned on first time and started windows, hurrah!

 

The windows desktop looked fine and normal.

 

Apologies for this but... I couldn't resist trying to switch users into my wife's login account, it took a while but did switch users and again the windows desktop appeared normal.

 

Fortunately, I then managed to curb my enthusiasm and I shut the laptop down, again it took a bit longer than it used to, but did shut down.

 

Many, many thanks for your help so far,

 

Bartolli62

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-29 09:55:39 Run:1
Running from H:\

==============================================

C:\Users\NickB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
C:\Users\NickB\2811152.dll moved successfully.
C:\ProgramData\2511182.pad moved successfully.
C:\ProgramData\2511182.reg moved successfully.
C:\ProgramData\2511182.bat moved successfully.

==== End of Fixlog ====



#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 29 March 2013 - 12:00 PM

Great news!  Now that it's booting again, please follow these instructions and post the logs in your reply:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 bartolli62

bartolli62
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 30 March 2013 - 05:47 AM

Hi etavares!

 

ok, went through all the procedure:

 

ran emisoft it found 1 high risk item: gen:variant.graftor.73684( B)   please ignore this smiley, I mistyped, and can't seem to remove it!   ( B) which was quarantined; Sorry about these damn smilies, its when I type bracket B, so after 73684 there should be a b in barckets!

 

installed + ran secunia, scanned, until 100% updated appeared, when prompted to I rebooted for windows to update;

 

Booted up ok, installed + ran dds, when I tried to save the two txt files, I was told they aleady existeded so I saved them as attach1 & dds1, pasted below;

 

Look forward to your next comments! Oh and by the way I am doing this post from my "infected" laptop!!

 

Many thanks

 

Bartolli62

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/04/2010 10:57:12
System Uptime: 30/03/2013 10:16:16 (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 363F
Processor: AMD Athlon™ II Dual-Core M320 | Socket S1G3 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 18.746 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.213 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP201: 30/03/2013 09:50:30 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
Adobe Shockwave Player
AMD USB Filter Driver
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Atheros Driver Installation Program
ATI Catalyst Install Manager
AutoCAD 2006 - English
Autodesk DWF Viewer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
DNV Electronic Rulebook
DTBeamDemo 1.0
EPSON Easy Photo Print
EPSON Printer Software
EPSON Scan
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
HPAsset component for HP Active Support Library
HST
IDT Audio
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 15 (64-bit)
Java™ SE Development Kit 6 Update 15 (64-bit)
Junk Mail filter update
LabelPrint
LightScribe System Software
Lloyd's Register Rules for Ships, July 2010
Magic Desktop
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Norton Internet Security
Paint.NET v3.5.10
Pdf995
Power Prediction Demonstration
Power2Go
PowerDirector
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Secunia PSI (3.0.0.6005)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 6.1
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
30/03/2013 10:24:07, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
30/03/2013 10:23:52, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
30/03/2013 10:17:09, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{7E937433-6B2E-434E-BC1F-717DD37A54AB} because another computer on the network has the same name.  The server could not start.
30/03/2013 10:17:09, Error: NetBT [4321]  - The name "LAPTOP         :20" could not be registered on the interface with IP address 192.168.0.4. The computer with the IP address 192.168.0.3 did not allow the name to be claimed by this computer.
30/03/2013 10:16:55, Error: NetBT [4321]  - The name "LAPTOP         :0" could not be registered on the interface with IP address 192.168.0.4. The computer with the IP address 192.168.0.3 did not allow the name to be claimed by this computer.
30/03/2013 10:16:53, Error: Service Control Manager [7000]  - The WinDriver service failed to start due to the following error:  This driver has been blocked from loading
30/03/2013 10:16:53, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\windrvr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
30/03/2013 10:16:41, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
30/03/2013 07:46:56, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
30/03/2013 07:46:55, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
30/03/2013 07:46:55, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
30/03/2013 07:46:54, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
30/03/2013 07:46:54, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
30/03/2013 07:46:53, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/03/2013 07:46:45, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
30/03/2013 07:45:23, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
30/03/2013 07:45:23, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
29/03/2013 10:03:27, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
29/03/2013 10:02:51, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
29/03/2013 10:00:25, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
.
==== End Of File ===========================
 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.7.2
Run by NickB at 10:30:42 on 2013-03-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2812.1185 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7E937433-6B2E-434E-BC1F-717DD37A54AB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7E937433-6B2E-434E-BC1F-717DD37A54AB}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{7E937433-6B2E-434E-BC1F-717DD37A54AB}\4514C4B44514C4B4D2243413335453 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E8BB1044-C611-4385-B3DF-D99C13497CEC} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2011-10-12 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2011-10-12 221304]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\NickB\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [2013-3-30 26176]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-22 1387608]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2011-10-12 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130329.001\IDSviA64.sys [2013-3-29 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2011-10-12 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2011-10-12 451704]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-1-28 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-12 126400]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-17 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-2-7 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-28 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-1-28 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="C:\Windows\SysWOW64\notepad.exe" "%1"
.
=============== Created Last 30 ================
.
2013-03-30 10:05:12 -------- d-----w- C:\Users\NickB\AppData\Local\Secunia PSI
2013-03-30 10:01:03 -------- d-----w- C:\Program Files (x86)\Secunia
2013-03-30 09:46:09 -------- d-----w- C:\Users\NickB\AppData\Local\{C0DC8D3C-2184-4CEF-92C0-2C8873FF67A8}
2013-03-29 09:59:54 -------- d-----w- C:\Users\NickB\AppData\Local\{C8D6CB33-475B-4DC3-A714-35C96074D963}
2013-03-28 19:05:53 -------- d-----w- C:\FRST
2013-03-13 08:00:37 -------- d-----w- C:\Users\NickB\AppData\Local\{715C0A74-F7A3-4860-ADFB-1F0236D569E6}
2013-03-12 08:23:14 -------- d-----w- C:\Users\NickB\AppData\Local\{1916F0D5-06F7-4350-9BD9-9F80C770F51D}
2013-03-11 19:48:51 -------- d-----w- C:\Users\NickB\AppData\Local\{A5F449E2-07EF-4DCA-A455-E7AD1D7E78FB}
2013-03-11 07:48:33 -------- d-----w- C:\Users\NickB\AppData\Local\{22015A7C-9396-4B1A-862E-F7CCFC909D4D}
2013-03-10 08:17:34 -------- d-----w- C:\Users\NickB\AppData\Local\{5A3A1FA9-C5D1-46BB-9906-C3C7511FCE72}
2013-03-09 08:29:59 -------- d-----w- C:\Users\NickB\AppData\Local\{B6BC0747-24FE-42BE-A717-A8CD0F2E0697}
2013-03-08 07:48:13 -------- d-----w- C:\Users\NickB\AppData\Local\{059358B2-53D2-402B-9356-CD72AA058E81}
2013-03-07 07:25:05 -------- d-----w- C:\Users\NickB\AppData\Local\{6DD08B6D-CEE8-4004-8329-F4DFA4DB9579}
2013-03-06 07:30:43 -------- d-----w- C:\Users\NickB\AppData\Local\{7F8D5B5C-213C-46F0-B189-C54DDE380B7E}
2013-03-05 07:46:50 -------- d-----w- C:\Users\NickB\AppData\Local\{AD73D723-86D4-450C-857E-C102E42D1DA7}
2013-03-05 03:56:57 -------- d-----w- C:\Users\NickB\AppData\Local\{44B2E87F-0841-4BF6-A58A-A6F0FC707F3C}
2013-03-04 07:40:50 -------- d-----w- C:\Users\NickB\AppData\Local\{B83548A0-7F90-40E1-BE4A-C5744C7FCD9A}
2013-03-03 07:44:16 -------- d-----w- C:\Users\NickB\AppData\Local\{581F19D6-875D-4669-8125-FD99B46E6FD7}
2013-03-02 07:55:33 -------- d-----w- C:\Users\NickB\AppData\Local\{9022E841-3A53-4C9B-ADB2-AAAF1313225E}
2013-03-01 07:35:43 -------- d-----w- C:\Users\NickB\AppData\Local\{87F6B4FC-F1D1-46E3-93C7-676BC53F3D8A}
.
==================== Find3M  ====================
.
2013-02-13 15:05:56 59 ----a-w- C:\Windows\wpd99.drv
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-07 12:15:22 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 10:33:02.10 ===============
 


Edited by bartolli62, 30 March 2013 - 05:52 AM.


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 30 March 2013 - 02:11 PM

Hello, bartolli62.

That log actually does not look too bad.  :)  There are a few outdated programs we'll need to update.  Let's run these two scanners before we do that.  Also, are you able to update your Norton virus definitions?
 
 
Step 1
 
  • Download TDSSKiller.exe  and save it to your desktop.  
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
  • for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply
  •  
     
     
    Step 2
     
    Please download and save it to your desktop.
     
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily or permit them to allow the changes.
    • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
  • Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #14 bartolli62

    bartolli62
    • Topic Starter

    • Members
    • 20 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 31 March 2013 - 06:28 AM

    Hi etavares,

     

    Ok, installed + ran tdsskiller, no threats found. Report generated, really struggled to copy/paste the report, eventually managed it with ctrl+ins and shift+ins:

     

    Other logs to follow.

     

    12:13:10.0716 3592 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

    12:13:12.0447 3592 ============================================================

    12:13:12.0447 3592 Current date / time: 2013/03/31 12:13:12.0447

    12:13:12.0447 3592 SystemInfo:

    12:13:12.0447 3592

    12:13:12.0447 3592 OS Version: 6.1.7601 ServicePack: 1.0

    12:13:12.0447 3592 Product type: Workstation

    12:13:12.0447 3592 ComputerName: LAPTOP

    12:13:12.0447 3592 UserName: NickB

    12:13:12.0447 3592 Windows directory: C:\Windows

    12:13:12.0447 3592 System windows directory: C:\Windows

    12:13:12.0447 3592 Running under WOW64

    12:13:12.0447 3592 Processor architecture: Intel x64

    12:13:12.0447 3592 Number of processors: 2

    12:13:12.0447 3592 Page size: 0x1000

    12:13:12.0447 3592 Boot type: Normal boot

    12:13:12.0447 3592 ============================================================

    12:13:15.0739 3592 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    12:13:15.0770 3592 ============================================================

    12:13:15.0770 3592 \Device\Harddisk0\DR0:

    12:13:15.0786 3592 MBR partitions:

    12:13:15.0786 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

    12:13:15.0786 3592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B68D800

    12:13:15.0786 3592 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B6F1800, BlocksNum 0x1AA0000

    12:13:15.0786 3592 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970

    12:13:15.0786 3592 ============================================================

    12:13:15.0817 3592 C: <-> \Device\Harddisk0\DR0\Partition2

    12:13:16.0004 3592 D: <-> \Device\Harddisk0\DR0\Partition3

    12:13:16.0020 3592 E: <-> \Device\Harddisk0\DR0\Partition4

    12:13:16.0020 3592 ============================================================

    12:13:16.0020 3592 Initialize success

    12:13:16.0020 3592 ============================================================

    12:13:38.0983 5560 ============================================================

    12:13:38.0983 5560 Scan started

    12:13:38.0983 5560 Mode: Manual;

    12:13:38.0983 5560 ============================================================

    12:13:41.0557 5560 ================ Scan system memory ========================

    12:13:41.0557 5560 System memory - ok

    12:13:41.0557 5560 ================ Scan services =============================

    12:13:42.0758 5560 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    12:13:42.0836 5560 1394ohci - ok

    12:13:43.0616 5560 [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA C:\Users\NickB\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys

    12:13:43.0694 5560 A2DDA - ok

    12:13:43.0959 5560 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    12:13:44.0022 5560 ACDaemon - ok

    12:13:44.0178 5560 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

    12:13:44.0209 5560 ACPI - ok

    12:13:44.0334 5560 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    12:13:44.0380 5560 AcpiPmi - ok

    12:13:44.0755 5560 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    12:13:44.0755 5560 AdobeARMservice - ok

    12:13:45.0706 5560 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    12:13:45.0878 5560 AdobeFlashPlayerUpdateSvc - ok

    12:13:46.0065 5560 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

    12:13:46.0159 5560 adp94xx - ok

    12:13:46.0315 5560 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

    12:13:46.0440 5560 adpahci - ok

    12:13:46.0580 5560 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

    12:13:46.0674 5560 adpu320 - ok

    12:13:46.0752 5560 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    12:13:46.0767 5560 AeLookupSvc - ok

    12:13:47.0391 5560 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

    12:13:47.0407 5560 AESTFilters - ok

    12:13:47.0610 5560 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys

    12:13:47.0797 5560 Afc - ok

    12:13:47.0969 5560 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

    12:13:48.0078 5560 AFD - ok

    12:13:48.0546 5560 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

    12:13:48.0717 5560 AgereSoftModem - ok

    12:13:48.0811 5560 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

    12:13:48.0983 5560 agp440 - ok

    12:13:49.0123 5560 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

    12:13:49.0170 5560 ALG - ok

    12:13:49.0326 5560 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

    12:13:49.0357 5560 aliide - ok

    12:13:49.0638 5560 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

    12:13:49.0685 5560 AMD External Events Utility - ok

    12:13:49.0700 5560 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

    12:13:49.0778 5560 amdide - ok

    12:13:49.0981 5560 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

    12:13:50.0059 5560 AmdK8 - ok

    12:13:50.0153 5560 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

    12:13:50.0231 5560 AmdPPM - ok

    12:13:50.0309 5560 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

    12:13:50.0418 5560 amdsata - ok

    12:13:50.0558 5560 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

    12:13:50.0636 5560 amdsbs - ok

    12:13:50.0714 5560 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

    12:13:50.0745 5560 amdxata - ok

    12:13:50.0917 5560 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

    12:13:51.0011 5560 AppID - ok

    12:13:51.0104 5560 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

    12:13:51.0167 5560 AppIDSvc - ok

    12:13:51.0354 5560 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

    12:13:51.0385 5560 Appinfo - ok

    12:13:51.0635 5560 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

    12:13:51.0728 5560 arc - ok

    12:13:51.0853 5560 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

    12:13:51.0900 5560 arcsas - ok

    12:13:52.0103 5560 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    12:13:52.0165 5560 AsyncMac - ok

    12:13:52.0212 5560 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

    12:13:52.0212 5560 atapi - ok

    12:13:52.0929 5560 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys

    12:13:53.0023 5560 athr - ok

    12:13:53.0319 5560 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

    12:13:53.0397 5560 AtiHdmiService - ok

    12:13:55.0675 5560 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

    12:13:56.0003 5560 atikmdag - ok

    12:13:56.0205 5560 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

    12:13:56.0283 5560 AtiPcie - ok

    12:13:56.0658 5560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    12:13:56.0705 5560 AudioEndpointBuilder - ok

    12:13:56.0829 5560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    12:13:56.0845 5560 AudioSrv - ok

    12:13:57.0438 5560 [ 7CC8CD6F86054C563E47E7F063CE7A61 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    12:13:57.0578 5560 Autodesk Licensing Service - ok

    12:13:57.0703 5560 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

    12:13:59.0575 5560 AxInstSV - ok

    12:13:59.0887 5560 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

    12:13:59.0981 5560 b06bdrv - ok

    12:14:00.0215 5560 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

    12:14:00.0277 5560 b57nd60a - ok

    12:14:00.0449 5560 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

    12:14:00.0511 5560 BDESVC - ok

    12:14:00.0683 5560 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

    12:14:00.0714 5560 Beep - ok

    12:14:01.0182 5560 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

    12:14:01.0197 5560 BFE - ok

    12:14:02.0180 5560 [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130322.001\BHDrvx64.sys

    12:14:02.0617 5560 BHDrvx64 - ok

    12:14:03.0023 5560 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

    12:14:03.0085 5560 BITS - ok

    12:14:03.0132 5560 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    12:14:03.0210 5560 blbdrive - ok

    12:14:03.0288 5560 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    12:14:03.0350 5560 bowser - ok

    12:14:03.0506 5560 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

    12:14:03.0584 5560 BrFiltLo - ok

    12:14:03.0693 5560 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

    12:14:03.0771 5560 BrFiltUp - ok

    12:14:03.0865 5560 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

    12:14:03.0927 5560 Browser - ok

    12:14:04.0068 5560 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

    12:14:04.0193 5560 Brserid - ok

    12:14:04.0302 5560 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    12:14:04.0333 5560 BrSerWdm - ok

    12:14:04.0411 5560 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    12:14:04.0458 5560 BrUsbMdm - ok

    12:14:04.0520 5560 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    12:14:04.0551 5560 BrUsbSer - ok

    12:14:04.0754 5560 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

    12:14:04.0817 5560 BTHMODEM - ok

    12:14:04.0988 5560 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

    12:14:05.0097 5560 bthserv - ok

    12:14:05.0378 5560 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys

    12:14:05.0472 5560 ccHP - ok

    12:14:05.0612 5560 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    12:14:05.0675 5560 cdfs - ok

    12:14:05.0831 5560 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

    12:14:05.0862 5560 cdrom - ok

    12:14:05.0971 5560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

    12:14:06.0049 5560 CertPropSvc - ok

    12:14:06.0143 5560 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

    12:14:06.0189 5560 circlass - ok

    12:14:06.0314 5560 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

    12:14:06.0408 5560 CLFS - ok

    12:14:06.0689 5560 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    12:14:06.0751 5560 clr_optimization_v2.0.50727_32 - ok

    12:14:07.0001 5560 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    12:14:07.0001 5560 clr_optimization_v2.0.50727_64 - ok

    12:14:07.0406 5560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    12:14:07.0484 5560 clr_optimization_v4.0.30319_32 - ok

    12:14:07.0796 5560 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    12:14:07.0921 5560 clr_optimization_v4.0.30319_64 - ok

    12:14:08.0061 5560 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

    12:14:08.0093 5560 CmBatt - ok

    12:14:08.0171 5560 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

    12:14:08.0202 5560 cmdide - ok

    12:14:08.0373 5560 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

    12:14:08.0436 5560 CNG - ok

    12:14:08.0623 5560 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    12:14:08.0623 5560 Com4QLBEx - ok

    12:14:08.0732 5560 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

    12:14:08.0779 5560 Compbatt - ok

    12:14:08.0888 5560 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

    12:14:08.0935 5560 CompositeBus - ok

    12:14:08.0997 5560 COMSysApp - ok

    12:14:09.0029 5560 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

    12:14:09.0044 5560 crcdisk - ok

    12:14:09.0231 5560 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

    12:14:09.0247 5560 CryptSvc - ok

    12:14:09.0481 5560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

    12:14:09.0512 5560 DcomLaunch - ok

    12:14:09.0793 5560 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

    12:14:09.0918 5560 defragsvc - ok

    12:14:10.0043 5560 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    12:14:10.0105 5560 DfsC - ok

    12:14:10.0308 5560 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

    12:14:10.0323 5560 Dhcp - ok

    12:14:10.0386 5560 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

    12:14:10.0417 5560 discache - ok

    12:14:10.0542 5560 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

    12:14:10.0604 5560 Disk - ok

    12:14:10.0901 5560 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    12:14:10.0916 5560 Dnscache - ok

    12:14:11.0072 5560 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

    12:14:11.0197 5560 dot3svc - ok

    12:14:11.0291 5560 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

    12:14:11.0306 5560 DPS - ok

    12:14:11.0400 5560 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    12:14:11.0447 5560 drmkaud - ok

    12:14:11.0587 5560 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    12:14:11.0681 5560 DXGKrnl - ok

    12:14:11.0727 5560 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

    12:14:11.0759 5560 EapHost - ok

    12:14:12.0149 5560 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

    12:14:12.0336 5560 ebdrv - ok

    12:14:12.0726 5560 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

    12:14:12.0819 5560 eeCtrl - ok

    12:14:12.0897 5560 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

    12:14:12.0929 5560 EFS - ok

    12:14:13.0443 5560 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    12:14:13.0537 5560 ehRecvr - ok

    12:14:13.0631 5560 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

    12:14:13.0677 5560 ehSched - ok

    12:14:13.0755 5560 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

    12:14:13.0880 5560 elxstor - ok

    12:14:14.0177 5560 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

    12:14:14.0192 5560 EPSON_PM_RPCV4_01 - ok

    12:14:14.0473 5560 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

    12:14:14.0567 5560 EraserUtilRebootDrv - ok

    12:14:14.0645 5560 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

    12:14:14.0660 5560 ErrDev - ok

    12:14:14.0769 5560 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

    12:14:14.0801 5560 EventSystem - ok

    12:14:14.0972 5560 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

    12:14:15.0097 5560 exfat - ok

    12:14:15.0175 5560 ezSharedSvc - ok

    12:14:15.0284 5560 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

    12:14:15.0425 5560 fastfat - ok

    12:14:15.0565 5560 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

    12:14:15.0581 5560 Fax - ok

    12:14:15.0627 5560 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    12:14:15.0674 5560 fdc - ok

    12:14:15.0768 5560 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

    12:14:15.0799 5560 fdPHost - ok

    12:14:15.0846 5560 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

    12:14:15.0877 5560 FDResPub - ok

    12:14:15.0924 5560 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    12:14:15.0939 5560 FileInfo - ok

    12:14:15.0971 5560 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    12:14:16.0049 5560 Filetrace - ok

    12:14:16.0127 5560 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    12:14:16.0158 5560 flpydisk - ok

    12:14:16.0329 5560 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    12:14:16.0376 5560 FltMgr - ok

    12:14:16.0797 5560 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

    12:14:16.0891 5560 FontCache - ok

    12:14:17.0047 5560 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    12:14:17.0063 5560 FontCache3.0.0.0 - ok

    12:14:17.0172 5560 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

    12:14:17.0297 5560 FsDepends - ok

    12:14:17.0437 5560 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    12:14:17.0546 5560 Fs_Rec - ok

    12:14:17.0624 5560 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

    12:14:17.0655 5560 fvevol - ok

    12:14:17.0718 5560 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

    12:14:17.0749 5560 gagp30kx - ok

    12:14:18.0108 5560 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

    12:14:18.0217 5560 GamesAppService - ok

    12:14:18.0420 5560 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

    12:14:18.0467 5560 gpsvc - ok

    12:14:18.0716 5560 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    12:14:18.0732 5560 gupdate - ok

    12:14:18.0825 5560 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    12:14:18.0825 5560 gupdatem - ok

    12:14:19.0153 5560 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    12:14:19.0169 5560 gusvc - ok

    12:14:19.0262 5560 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

    12:14:19.0325 5560 hcw85cir - ok

    12:14:19.0512 5560 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

    12:14:19.0574 5560 HdAudAddService - ok

    12:14:19.0637 5560 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

    12:14:19.0683 5560 HDAudBus - ok

    12:14:19.0730 5560 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

    12:14:19.0777 5560 HidBatt - ok

    12:14:19.0824 5560 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

    12:14:19.0824 5560 HidBth - ok

    12:14:19.0886 5560 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

    12:14:19.0949 5560 HidIr - ok

    12:14:20.0011 5560 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

    12:14:20.0042 5560 hidserv - ok

    12:14:20.0136 5560 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

    12:14:20.0136 5560 HidUsb - ok

    12:14:20.0229 5560 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

    12:14:20.0307 5560 hkmsvc - ok

    12:14:20.0401 5560 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

    12:14:20.0432 5560 HomeGroupListener - ok

    12:14:20.0495 5560 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

    12:14:20.0495 5560 HomeGroupProvider - ok

    12:14:20.0744 5560 [ 00B239202F7756695C8CCDF8BAFA7D3D ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

    12:14:20.0760 5560 HP Health Check Service - ok

    12:14:20.0853 5560 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

    12:14:20.0900 5560 HpqKbFiltr - ok

    12:14:21.0025 5560 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

    12:14:21.0056 5560 hpqwmiex - ok

    12:14:21.0150 5560 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

    12:14:21.0165 5560 HpSAMD - ok

    12:14:21.0353 5560 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

    12:14:21.0415 5560 HTTP - ok

    12:14:21.0477 5560 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

    12:14:21.0524 5560 hwpolicy - ok

    12:14:21.0602 5560 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

    12:14:21.0633 5560 i8042prt - ok

    12:14:21.0696 5560 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

    12:14:21.0711 5560 iaStorV - ok

    12:14:21.0883 5560 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    12:14:21.0914 5560 idsvc - ok

    12:14:22.0351 5560 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130329.001\IDSvia64.sys

    12:14:22.0491 5560 IDSVia64 - ok

    12:14:23.0334 5560 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

    12:14:23.0615 5560 igfx - ok

    12:14:23.0771 5560 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

    12:14:23.0817 5560 iirsp - ok

    12:14:24.0036 5560 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

    12:14:24.0083 5560 IKEEXT - ok

    12:14:24.0129 5560 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

    12:14:26.0033 5560 intelide - ok

    12:14:26.0111 5560 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    12:14:26.0142 5560 intelppm - ok

    12:14:26.0189 5560 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

    12:14:26.0267 5560 IPBusEnum - ok

    12:14:26.0282 5560 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    12:14:26.0345 5560 IpFilterDriver - ok

    12:14:26.0407 5560 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

    12:14:26.0438 5560 iphlpsvc - ok

    12:14:26.0516 5560 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

    12:14:26.0563 5560 IPMIDRV - ok

    12:14:26.0610 5560 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

    12:14:26.0672 5560 IPNAT - ok

    12:14:26.0719 5560 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

    12:14:26.0750 5560 IRENUM - ok

    12:14:26.0844 5560 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

    12:14:26.0859 5560 isapnp - ok

    12:14:26.0937 5560 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

    12:14:26.0937 5560 iScsiPrt - ok

    12:14:27.0015 5560 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

    12:14:27.0031 5560 kbdclass - ok

    12:14:27.0078 5560 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

    12:14:27.0125 5560 kbdhid - ok

    12:14:27.0140 5560 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

    12:14:27.0140 5560 KeyIso - ok

    12:14:27.0203 5560 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    12:14:27.0312 5560 KSecDD - ok

    12:14:27.0468 5560 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

    12:14:27.0561 5560 KSecPkg - ok

    12:14:27.0717 5560 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    12:14:27.0780 5560 ksthunk - ok

    12:14:27.0920 5560 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

    12:14:27.0983 5560 KtmRm - ok

    12:14:28.0092 5560 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

    12:14:28.0123 5560 LanmanServer - ok

    12:14:28.0185 5560 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    12:14:28.0263 5560 LanmanWorkstation - ok

    12:14:28.0373 5560 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    12:14:28.0388 5560 LightScribeService - ok

    12:14:28.0419 5560 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    12:14:28.0419 5560 lltdio - ok

    12:14:28.0497 5560 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

    12:14:28.0575 5560 lltdsvc - ok

    12:14:28.0607 5560 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

    12:14:28.0622 5560 lmhosts - ok

    12:14:28.0716 5560 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

    12:14:28.0763 5560 LSI_FC - ok

    12:14:28.0809 5560 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

    12:14:28.0825 5560 LSI_SAS - ok

    12:14:28.0856 5560 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

    12:14:28.0919 5560 LSI_SAS2 - ok

    12:14:28.0965 5560 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

    12:14:29.0090 5560 LSI_SCSI - ok

    12:14:29.0168 5560 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

    12:14:29.0231 5560 luafv - ok

    12:14:29.0480 5560 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

    12:14:29.0543 5560 LVRS64 - ok

    12:14:30.0510 5560 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

    12:14:30.0728 5560 LVUVC64 - ok

    12:14:30.0837 5560 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    12:14:30.0947 5560 Mcx2Svc - ok

    12:14:30.0978 5560 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

    12:14:31.0025 5560 megasas - ok

    12:14:31.0071 5560 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

    12:14:31.0103 5560 MegaSR - ok

    12:14:31.0134 5560 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

    12:14:31.0134 5560 MMCSS - ok

    12:14:31.0196 5560 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

    12:14:31.0196 5560 Modem - ok

    12:14:31.0212 5560 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

    12:14:31.0259 5560 monitor - ok

    12:14:31.0352 5560 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

    12:14:31.0383 5560 mouclass - ok

    12:14:31.0555 5560 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    12:14:31.0586 5560 mouhid - ok

    12:14:31.0633 5560 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

    12:14:31.0695 5560 mountmgr - ok

    12:14:31.0758 5560 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

    12:14:31.0758 5560 mpio - ok

    12:14:31.0789 5560 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    12:14:31.0851 5560 mpsdrv - ok

    12:14:32.0070 5560 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

    12:14:32.0101 5560 MpsSvc - ok

    12:14:32.0195 5560 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    12:14:32.0257 5560 MRxDAV - ok

    12:14:32.0366 5560 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    12:14:32.0413 5560 mrxsmb - ok

    12:14:32.0585 5560 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    12:14:32.0616 5560 mrxsmb10 - ok

    12:14:32.0663 5560 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    12:14:32.0709 5560 mrxsmb20 - ok

    12:14:32.0772 5560 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

    12:14:32.0819 5560 msahci - ok

    12:14:32.0850 5560 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

    12:14:32.0881 5560 msdsm - ok

    12:14:32.0912 5560 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

    12:14:32.0928 5560 MSDTC - ok

    12:14:33.0006 5560 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

    12:14:33.0053 5560 Msfs - ok

    12:14:33.0146 5560 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    12:14:33.0209 5560 mshidkmdf - ok

    12:14:33.0287 5560 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    12:14:33.0333 5560 msisadrv - ok

    12:14:33.0411 5560 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    12:14:33.0552 5560 MSiSCSI - ok

    12:14:33.0567 5560 msiserver - ok

    12:14:33.0583 5560 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    12:14:33.0630 5560 MSKSSRV - ok

    12:14:33.0661 5560 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    12:14:33.0677 5560 MSPCLOCK - ok

    12:14:33.0708 5560 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    12:14:33.0708 5560 MSPQM - ok

    12:14:33.0817 5560 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    12:14:33.0911 5560 MsRPC - ok

    12:14:33.0973 5560 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

    12:14:34.0051 5560 mssmbios - ok

    12:14:34.0098 5560 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    12:14:34.0113 5560 MSTEE - ok

    12:14:34.0129 5560 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

    12:14:34.0145 5560 MTConfig - ok

    12:14:34.0160 5560 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

    12:14:34.0207 5560 Mup - ok

    12:14:34.0379 5560 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

    12:14:34.0410 5560 napagent - ok

    12:14:34.0597 5560 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    12:14:34.0691 5560 NativeWifiP - ok

    12:14:34.0909 5560 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130330.009\ENG64.SYS

    12:14:34.0940 5560 NAVENG - ok

    12:14:35.0564 5560 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130330.009\EX64.SYS

    12:14:35.0595 5560 NAVEX15 - ok

    12:14:35.0954 5560 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

    12:14:47.0233 5560 NDIS - ok

    12:14:47.0280 5560 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    12:14:47.0373 5560 NdisCap - ok

    12:14:47.0420 5560 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    12:14:47.0436 5560 NdisTapi - ok

    12:14:47.0545 5560 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    12:14:47.0654 5560 Ndisuio - ok

    12:14:47.0763 5560 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    12:14:47.0826 5560 NdisWan - ok

    12:14:47.0919 5560 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    12:14:47.0982 5560 NDProxy - ok

    12:14:48.0107 5560 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    12:14:48.0138 5560 NetBIOS - ok

    12:14:48.0294 5560 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

    12:14:48.0372 5560 NetBT - ok

    12:14:48.0419 5560 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

    12:14:48.0419 5560 Netlogon - ok

    12:14:48.0559 5560 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

    12:14:48.0590 5560 Netman - ok

    12:14:48.0715 5560 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

    12:14:48.0762 5560 netprofm - ok

    12:14:48.0809 5560 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    12:14:48.0887 5560 NetTcpPortSharing - ok

    12:14:49.0823 5560 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

    12:14:50.0072 5560 netw5v64 - ok

    12:14:50.0119 5560 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

    12:14:50.0150 5560 nfrd960 - ok

    12:14:50.0337 5560 [ B4187346F54E362DAFFE647B25A58D50 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

    12:14:50.0384 5560 NIS - ok

    12:14:50.0509 5560 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

    12:14:50.0540 5560 NlaSvc - ok

    12:14:50.0618 5560 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    12:14:50.0712 5560 Npfs - ok

    12:14:50.0805 5560 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

    12:14:50.0837 5560 nsi - ok

    12:14:50.0868 5560 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    12:14:50.0899 5560 nsiproxy - ok

    12:14:51.0117 5560 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    12:14:51.0305 5560 Ntfs - ok

    12:14:51.0336 5560 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

    12:14:51.0398 5560 Null - ok

    12:14:51.0539 5560 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

    12:14:51.0554 5560 nvraid - ok

    12:14:51.0585 5560 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

    12:14:51.0585 5560 nvstor - ok

    12:14:51.0617 5560 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    12:14:51.0632 5560 nv_agp - ok

    12:14:51.0804 5560 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    12:14:51.0851 5560 odserv - ok

    12:14:51.0882 5560 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    12:14:51.0929 5560 ohci1394 - ok

    12:14:52.0022 5560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    12:14:52.0147 5560 ose - ok

    12:14:52.0225 5560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    12:14:52.0272 5560 p2pimsvc - ok

    12:14:52.0428 5560 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

    12:14:52.0459 5560 p2psvc - ok

    12:14:52.0537 5560 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

    12:14:52.0615 5560 Parport - ok

    12:14:52.0709 5560 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

    12:14:52.0802 5560 partmgr - ok

    12:14:52.0880 5560 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

    12:14:52.0896 5560 PcaSvc - ok

    12:14:53.0021 5560 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

    12:14:53.0083 5560 pci - ok

    12:14:53.0145 5560 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

    12:14:53.0177 5560 pciide - ok

    12:14:53.0286 5560 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

    12:14:53.0333 5560 pcmcia - ok

    12:14:53.0379 5560 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

    12:14:53.0411 5560 pcw - ok

    12:14:53.0504 5560 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    12:14:53.0551 5560 PEAUTH - ok

    12:14:53.0754 5560 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

    12:14:53.0801 5560 PerfHost - ok

    12:14:53.0941 5560 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

    12:14:54.0050 5560 pla - ok

    12:14:54.0159 5560 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    12:14:54.0191 5560 PlugPlay - ok

    12:14:54.0237 5560 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    12:14:54.0362 5560 PNRPAutoReg - ok

    12:14:54.0456 5560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    12:14:54.0471 5560 PNRPsvc - ok

    12:14:54.0659 5560 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    12:14:54.0690 5560 PolicyAgent - ok

    12:14:54.0752 5560 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

    12:14:54.0768 5560 Power - ok

    12:14:54.0830 5560 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    12:14:54.0908 5560 PptpMiniport - ok

    12:14:54.0986 5560 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

    12:14:55.0049 5560 Processor - ok

    12:14:55.0095 5560 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

    12:14:55.0127 5560 ProfSvc - ok

    12:14:55.0158 5560 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

    12:14:55.0158 5560 ProtectedStorage - ok

    12:14:55.0283 5560 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    12:14:55.0314 5560 Psched - ok

    12:14:55.0423 5560 [ DD3FD48D69F5FBBB21D46D1514C1C2DB ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys

    12:14:55.0470 5560 PSI - ok

    12:14:55.0938 5560 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

    12:14:56.0078 5560 ql2300 - ok

    12:14:56.0125 5560 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

    12:14:56.0156 5560 ql40xx - ok

    12:14:56.0234 5560 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

    12:14:56.0297 5560 QWAVE - ok

    12:14:56.0359 5560 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    12:14:56.0375 5560 QWAVEdrv - ok

    12:14:56.0421 5560 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    12:14:56.0453 5560 RasAcd - ok

    12:14:56.0593 5560 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    12:14:56.0655 5560 RasAgileVpn - ok

    12:14:56.0687 5560 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

    12:14:56.0702 5560 RasAuto - ok

    12:14:56.0765 5560 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    12:14:56.0765 5560 Rasl2tp - ok

    12:14:56.0827 5560 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

    12:14:56.0905 5560 RasMan - ok

    12:14:56.0952 5560 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    12:14:57.0014 5560 RasPppoe - ok

    12:14:57.0092 5560 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    12:14:57.0123 5560 RasSstp - ok

    12:14:57.0201 5560 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    12:14:57.0248 5560 rdbss - ok

    12:14:57.0326 5560 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    12:14:57.0357 5560 rdpbus - ok

    12:14:57.0389 5560 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    12:14:57.0404 5560 RDPCDD - ok

    12:14:57.0467 5560 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    12:14:57.0467 5560 RDPENCDD - ok

    12:14:57.0513 5560 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    12:14:57.0529 5560 RDPREFMP - ok

    12:14:57.0591 5560 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    12:14:57.0623 5560 RDPWD - ok

    12:14:57.0732 5560 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    12:14:57.0763 5560 rdyboost - ok

    12:14:57.0810 5560 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

    12:14:57.0872 5560 RemoteAccess - ok

    12:14:57.0981 5560 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    12:14:58.0122 5560 RemoteRegistry - ok

    12:14:58.0262 5560 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    12:14:58.0262 5560 RichVideo - ok

    12:14:58.0325 5560 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    12:14:58.0356 5560 RpcEptMapper - ok

    12:14:58.0418 5560 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

    12:14:58.0512 5560 RpcLocator - ok

    12:14:58.0683 5560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

    12:14:58.0699 5560 RpcSs - ok

    12:14:58.0824 5560 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    12:15:02.0568 5560 rspndr - ok

    12:15:02.0615 5560 RSUSBSTOR - ok

    12:15:02.0724 5560 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

    12:15:02.0849 5560 RTL8167 - ok

    12:15:02.0895 5560 RtsUIR - ok

    12:15:02.0958 5560 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

    12:15:02.0958 5560 SamSs - ok

    12:15:03.0005 5560 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    12:15:03.0051 5560 sbp2port - ok

    12:15:03.0161 5560 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

    12:15:03.0270 5560 SCardSvr - ok

    12:15:03.0317 5560 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    12:15:03.0410 5560 scfilter - ok

    12:15:03.0597 5560 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

    12:15:03.0613 5560 Schedule - ok

    12:15:03.0722 5560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

    12:15:03.0722 5560 SCPolicySvc - ok

    12:15:03.0878 5560 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

    12:15:03.0987 5560 sdbus - ok

    12:15:04.0065 5560 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    12:15:04.0175 5560 SDRSVC - ok

    12:15:04.0331 5560 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    12:15:04.0346 5560 SeaPort - ok

    12:15:04.0424 5560 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    12:15:04.0455 5560 secdrv - ok

    12:15:04.0533 5560 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

    12:15:04.0596 5560 seclogon - ok

    12:15:05.0033 5560 [ E43C0D32FF2D9A72F2D975B83B916964 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe

    12:15:05.0126 5560 Secunia PSI Agent - ok

    12:15:05.0267 5560 [ CB2D183E27D1443F7D4CF10665B2BDED ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe

    12:15:05.0376 5560 Secunia Update Agent - ok

    12:15:05.0423 5560 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

    12:15:05.0423 5560 SENS - ok

    12:15:05.0485 5560 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

    12:15:05.0579 5560 SensrSvc - ok

    12:15:05.0657 5560 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

    12:15:05.0688 5560 Serenum - ok

    12:15:05.0719 5560 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

    12:15:05.0719 5560 Serial - ok

    12:15:05.0828 5560 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

    12:15:05.0859 5560 sermouse - ok

    12:15:05.0922 5560 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

    12:15:05.0984 5560 SessionEnv - ok

    12:15:06.0031 5560 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    12:15:06.0047 5560 sffdisk - ok

    12:15:06.0093 5560 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    12:15:06.0187 5560 sffp_mmc - ok

    12:15:06.0249 5560 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    12:15:06.0281 5560 sffp_sd - ok

    12:15:06.0327 5560 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

    12:15:06.0374 5560 sfloppy - ok

    12:15:06.0452 5560 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

    12:15:06.0530 5560 SharedAccess - ok

    12:15:06.0577 5560 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    12:15:06.0608 5560 ShellHWDetection - ok

    12:15:06.0686 5560 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

    12:15:06.0717 5560 SiSRaid2 - ok

    12:15:06.0795 5560 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

    12:15:06.0842 5560 SiSRaid4 - ok

    12:15:06.0951 5560 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

    12:15:07.0014 5560 SkypeUpdate - ok

    12:15:07.0139 5560 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    12:15:07.0154 5560 Smb - ok

    12:15:07.0217 5560 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    12:15:07.0326 5560 SNMPTRAP - ok

    12:15:07.0373 5560 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

    12:15:07.0513 5560 spldr - ok

    12:15:07.0716 5560 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

    12:15:07.0763 5560 Spooler - ok

    12:15:08.0231 5560 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

    12:15:08.0277 5560 sppsvc - ok

    12:15:08.0309 5560 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    12:15:08.0418 5560 sppuinotify - ok

    12:15:08.0699 5560 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS

    12:15:08.0777 5560 SRTSP - ok

    12:15:08.0823 5560 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS

    12:15:08.0870 5560 SRTSPX - ok

    12:15:09.0089 5560 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

    12:15:09.0245 5560 srv - ok

    12:15:09.0432 5560 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    12:15:09.0525 5560 srv2 - ok

    12:15:09.0681 5560 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

    12:15:09.0728 5560 SrvHsfHDA - ok

    12:15:09.0837 5560 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

    12:15:09.0931 5560 SrvHsfV92 - ok

    12:15:10.0103 5560 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

    12:15:10.0134 5560 SrvHsfWinac - ok

    12:15:10.0227 5560 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    12:15:10.0337 5560 srvnet - ok

    12:15:10.0477 5560 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    12:15:10.0508 5560 SSDPSRV - ok

    12:15:10.0586 5560 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

    12:15:10.0695 5560 SstpSvc - ok

    12:15:11.0366 5560 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

    12:15:11.0397 5560 STacSV - ok

    12:15:11.0491 5560 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

    12:15:11.0569 5560 stexstor - ok

    12:15:11.0819 5560 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

    12:15:11.0865 5560 STHDA - ok

    12:15:12.0021 5560 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

    12:15:12.0053 5560 stisvc - ok

    12:15:12.0115 5560 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

    12:15:12.0131 5560 swenum - ok

    12:15:12.0271 5560 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

    12:15:12.0318 5560 swprv - ok

    12:15:12.0396 5560 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS

    12:15:12.0443 5560 SymDS - ok

    12:15:12.0552 5560 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS

    12:15:12.0630 5560 SymEFA - ok

    12:15:12.0755 5560 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

    12:15:12.0786 5560 SymEvent - ok

    12:15:12.0895 5560 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS

    12:15:12.0973 5560 SymIRON - ok

    12:15:13.0207 5560 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS

    12:15:13.0269 5560 SYMTDIv - ok

    12:15:13.0425 5560 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

    12:15:13.0488 5560 SynTP - ok

    12:15:14.0143 5560 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

    12:15:14.0174 5560 SysMain - ok

    12:15:14.0237 5560 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

    12:15:14.0346 5560 TabletInputService - ok

    12:15:14.0533 5560 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

    12:15:14.0627 5560 TapiSrv - ok

    12:15:14.0720 5560 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

    12:15:14.0736 5560 TBS - ok

    12:15:15.0110 5560 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    12:15:15.0251 5560 Tcpip - ok

    12:15:15.0422 5560 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    12:15:15.0469 5560 TCPIP6 - ok

    12:15:15.0547 5560 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    12:15:15.0609 5560 tcpipreg - ok

    12:15:15.0703 5560 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    12:15:15.0719 5560 TDPIPE - ok

    12:15:15.0781 5560 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    12:15:15.0828 5560 TDTCP - ok

    12:15:15.0906 5560 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    12:15:15.0953 5560 tdx - ok

    12:15:16.0046 5560 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

    12:15:16.0062 5560 TermDD - ok

    12:15:16.0249 5560 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

    12:15:16.0296 5560 TermService - ok

    12:15:16.0374 5560 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

    12:15:16.0389 5560 Themes - ok

    12:15:16.0452 5560 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

    12:15:16.0467 5560 THREADORDER - ok

    12:15:16.0483 5560 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

    12:15:16.0514 5560 TrkWks - ok

    12:15:16.0623 5560 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    12:15:16.0639 5560 TrustedInstaller - ok

    12:15:16.0686 5560 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    12:15:16.0764 5560 tssecsrv - ok

    12:15:16.0857 5560 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    12:15:16.0904 5560 TsUsbFlt - ok

    12:15:16.0998 5560 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    12:15:17.0060 5560 tunnel - ok

    12:15:17.0091 5560 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

    12:15:17.0138 5560 uagp35 - ok

    12:15:17.0216 5560 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    12:15:17.0263 5560 udfs - ok

    12:15:17.0325 5560 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

    12:15:17.0403 5560 UI0Detect - ok

    12:15:17.0419 5560 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    12:15:17.0450 5560 uliagpkx - ok

    12:15:17.0575 5560 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

    12:15:17.0591 5560 umbus - ok

    12:15:17.0669 5560 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

    12:15:17.0715 5560 UmPass - ok

    12:15:18.0059 5560 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

    12:15:18.0105 5560 UMVPFSrv - ok

    12:15:18.0246 5560 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

    12:15:18.0277 5560 upnphost - ok

    12:15:18.0324 5560 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

    12:15:18.0402 5560 usbaudio - ok

    12:15:18.0480 5560 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    12:15:18.0558 5560 usbccgp - ok

    12:15:18.0558 5560 USBCCID - ok

    12:15:18.0605 5560 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

    12:15:18.0729 5560 usbcir - ok

    12:15:18.0823 5560 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

    12:15:18.0839 5560 usbehci - ok

    12:15:18.0901 5560 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

    12:15:18.0932 5560 usbfilter - ok

    12:15:19.0010 5560 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    12:15:19.0057 5560 usbhub - ok

    12:15:19.0073 5560 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

    12:15:19.0088 5560 usbohci - ok

    12:15:19.0197 5560 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    12:15:19.0213 5560 usbprint - ok

    12:15:19.0322 5560 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

    12:15:19.0369 5560 usbscan - ok

    12:15:19.0431 5560 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    12:15:19.0509 5560 USBSTOR - ok

    12:15:19.0572 5560 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

    12:15:19.0603 5560 usbuhci - ok

    12:15:19.0697 5560 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

    12:15:19.0759 5560 usbvideo - ok

    12:15:19.0853 5560 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

    12:15:19.0868 5560 UxSms - ok

    12:15:19.0915 5560 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

    12:15:19.0915 5560 VaultSvc - ok

    12:15:20.0040 5560 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    12:15:20.0087 5560 vdrvroot - ok

    12:15:20.0258 5560 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

    12:15:20.0336 5560 vds - ok

    12:15:20.0399 5560 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    12:15:20.0586 5560 vga - ok

    12:15:20.0648 5560 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

    12:15:20.0711 5560 VgaSave - ok

    12:15:20.0820 5560 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    12:15:20.0820 5560 vhdmp - ok

    12:15:20.0898 5560 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

    12:15:20.0991 5560 viaide - ok

    12:15:21.0101 5560 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    12:15:21.0116 5560 volmgr - ok

    12:15:21.0319 5560 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    12:15:21.0413 5560 volmgrx - ok

    12:15:21.0522 5560 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

    12:15:21.0647 5560 volsnap - ok

    12:15:21.0787 5560 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

    12:15:21.0849 5560 vsmraid - ok

    12:15:22.0224 5560 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

    12:15:22.0271 5560 VSS - ok

    12:15:22.0333 5560 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

    12:15:22.0411 5560 vwifibus - ok

    12:15:22.0536 5560 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

    12:15:22.0676 5560 vwififlt - ok

    12:15:22.0785 5560 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

    12:15:22.0879 5560 W32Time - ok

    12:15:22.0941 5560 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

    12:15:23.0019 5560 WacomPen - ok

    12:15:23.0129 5560 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    12:15:23.0253 5560 WANARP - ok

    12:15:23.0347 5560 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    12:15:23.0347 5560 Wanarpv6 - ok

    12:15:23.0971 5560 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    12:15:24.0267 5560 WatAdminSvc - ok

    12:15:24.0595 5560 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

    12:15:24.0751 5560 wbengine - ok

    12:15:24.0829 5560 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    12:15:24.0954 5560 WbioSrvc - ok

    12:15:25.0110 5560 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

    12:15:25.0188 5560 wcncsvc - ok

    12:15:25.0203 5560 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    12:15:25.0281 5560 WcsPlugInService - ok

    12:15:25.0375 5560 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

    12:15:25.0500 5560 Wd - ok

    12:15:25.0734 5560 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    12:15:25.0952 5560 Wdf01000 - ok

    12:15:25.0983 5560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

    12:15:26.0015 5560 WdiServiceHost - ok

    12:15:26.0046 5560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

    12:15:26.0046 5560 WdiSystemHost - ok

    12:15:26.0186 5560 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

    12:15:26.0295 5560 WebClient - ok

    12:15:26.0373 5560 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

    12:15:26.0420 5560 Wecsvc - ok

    12:15:26.0436 5560 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    12:15:26.0451 5560 wercplsupport - ok

    12:15:26.0498 5560 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

    12:15:26.0545 5560 WerSvc - ok

    12:15:26.0639 5560 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    12:15:26.0701 5560 WfpLwf - ok

    12:15:26.0748 5560 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    12:15:26.0763 5560 WIMMount - ok

    12:15:26.0779 5560 WinDefend - ok

    12:15:26.0873 5560 WinDriver - ok

    12:15:26.0888 5560 WinHttpAutoProxySvc - ok

    12:15:27.0169 5560 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    12:15:27.0185 5560 Winmgmt - ok

    12:15:27.0855 5560 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

    12:15:27.0965 5560 WinRM - ok

    12:15:28.0136 5560 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

    12:15:28.0199 5560 WinUsb - ok

    12:15:28.0511 5560 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

    12:15:28.0557 5560 Wlansvc - ok

    12:15:29.0556 5560 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    12:15:29.0603 5560 wlidsvc - ok

    12:15:29.0727 5560 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    12:15:29.0821 5560 WmiAcpi - ok

    12:15:29.0961 5560 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    12:15:30.0008 5560 wmiApSrv - ok

    12:15:30.0071 5560 WMPNetworkSvc - ok

    12:15:30.0133 5560 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

    12:15:30.0180 5560 WPCSvc - ok

    12:15:30.0242 5560 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    12:15:30.0273 5560 WPDBusEnum - ok

    12:15:30.0351 5560 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    12:15:30.0367 5560 ws2ifsl - ok

    12:15:30.0398 5560 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

    12:15:30.0414 5560 wscsvc - ok

    12:15:30.0429 5560 WSearch - ok

    12:15:30.0913 5560 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

    12:15:30.0960 5560 wuauserv - ok

    12:15:31.0038 5560 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    12:15:31.0116 5560 WudfPf - ok

    12:15:31.0178 5560 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    12:15:31.0303 5560 WUDFRd - ok

    12:15:31.0350 5560 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    12:15:31.0365 5560 wudfsvc - ok

    12:15:31.0412 5560 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

    12:15:31.0521 5560 WwanSvc - ok

    12:15:31.0677 5560 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

    12:15:31.0724 5560 yukonw7 - ok

    12:15:31.0771 5560 ================ Scan global ===============================

    12:15:31.0818 5560 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

    12:15:31.0974 5560 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

    12:15:32.0099 5560 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

    12:15:32.0177 5560 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

    12:15:32.0333 5560 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

    12:15:32.0364 5560 [Global] - ok

    12:15:32.0364 5560 ================ Scan MBR ==================================

    12:15:32.0395 5560 [ 442678FEA1B0B08352CB0B5103D0F88F ] \Device\Harddisk0\DR0

    12:15:34.0361 5560 \Device\Harddisk0\DR0 - ok

    12:15:34.0361 5560 ================ Scan VBR ==================================

    12:15:34.0392 5560 [ D8831B87EEDF922042C25F53800E780B ] \Device\Harddisk0\DR0\Partition1

    12:15:34.0392 5560 \Device\Harddisk0\DR0\Partition1 - ok

    12:15:34.0439 5560 [ 8CB9719D53D48A2B95AD3A2E8AFD5068 ] \Device\Harddisk0\DR0\Partition2

    12:15:34.0454 5560 \Device\Harddisk0\DR0\Partition2 - ok

    12:15:34.0485 5560 [ 332D3E5014D968194DA033CD0C27F00A ] \Device\Harddisk0\DR0\Partition3

    12:15:34.0532 5560 \Device\Harddisk0\DR0\Partition3 - ok

    12:15:34.0563 5560 [ 2ACF6FBA2186702B24FBE5696FDE0C6D ] \Device\Harddisk0\DR0\Partition4

    12:15:34.0563 5560 \Device\Harddisk0\DR0\Partition4 - ok

    12:15:34.0563 5560 ============================================================

    12:15:34.0563 5560 Scan finished

    12:15:34.0563 5560 ============================================================

    12:15:34.0595 5564 Detected object count: 0

    12:15:34.0595 5564 Actual detected object count: 0



    #15 bartolli62

    bartolli62
    • Topic Starter

    • Members
    • 20 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 31 March 2013 - 07:09 AM

    Hi etavares

     

    Ok, couldnt see the link to mbam in yr post, so downloaded it from the downloads area of bleepingcomputer!

     

    installed + ran mbam, found 1 object "trojan.agent.df" report below:

     

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.31.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    NickB :: LAPTOP [administrator]

    Protection: Enabled

    31/03/2013 12:35:52
    mbam-log-2013-03-31 (12-35-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 253291
    Time elapsed: 18 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\NickB\AppData\Local\Temp\Low\config.dll (Trojan.Agent.DF) -> Quarantined and deleted successfully.

    (end)

     

    Mbam is prompting me to restart so will do that now + then update norton.

     

    rgds






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users