Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vicious virus, can't even get started


  • This topic is locked This topic is locked
48 replies to this topic

#1 mjabaley

mjabaley

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 08 October 2013 - 07:49 AM

Hi, my daughter's laptop is severly infected.  I will provide complete specs later today, but it is an Acer running Windows Vista.  Symptoms are:

 

1.  Extremely slow processing - takes inordinate amount of time for simple web browsing

2.  Hangs up during shutdown (sticks on "Installing update 1 of 8")

3.  Inability to download files (tried to download MS System Update Readiness Tool, file was unable to be downloaded - can't run or save file - also tried to download Combofix, same thing)

4.  I have HijackThis on the computer from a previous problem, but it will not run (cannot write to host file, and when I try to run as administrator it goes nowhere, when I shutdown the computer it says "too many 16 bit files, need to increase page files").  So I can't even get a HJT log to post.

 

Can you please help me get started?  Thanks!



BC AdBot (Login to Remove)

 


#2 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 08 October 2013 - 08:14 PM

Additional info:

Laptop is an Acer Aspire 4330 running Windows Vista Home Basic on Intel T1600 @1.66Hz, 2G RAM.

#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 08 October 2013 - 09:28 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Are you able to transfer tools from a different computer to the infected one via USB drive or CD??  Does the system act the same if you boot to Safe Mode with Networking?
-----------------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 08 October 2013 - 10:50 PM

I can transfer files using a thumb drive. I haven't tried safe mode with networking to any extent.

#5 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 October 2013 - 05:22 AM

I was able to run a complete malwarebytes scan.  Results pasted below:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [administrator]

10/8/2013 10:58:26 PM
mbam-log-2013-10-08 (22-58-26).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364626
Time elapsed: 2 hour(s), 54 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 09 October 2013 - 07:06 AM

Was this Malwarebytes log ran in Safe Mode?  
 
If need be transfer these tools via USB/CD to the infected system and then run in either Safe or Normal Mode...whichever is possible and then post the logs that are created.
 
Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 October 2013 - 07:46 AM

The malwarebytes was run in normal mode. 

 

I will try to run DDS and TDSSKiller tonight and post the results.



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 09 October 2013 - 09:51 AM

I will try to run DDS and TDSSKiller tonight and post the results.

 

Sounds good.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 October 2013 - 05:24 PM

When I try to run DDS in normal mode, I just get the spinning cursor and can't do anything else with the computer except shut it down.  WHen I shut it down I briefly get an alert box that says something like "too many 16 bit programs running, shut down one or more programs, or increase the page file size".

 

I did successfully run DDS in Safe Mode with Networking.  The two text files are pasted below.  Will try TDSSKILLER next.

 

DDS.TXT:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16496
Run by Nicole at 18:13:23 on 2013-10-09
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1977.1603 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1008&m=aspire_4330
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/53.13/uploader2.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxps://register.facebook.com/controls/contactx.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DFC9D1D0-4E62-45D0-9108-9E6D032FD7F1} : DHCPNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-5-17 756856]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-6-5 101112]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-14 137224]
S1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20120508.011\BHDrvx86.sys [2012-5-14 821880]
S1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20120516.001\IDSvix86.sys [2012-5-16 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-5-10 136312]
S1 SYMTDIV;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\symtdiv.sys [2011-4-21 331384]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-10-23 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
S2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-10-23 81504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-19 24576]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-10-23 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
S2 OpenDNS Updater.exe;OpenDNS Updater;c:\program files\opendns updater\opendns updater.exe --run --> c:\program files\opendns updater\OpenDNS Updater.exe --run [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-15 80824]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-15 106104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-23 30192]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-9 116064]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-15 181432]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-6-17 23984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
.
=============== Created Last 30 ================
.
2013-10-09 02:46:34 -------- d-----w- c:\program files\Microsoft ATS
2013-10-08 00:11:21 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M  ====================
.
2013-10-09 03:24:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 03:24:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-18 13:15:00 65184 ----a-w- c:\windows\apppatch\MATSShim.DLL
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
============= FINISH: 18:15:39.73 ===============
 

 

 

 

 

ATTACH.TXT:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 10/23/2008 1:57:50 AM
System Uptime: 10/9/2013 6:11:06 PM (0 hours ago)
.
Motherboard: Acer |  | Aspire 4330    
Processor: Genuine Intel® CPU           T1600  @ 1.66GHz | uPGA-478 | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 6.672 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.003 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6400_Help
Acer Arcade Deluxe
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
C4700
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
CyberLink PowerDirector
Destinations
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
eSobi v2
eSupportQFolder
Fax
Formatta Filler 7.0
Google Chrome
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Participation Program 14.0
HP Document Manager 1.0
HP Imaging Device Functions 14.0
HP Officejet J6400 Series
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HP_Network_UserGuide
HPPhotoGadget
HPProductAssistant
HPSSupply
iCloud
Inbox Toolbar
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
iTunes
J6400
Java™ 6 Update 23
JMicron JMB38X Flash Media Controller
LightScribe  1.4.142.1
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Automated Troubleshooting Services Shim
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
Network
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OpenDNS Updater 1.3.0.187
Orion
Palm Desktop by ACCESS
Picasa 3
ProductContext
PS_AIO_06_C4700_SW_Min
PSSWCORE
QuickTime
QuickTransfer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Shop for HP Supplies
Shutterfly Express Uploader
Skype Toolbars
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
swMSM
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VideoToolkit01
WebReg
.
==== End Of File ===========================
 



#10 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 October 2013 - 05:38 PM

By the way, I was unable to download either DDS or TDSSKILLER on the infected laptop - the file progressed to 100%, but then said "file could not be downloaded" - whether I was trying Run, Save, or Save As.  But I was able to tranfer bith files using a USB thumb drive.

 

TDSSKILLER ran in normal mode, and found no threats.  Log is pasted below:

 

18:34:59.0210 1124 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

18:34:59.0616 1124 ============================================================

18:34:59.0616 1124 Current date / time: 2013/10/09 18:34:59.0616

18:34:59.0616 1124 SystemInfo:

18:34:59.0616 1124

18:34:59.0616 1124 OS Version: 6.0.6002 ServicePack: 2.0

18:34:59.0616 1124 Product type: Workstation

18:34:59.0616 1124 ComputerName: NICOLE-PC

18:34:59.0616 1124 UserName: Nicole

18:34:59.0616 1124 Windows directory: C:\Windows

18:34:59.0616 1124 System windows directory: C:\Windows

18:34:59.0616 1124 Processor architecture: Intel x86

18:34:59.0616 1124 Number of processors: 2

18:34:59.0616 1124 Page size: 0x1000

18:34:59.0616 1124 Boot type: Normal boot

18:34:59.0616 1124 ============================================================

18:35:00.0848 1124 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

18:35:00.0848 1124 Drive \Device\Harddisk1\DR2 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:35:00.0848 1124 ============================================================

18:35:00.0848 1124 \Device\Harddisk0\DR0:

18:35:00.0848 1124 MBR partitions:

18:35:00.0848 1124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x8B0C000

18:35:00.0848 1124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F0E800, BlocksNum 0x8B0A800

18:35:00.0848 1124 \Device\Harddisk1\DR2:

18:35:00.0848 1124 MBR partitions:

18:35:00.0848 1124 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x775080

18:35:00.0848 1124 ============================================================

18:35:00.0910 1124 C: <-> \Device\Harddisk0\DR0\Partition1

18:35:00.0988 1124 D: <-> \Device\Harddisk0\DR0\Partition2

18:35:00.0988 1124 ============================================================

18:35:00.0988 1124 Initialize success

18:35:00.0988 1124 ============================================================

18:35:05.0278 3524 ============================================================

18:35:05.0278 3524 Scan started

18:35:05.0278 3524 Mode: Manual;

18:35:05.0278 3524 ============================================================

18:35:06.0105 3524 ================ Scan system memory ========================

18:35:06.0105 3524 System memory - ok

18:35:06.0105 3524 ================ Scan services =============================

18:35:06.0308 3524 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

18:35:06.0308 3524 ACPI - ok

18:35:06.0417 3524 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

18:35:06.0417 3524 AdobeARMservice - ok

18:35:06.0495 3524 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:35:06.0495 3524 AdobeFlashPlayerUpdateSvc - ok

18:35:06.0542 3524 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

18:35:06.0558 3524 adp94xx - ok

18:35:06.0589 3524 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

18:35:06.0604 3524 adpahci - ok

18:35:06.0636 3524 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

18:35:06.0636 3524 adpu160m - ok

18:35:06.0651 3524 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

18:35:06.0667 3524 adpu320 - ok

18:35:06.0714 3524 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:35:06.0714 3524 AeLookupSvc - ok

18:35:06.0776 3524 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

18:35:06.0792 3524 AFD - ok

18:35:06.0838 3524 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe

18:35:06.0838 3524 AgereModemAudio - ok

18:35:06.0932 3524 [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

18:35:06.0963 3524 AgereSoftModem - ok

18:35:06.0994 3524 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:35:06.0994 3524 agp440 - ok

18:35:07.0026 3524 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

18:35:07.0026 3524 aic78xx - ok

18:35:07.0104 3524 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

18:35:07.0104 3524 ALG - ok

18:35:07.0119 3524 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

18:35:07.0119 3524 aliide - ok

18:35:07.0135 3524 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

18:35:07.0135 3524 amdagp - ok

18:35:07.0166 3524 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

18:35:07.0166 3524 amdide - ok

18:35:07.0182 3524 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

18:35:07.0182 3524 AmdK7 - ok

18:35:07.0213 3524 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

18:35:07.0213 3524 AmdK8 - ok

18:35:07.0244 3524 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

18:35:07.0244 3524 Appinfo - ok

18:35:07.0369 3524 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:35:07.0369 3524 Apple Mobile Device - ok

18:35:07.0431 3524 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

18:35:07.0431 3524 arc - ok

18:35:07.0462 3524 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

18:35:07.0478 3524 arcsas - ok

18:35:07.0494 3524 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:35:07.0509 3524 AsyncMac - ok

18:35:07.0540 3524 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

18:35:07.0540 3524 atapi - ok

18:35:07.0618 3524 [ 044DCFC10B9144725B0E59AC319759E3 ] athr C:\Windows\system32\DRIVERS\athr.sys

18:35:07.0634 3524 athr - ok

18:35:07.0696 3524 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:35:07.0696 3524 AudioEndpointBuilder - ok

18:35:07.0712 3524 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

18:35:07.0728 3524 Audiosrv - ok

18:35:07.0806 3524 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys

18:35:07.0821 3524 BCM43XX - ok

18:35:07.0852 3524 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

18:35:07.0852 3524 Beep - ok

18:35:07.0915 3524 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

18:35:07.0930 3524 BFE - ok

18:35:08.0118 3524 [ A503D32AE26F77CB942AED530112EDAA ] BHDrvx86 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys

18:35:08.0133 3524 BHDrvx86 - ok

18:35:08.0196 3524 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll

18:35:08.0211 3524 BITS - ok

18:35:08.0242 3524 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

18:35:08.0242 3524 blbdrive - ok

18:35:08.0336 3524 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

18:35:08.0352 3524 Bonjour Service - ok

18:35:08.0398 3524 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:35:08.0398 3524 bowser - ok

18:35:08.0476 3524 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

18:35:08.0476 3524 BrFiltLo - ok

18:35:08.0492 3524 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

18:35:08.0492 3524 BrFiltUp - ok

18:35:08.0523 3524 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

18:35:08.0523 3524 Browser - ok

18:35:08.0570 3524 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

18:35:08.0632 3524 Brserid - ok

18:35:08.0664 3524 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

18:35:08.0695 3524 BrSerWdm - ok

18:35:08.0742 3524 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

18:35:08.0742 3524 BrUsbMdm - ok

18:35:08.0757 3524 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

18:35:08.0757 3524 BrUsbSer - ok

18:35:08.0804 3524 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

18:35:08.0804 3524 BTHMODEM - ok

18:35:08.0898 3524 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

18:35:08.0898 3524 BUNAgentSvc - ok

18:35:09.0038 3524 [ 0F5CA31BB3FDB5C1E63C170CFBECC93B ] CamDrL C:\Windows\system32\DRIVERS\Camdrl.sys

18:35:09.0054 3524 CamDrL - ok

18:35:09.0100 3524 catchme - ok

18:35:09.0132 3524 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:35:09.0132 3524 cdfs - ok

18:35:09.0178 3524 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

18:35:09.0194 3524 cdrom - ok

18:35:09.0225 3524 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

18:35:09.0225 3524 CertPropSvc - ok

18:35:09.0256 3524 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

18:35:09.0256 3524 circlass - ok

18:35:09.0288 3524 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

18:35:09.0288 3524 CLFS - ok

18:35:09.0412 3524 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

18:35:09.0412 3524 CLHNService - ok

18:35:09.0490 3524 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:35:09.0490 3524 clr_optimization_v2.0.50727_32 - ok

18:35:09.0600 3524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:35:09.0600 3524 clr_optimization_v4.0.30319_32 - ok

18:35:09.0631 3524 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:35:09.0631 3524 CmBatt - ok

18:35:09.0646 3524 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:35:09.0646 3524 cmdide - ok

18:35:09.0709 3524 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

18:35:09.0709 3524 Compbatt - ok

18:35:09.0724 3524 COMSysApp - ok

18:35:09.0740 3524 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

18:35:09.0740 3524 crcdisk - ok

18:35:09.0771 3524 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

18:35:09.0771 3524 Crusoe - ok

18:35:09.0834 3524 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:35:09.0834 3524 CryptSvc - ok

18:35:09.0912 3524 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:35:09.0927 3524 DcomLaunch - ok

18:35:09.0974 3524 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:35:10.0005 3524 DfsC - ok

18:35:10.0130 3524 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

18:35:10.0192 3524 DFSR - ok

18:35:10.0239 3524 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

18:35:10.0239 3524 dg_ssudbus - ok

18:35:10.0302 3524 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

18:35:10.0317 3524 Dhcp - ok

18:35:10.0348 3524 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

18:35:10.0348 3524 disk - ok

18:35:10.0380 3524 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys

18:35:10.0380 3524 DKbFltr - ok

18:35:10.0426 3524 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:35:10.0458 3524 Dnscache - ok

18:35:10.0473 3524 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:35:10.0489 3524 dot3svc - ok

18:35:10.0536 3524 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

18:35:10.0551 3524 Dot4 - ok

18:35:10.0567 3524 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

18:35:10.0567 3524 Dot4Print - ok

18:35:10.0582 3524 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

18:35:10.0582 3524 dot4usb - ok

18:35:10.0629 3524 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

18:35:10.0629 3524 DPS - ok

18:35:10.0676 3524 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys

18:35:10.0676 3524 DritekPortIO - ok

18:35:10.0707 3524 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:35:10.0707 3524 drmkaud - ok

18:35:10.0816 3524 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:35:10.0832 3524 DXGKrnl - ok

18:35:10.0879 3524 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

18:35:10.0894 3524 E1G60 - ok

18:35:10.0957 3524 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

18:35:10.0957 3524 EapHost - ok

18:35:11.0019 3524 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

18:35:11.0019 3524 Ecache - ok

18:35:11.0160 3524 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

18:35:11.0191 3524 eDataSecurity Service - ok

18:35:11.0284 3524 [ 579A6B6135D32B857FAF0E3A974535D8 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:35:11.0284 3524 eeCtrl - ok

18:35:11.0331 3524 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

18:35:11.0347 3524 elxstor - ok

18:35:11.0472 3524 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

18:35:11.0487 3524 EMDMgmt - ok

18:35:11.0503 3524 [ 028D50F059BD0D2CCB209E9011B9A9A4 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:35:11.0518 3524 EraserUtilRebootDrv - ok

18:35:11.0550 3524 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:35:11.0550 3524 ErrDev - ok

18:35:11.0596 3524 [ 27D2754314D12EB27D81D462FD0D86C0 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

18:35:11.0596 3524 ETService - ok

18:35:11.0659 3524 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

18:35:11.0659 3524 EventSystem - ok

18:35:11.0721 3524 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

18:35:11.0721 3524 exfat - ok

18:35:11.0768 3524 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:35:11.0768 3524 fastfat - ok

18:35:11.0815 3524 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

18:35:11.0815 3524 fdc - ok

18:35:11.0846 3524 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

18:35:11.0846 3524 fdPHost - ok

18:35:11.0877 3524 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

18:35:11.0877 3524 FDResPub - ok

18:35:11.0940 3524 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:35:11.0940 3524 FileInfo - ok

18:35:11.0955 3524 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:35:11.0955 3524 Filetrace - ok

18:35:11.0986 3524 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

18:35:11.0986 3524 flpydisk - ok

18:35:12.0018 3524 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:35:12.0033 3524 FltMgr - ok

18:35:12.0111 3524 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll

18:35:12.0127 3524 FontCache - ok

18:35:12.0205 3524 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

18:35:12.0205 3524 FontCache3.0.0.0 - ok

18:35:12.0252 3524 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:35:12.0252 3524 Fs_Rec - ok

18:35:12.0283 3524 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

18:35:12.0298 3524 gagp30kx - ok

18:35:12.0345 3524 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:35:12.0361 3524 GEARAspiWDM - ok

18:35:12.0439 3524 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

18:35:12.0439 3524 GoogleDesktopManager-051210-111108 - ok

18:35:12.0486 3524 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

18:35:12.0501 3524 gpsvc - ok

18:35:12.0564 3524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

18:35:12.0564 3524 gupdate - ok

18:35:12.0564 3524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

18:35:12.0579 3524 gupdatem - ok

18:35:12.0626 3524 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:35:12.0626 3524 gusvc - ok

18:35:12.0673 3524 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:35:12.0688 3524 HdAudAddService - ok

18:35:12.0735 3524 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

18:35:12.0751 3524 HDAudBus - ok

18:35:12.0782 3524 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

18:35:12.0782 3524 HidBth - ok

18:35:12.0798 3524 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

18:35:12.0798 3524 HidIr - ok

18:35:12.0844 3524 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

18:35:12.0844 3524 hidserv - ok

18:35:12.0876 3524 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

18:35:12.0876 3524 HidUsb - ok

18:35:12.0922 3524 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:35:12.0922 3524 hkmsvc - ok

18:35:12.0938 3524 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

18:35:12.0938 3524 HpCISSs - ok

18:35:13.0094 3524 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

18:35:13.0110 3524 hpqcxs08 - ok

18:35:13.0141 3524 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

18:35:13.0141 3524 hpqddsvc - ok

18:35:13.0281 3524 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

18:35:13.0297 3524 HPSLPSVC - ok

18:35:13.0344 3524 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:35:13.0344 3524 HTTP - ok

18:35:13.0390 3524 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

18:35:13.0406 3524 i2omp - ok

18:35:13.0453 3524 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

18:35:13.0453 3524 i8042prt - ok

18:35:13.0484 3524 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

18:35:13.0484 3524 iaStorV - ok

18:35:13.0578 3524 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

18:35:13.0593 3524 IDriverT - ok

18:35:13.0640 3524 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:35:13.0671 3524 idsvc - ok

18:35:13.0858 3524 [ F9069CE7A7B9F9BA75D009B0CE3D7601 ] IDSVix86 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120516.001\IDSvix86.sys

18:35:13.0905 3524 IDSVix86 - ok

18:35:14.0420 3524 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

18:35:14.0670 3524 igfx - ok

18:35:14.0701 3524 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

18:35:14.0701 3524 iirsp - ok

18:35:14.0763 3524 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

18:35:14.0763 3524 IKEEXT - ok

18:35:14.0794 3524 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys

18:35:14.0794 3524 int15 - ok

18:35:14.0888 3524 [ CF2219A2FED4F8F2E0817A2BF1658799 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

18:35:14.0935 3524 IntcAzAudAddService - ok

18:35:14.0966 3524 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

18:35:14.0966 3524 intelide - ok

18:35:15.0013 3524 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:35:15.0013 3524 intelppm - ok

18:35:15.0044 3524 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:35:15.0044 3524 IPBusEnum - ok

18:35:15.0060 3524 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:35:15.0075 3524 IpFilterDriver - ok

18:35:15.0138 3524 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

18:35:15.0138 3524 iphlpsvc - ok

18:35:15.0153 3524 IpInIp - ok

18:35:15.0169 3524 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

18:35:15.0169 3524 IPMIDRV - ok

18:35:15.0200 3524 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

18:35:15.0200 3524 IPNAT - ok

18:35:15.0262 3524 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:35:15.0278 3524 iPod Service - ok

18:35:15.0309 3524 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:35:15.0325 3524 IRENUM - ok

18:35:15.0340 3524 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:35:15.0356 3524 isapnp - ok

18:35:15.0387 3524 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

18:35:15.0387 3524 iScsiPrt - ok

18:35:15.0403 3524 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

18:35:15.0403 3524 iteatapi - ok

18:35:15.0434 3524 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

18:35:15.0434 3524 iteraid - ok

18:35:15.0481 3524 [ 8C17DEB1995E593853373C30485E7368 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

18:35:15.0481 3524 JMCR - ok

18:35:15.0496 3524 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

18:35:15.0496 3524 kbdclass - ok

18:35:15.0543 3524 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

18:35:15.0543 3524 kbdhid - ok

18:35:15.0590 3524 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

18:35:15.0590 3524 KeyIso - ok

18:35:15.0637 3524 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:35:15.0652 3524 KSecDD - ok

18:35:15.0730 3524 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

18:35:15.0730 3524 KtmRm - ok

18:35:15.0777 3524 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

18:35:15.0793 3524 LanmanServer - ok

18:35:15.0855 3524 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:35:15.0855 3524 LanmanWorkstation - ok

18:35:15.0902 3524 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

18:35:15.0902 3524 LightScribeService - ok

18:35:15.0949 3524 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:35:15.0949 3524 lltdio - ok

18:35:15.0996 3524 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:35:15.0996 3524 lltdsvc - ok

18:35:16.0011 3524 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:35:16.0011 3524 lmhosts - ok

18:35:16.0027 3524 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

18:35:16.0027 3524 LSI_FC - ok

18:35:16.0042 3524 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

18:35:16.0058 3524 LSI_SAS - ok

18:35:16.0074 3524 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

18:35:16.0074 3524 LSI_SCSI - ok

18:35:16.0089 3524 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

18:35:16.0105 3524 luafv - ok

18:35:16.0198 3524 [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap C:\Windows\system32\DRIVERS\LVcKap.sys

18:35:16.0230 3524 LVcKap - ok

18:35:16.0339 3524 [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys

18:35:16.0401 3524 LVMVDrv - ok

18:35:16.0448 3524 [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys

18:35:16.0448 3524 LVPr2Mon - ok

18:35:16.0510 3524 [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

18:35:16.0526 3524 LVPrcSrv - ok

18:35:16.0557 3524 [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

18:35:16.0557 3524 LVSrvLauncher - ok

18:35:16.0604 3524 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys

18:35:16.0620 3524 LVUSBSta - ok

18:35:16.0729 3524 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

18:35:16.0729 3524 MDM - ok

18:35:16.0760 3524 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

18:35:16.0776 3524 megasas - ok

18:35:16.0822 3524 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

18:35:16.0838 3524 MegaSR - ok

18:35:16.0854 3524 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

18:35:16.0869 3524 MMCSS - ok

18:35:16.0932 3524 MobilityService - ok

18:35:16.0978 3524 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

18:35:16.0978 3524 Modem - ok

18:35:17.0010 3524 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:35:17.0010 3524 monitor - ok

18:35:17.0041 3524 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:35:17.0056 3524 mouclass - ok

18:35:17.0072 3524 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:35:17.0072 3524 mouhid - ok

18:35:17.0103 3524 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

18:35:17.0103 3524 MountMgr - ok

18:35:17.0103 3524 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

18:35:17.0119 3524 mpio - ok

18:35:17.0134 3524 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:35:17.0134 3524 mpsdrv - ok

18:35:17.0181 3524 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

18:35:17.0197 3524 MpsSvc - ok

18:35:17.0228 3524 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

18:35:17.0228 3524 Mraid35x - ok

18:35:17.0275 3524 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:35:17.0275 3524 MRxDAV - ok

18:35:17.0322 3524 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:35:17.0322 3524 mrxsmb - ok

18:35:17.0368 3524 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:35:17.0384 3524 mrxsmb10 - ok

18:35:17.0400 3524 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:35:17.0400 3524 mrxsmb20 - ok

18:35:17.0446 3524 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys

18:35:17.0446 3524 msahci - ok

18:35:17.0493 3524 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:35:17.0493 3524 msdsm - ok

18:35:17.0509 3524 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

18:35:17.0524 3524 MSDTC - ok

18:35:17.0556 3524 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:35:17.0556 3524 Msfs - ok

18:35:17.0587 3524 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:35:17.0587 3524 msisadrv - ok

18:35:17.0618 3524 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:35:17.0618 3524 MSiSCSI - ok

18:35:17.0634 3524 msiserver - ok

18:35:17.0649 3524 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:35:17.0649 3524 MSKSSRV - ok

18:35:17.0696 3524 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:35:17.0696 3524 MSPCLOCK - ok

18:35:17.0712 3524 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:35:17.0727 3524 MSPQM - ok

18:35:17.0758 3524 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:35:17.0758 3524 MsRPC - ok

18:35:17.0790 3524 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

18:35:17.0790 3524 mssmbios - ok

18:35:17.0821 3524 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:35:17.0821 3524 MSTEE - ok

18:35:17.0852 3524 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

18:35:17.0852 3524 Mup - ok

18:35:17.0883 3524 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

18:35:17.0899 3524 napagent - ok

18:35:17.0930 3524 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:35:17.0930 3524 NativeWifiP - ok

18:35:18.0086 3524 [ F11033730B38260B6892E837C457FB4B ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120516.017\NAVENG.SYS

18:35:18.0086 3524 NAVENG - ok

18:35:18.0148 3524 [ 4E4E7C0259D3BB97DE24A636C0E06ABA ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120516.017\NAVEX15.SYS

18:35:18.0180 3524 NAVEX15 - ok

18:35:18.0242 3524 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

18:35:18.0258 3524 NDIS - ok

18:35:18.0273 3524 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:35:18.0273 3524 NdisTapi - ok

18:35:18.0304 3524 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:35:18.0304 3524 Ndisuio - ok

18:35:18.0336 3524 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:35:18.0336 3524 NdisWan - ok

18:35:18.0367 3524 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:35:18.0367 3524 NDProxy - ok

18:35:18.0414 3524 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

18:35:18.0414 3524 Net Driver HPZ12 - ok

18:35:18.0429 3524 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:35:18.0445 3524 NetBIOS - ok

18:35:18.0476 3524 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

18:35:18.0476 3524 netbt - ok

18:35:18.0492 3524 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

18:35:18.0492 3524 Netlogon - ok

18:35:18.0523 3524 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

18:35:18.0538 3524 Netman - ok

18:35:18.0554 3524 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

18:35:18.0570 3524 netprofm - ok

18:35:18.0601 3524 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:35:18.0616 3524 NetTcpPortSharing - ok

18:35:18.0648 3524 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

18:35:18.0648 3524 nfrd960 - ok

18:35:18.0694 3524 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:35:18.0694 3524 NlaSvc - ok

18:35:18.0726 3524 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:35:18.0741 3524 Npfs - ok

18:35:18.0757 3524 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

18:35:18.0757 3524 nsi - ok

18:35:18.0757 3524 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:35:18.0757 3524 nsiproxy - ok

18:35:18.0835 3524 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:35:18.0866 3524 Ntfs - ok

18:35:18.0928 3524 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

18:35:18.0928 3524 NTIBackupSvc - ok

18:35:18.0944 3524 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys

18:35:18.0944 3524 NTIDrvr - ok

18:35:19.0006 3524 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys

18:35:19.0022 3524 NTIPPKernel - ok

18:35:19.0100 3524 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

18:35:19.0147 3524 NTISchedulerSvc - ok

18:35:19.0178 3524 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

18:35:19.0209 3524 ntrigdigi - ok

18:35:19.0256 3524 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

18:35:19.0256 3524 Null - ok

18:35:19.0272 3524 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:35:19.0287 3524 nvraid - ok

18:35:19.0303 3524 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:35:19.0303 3524 nvstor - ok

18:35:19.0318 3524 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:35:19.0334 3524 nv_agp - ok

18:35:19.0334 3524 NwlnkFlt - ok

18:35:19.0350 3524 NwlnkFwd - ok

18:35:19.0381 3524 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:35:19.0381 3524 ohci1394 - ok

18:35:19.0428 3524 OpenDNS Updater.exe - ok

18:35:19.0474 3524 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:35:19.0490 3524 ose - ok

18:35:19.0568 3524 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

18:35:19.0584 3524 p2pimsvc - ok

18:35:19.0599 3524 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

18:35:19.0615 3524 p2psvc - ok

18:35:19.0677 3524 [ DC450992EBA6F914080C1F7FBEEED72C ] PalmUSBD C:\Windows\system32\drivers\PalmUSBD.sys

18:35:19.0693 3524 PalmUSBD - ok

18:35:19.0708 3524 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

18:35:19.0724 3524 Parport - ok

18:35:19.0755 3524 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:35:19.0755 3524 partmgr - ok

18:35:19.0802 3524 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

18:35:19.0802 3524 Parvdm - ok

18:35:19.0849 3524 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

18:35:19.0849 3524 PcaSvc - ok

18:35:19.0880 3524 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

18:35:19.0896 3524 pci - ok

18:35:19.0911 3524 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys

18:35:19.0911 3524 pciide - ok

18:35:19.0927 3524 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

18:35:19.0927 3524 pcmcia - ok

18:35:20.0005 3524 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:35:20.0020 3524 PEAUTH - ok

18:35:20.0176 3524 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

18:35:20.0223 3524 pla - ok

18:35:20.0270 3524 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:35:20.0270 3524 PlugPlay - ok

18:35:20.0317 3524 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

18:35:20.0317 3524 Pml Driver HPZ12 - ok

18:35:20.0364 3524 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

18:35:20.0379 3524 PNRPAutoReg - ok

18:35:20.0395 3524 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

18:35:20.0410 3524 PNRPsvc - ok

18:35:20.0442 3524 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:35:20.0457 3524 PolicyAgent - ok

18:35:20.0488 3524 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:35:20.0488 3524 PptpMiniport - ok

18:35:20.0504 3524 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

18:35:20.0504 3524 Processor - ok

18:35:20.0551 3524 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

18:35:20.0551 3524 ProfSvc - ok

18:35:20.0582 3524 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

18:35:20.0582 3524 ProtectedStorage - ok

18:35:20.0613 3524 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

18:35:20.0613 3524 PSched - ok

18:35:20.0629 3524 [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys

18:35:20.0644 3524 PSDFilter - ok

18:35:20.0660 3524 [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys

18:35:20.0660 3524 PSDNServ - ok

18:35:20.0676 3524 [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys

18:35:20.0676 3524 psdvdisk - ok

18:35:20.0754 3524 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

18:35:20.0785 3524 ql2300 - ok

18:35:20.0800 3524 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

18:35:20.0800 3524 ql40xx - ok

18:35:20.0847 3524 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

18:35:20.0847 3524 QWAVE - ok

18:35:20.0878 3524 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:35:20.0878 3524 QWAVEdrv - ok

18:35:20.0894 3524 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:35:20.0894 3524 RasAcd - ok

18:35:20.0925 3524 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

18:35:20.0925 3524 RasAuto - ok

18:35:20.0956 3524 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:35:20.0956 3524 Rasl2tp - ok

18:35:21.0003 3524 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

18:35:21.0019 3524 RasMan - ok

18:35:21.0066 3524 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:35:21.0066 3524 RasPppoe - ok

18:35:21.0097 3524 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:35:21.0097 3524 RasSstp - ok

18:35:21.0144 3524 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:35:21.0144 3524 rdbss - ok

18:35:21.0175 3524 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:35:21.0190 3524 RDPCDD - ok

18:35:21.0222 3524 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

18:35:21.0237 3524 rdpdr - ok

18:35:21.0237 3524 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:35:21.0237 3524 RDPENCDD - ok

18:35:21.0284 3524 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:35:21.0284 3524 RDPWD - ok

18:35:21.0331 3524 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:35:21.0346 3524 RemoteAccess - ok

18:35:21.0378 3524 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:35:21.0378 3524 RemoteRegistry - ok

18:35:21.0424 3524 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe

18:35:21.0440 3524 RichVideo - ok

18:35:21.0487 3524 [ 92D33F76769A028DDC54A863EB7DE4A2 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys

18:35:21.0487 3524 RimUsb - ok

18:35:21.0518 3524 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys

18:35:21.0518 3524 RimVSerPort - ok

18:35:21.0565 3524 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

18:35:21.0565 3524 ROOTMODEM - ok

18:35:21.0596 3524 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

18:35:21.0596 3524 RpcLocator - ok

18:35:21.0643 3524 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

18:35:21.0658 3524 RpcSs - ok

18:35:21.0674 3524 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:35:21.0674 3524 rspndr - ok

18:35:21.0736 3524 [ D6FAE13AFACEF23A6471D23284B8A164 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

18:35:21.0736 3524 RTL8169 - ok

18:35:21.0752 3524 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

18:35:21.0752 3524 SamSs - ok

18:35:21.0783 3524 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:35:21.0783 3524 sbp2port - ok

18:35:21.0846 3524 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\Windows\system32\drivers\SBREdrv.sys

18:35:21.0846 3524 SBRE - ok

18:35:21.0877 3524 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:35:21.0892 3524 SCardSvr - ok

18:35:22.0002 3524 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

18:35:22.0048 3524 Schedule - ok

18:35:22.0064 3524 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

18:35:22.0080 3524 SCPolicySvc - ok

18:35:22.0111 3524 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

18:35:22.0111 3524 sdbus - ok

18:35:22.0158 3524 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:35:22.0158 3524 SDRSVC - ok

18:35:22.0189 3524 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:35:22.0189 3524 secdrv - ok

18:35:22.0204 3524 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

18:35:22.0204 3524 seclogon - ok

18:35:22.0220 3524 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

18:35:22.0236 3524 SENS - ok

18:35:22.0392 3524 [ 7E2C360B6CC0D87B8EF38439B53DFC71 ] SepMasterService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

18:35:22.0392 3524 SepMasterService - ok

18:35:22.0407 3524 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

18:35:22.0407 3524 Serenum - ok

18:35:22.0438 3524 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

18:35:22.0438 3524 Serial - ok

18:35:22.0470 3524 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

18:35:22.0470 3524 sermouse - ok

18:35:22.0532 3524 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

18:35:22.0532 3524 SessionEnv - ok

18:35:22.0548 3524 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:35:22.0548 3524 sffdisk - ok

18:35:22.0563 3524 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:35:22.0563 3524 sffp_mmc - ok

18:35:22.0579 3524 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:35:22.0579 3524 sffp_sd - ok

18:35:22.0594 3524 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

18:35:22.0594 3524 sfloppy - ok

18:35:22.0657 3524 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

18:35:22.0657 3524 SharedAccess - ok

18:35:22.0704 3524 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:35:22.0719 3524 ShellHWDetection - ok

18:35:22.0735 3524 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

18:35:22.0735 3524 sisagp - ok

18:35:22.0766 3524 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

18:35:22.0766 3524 SiSRaid2 - ok

18:35:22.0782 3524 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

18:35:22.0782 3524 SiSRaid4 - ok

18:35:22.0860 3524 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

18:35:22.0860 3524 SkypeUpdate - ok

18:35:22.0984 3524 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

18:35:23.0094 3524 slsvc - ok

18:35:23.0125 3524 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

18:35:23.0125 3524 SLUINotify - ok

18:35:23.0172 3524 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:35:23.0172 3524 Smb - ok

18:35:23.0250 3524 [ 9FFFEA13A6181F1A92EDBF023CDB6EFD ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe

18:35:23.0312 3524 SmcService - ok

18:35:23.0359 3524 [ C83D26A2F51D8887B99ACF86B7299716 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe

18:35:23.0374 3524 SNAC - ok

18:35:23.0406 3524 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:35:23.0421 3524 SNMPTRAP - ok

18:35:23.0437 3524 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

18:35:23.0437 3524 spldr - ok

18:35:23.0484 3524 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

18:35:23.0499 3524 Spooler - ok

18:35:23.0593 3524 [ D1646B3DB1E401A7FCE2F82547D0CE32 ] SRTSP C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS

18:35:23.0608 3524 SRTSP - ok

18:35:23.0640 3524 [ AB26657D755CC81F073892D833DE426B ] SRTSPX C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS

18:35:23.0640 3524 SRTSPX - ok

18:35:23.0718 3524 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

18:35:23.0718 3524 srv - ok

18:35:23.0764 3524 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:35:23.0780 3524 srv2 - ok

18:35:23.0796 3524 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:35:23.0796 3524 srvnet - ok

18:35:23.0858 3524 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:35:23.0858 3524 SSDPSRV - ok

18:35:23.0905 3524 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:35:23.0920 3524 SstpSvc - ok

18:35:23.0967 3524 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

18:35:23.0967 3524 ssudmdm - ok

18:35:23.0998 3524 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

18:35:23.0998 3524 StillCam - ok

18:35:24.0045 3524 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

18:35:24.0061 3524 stisvc - ok

18:35:24.0092 3524 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

18:35:24.0092 3524 swenum - ok

18:35:24.0123 3524 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

18:35:24.0139 3524 swprv - ok

18:35:24.0201 3524 [ 10349D3C68E7FF0527FDB1A55975999D ] SyDvCtrl C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys

18:35:24.0201 3524 SyDvCtrl - ok

18:35:24.0217 3524 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

18:35:24.0232 3524 Symc8xx - ok

18:35:24.0264 3524 [ 4F52D56310FEF75249914F352DDE7D13 ] SymDS C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS

18:35:24.0279 3524 SymDS - ok

18:35:24.0326 3524 [ 6C30D676B806ED0324124C85146B46BC ] SymEFA C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS

18:35:24.0342 3524 SymEFA - ok

18:35:24.0420 3524 [ 98D28D08E68145FB550EE7670B43BAF2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

18:35:24.0435 3524 SymEvent - ok

18:35:24.0482 3524 [ 057AC299D7A61BAB2A1BDC483280AE57 ] SymIRON C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS

18:35:24.0482 3524 SymIRON - ok

18:35:24.0544 3524 [ D42A7229E333AF725F1445F785E4658D ] SYMTDIV C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS

18:35:24.0544 3524 SYMTDIV - ok

18:35:24.0560 3524 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

18:35:24.0576 3524 Sym_hi - ok

18:35:24.0607 3524 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

18:35:24.0607 3524 Sym_u3 - ok

18:35:24.0654 3524 [ 32E8B307F0E9F72B66B518FD62EAB91E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

18:35:24.0654 3524 SynTP - ok

18:35:24.0716 3524 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

18:35:24.0732 3524 SysMain - ok

18:35:24.0778 3524 [ 853E08AB8078B2D36EC157ACB9BB0D55 ] SysPlant C:\Windows\system32\Drivers\SysPlant.sys

18:35:24.0778 3524 SysPlant - ok

18:35:24.0810 3524 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:35:24.0810 3524 TabletInputService - ok

18:35:24.0856 3524 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:35:24.0856 3524 TapiSrv - ok

18:35:24.0888 3524 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

18:35:24.0903 3524 TBS - ok

18:35:24.0966 3524 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:35:24.0981 3524 Tcpip - ok

18:35:25.0012 3524 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

18:35:25.0028 3524 Tcpip6 - ok

18:35:25.0075 3524 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:35:25.0075 3524 tcpipreg - ok

18:35:25.0106 3524 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:35:25.0106 3524 TDPIPE - ok

18:35:25.0137 3524 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:35:25.0137 3524 TDTCP - ok

18:35:25.0168 3524 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:35:25.0184 3524 tdx - ok

18:35:25.0231 3524 [ 1734C9A8FA3B853A221A8D937E0E23B4 ] Teefer2 C:\Windows\system32\DRIVERS\Teefer.sys

18:35:25.0231 3524 Teefer2 - ok

18:35:25.0278 3524 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

18:35:25.0278 3524 TermDD - ok

18:35:25.0309 3524 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

18:35:25.0324 3524 TermService - ok

18:35:25.0371 3524 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

18:35:25.0371 3524 Themes - ok

18:35:25.0387 3524 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

18:35:25.0387 3524 THREADORDER - ok

18:35:25.0434 3524 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

18:35:25.0434 3524 TrkWks - ok

18:35:25.0496 3524 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:35:25.0496 3524 TrustedInstaller - ok

18:35:25.0512 3524 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:35:25.0512 3524 tssecsrv - ok

18:35:25.0574 3524 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

18:35:25.0590 3524 tunmp - ok

18:35:25.0636 3524 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:35:25.0636 3524 tunnel - ok

18:35:25.0668 3524 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

18:35:25.0668 3524 uagp35 - ok

18:35:25.0699 3524 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

18:35:25.0699 3524 UBHelper - ok

18:35:25.0746 3524 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:35:25.0746 3524 udfs - ok

18:35:25.0808 3524 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:35:25.0808 3524 UI0Detect - ok

18:35:25.0855 3524 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:35:25.0855 3524 uliagpkx - ok

18:35:25.0886 3524 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

18:35:25.0902 3524 uliahci - ok

18:35:25.0917 3524 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

18:35:25.0917 3524 UlSata - ok

18:35:25.0933 3524 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

18:35:25.0948 3524 ulsata2 - ok

18:35:25.0964 3524 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

18:35:25.0964 3524 umbus - ok

18:35:25.0995 3524 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

18:35:26.0011 3524 upnphost - ok

18:35:26.0058 3524 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

18:35:26.0073 3524 USBAAPL - ok

18:35:26.0120 3524 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

18:35:26.0120 3524 usbaudio - ok

18:35:26.0136 3524 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:35:26.0136 3524 usbccgp - ok

18:35:26.0182 3524 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:35:26.0182 3524 usbcir - ok

18:35:26.0229 3524 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

18:35:26.0229 3524 usbehci - ok

18:35:26.0245 3524 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:35:26.0260 3524 usbhub - ok

18:35:26.0276 3524 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:35:26.0276 3524 usbohci - ok

18:35:26.0323 3524 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:35:26.0323 3524 usbprint - ok

18:35:26.0354 3524 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

18:35:26.0354 3524 usbscan - ok

18:35:26.0385 3524 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:35:26.0401 3524 USBSTOR - ok

18:35:26.0416 3524 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

18:35:26.0416 3524 usbuhci - ok

18:35:26.0479 3524 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

18:35:26.0479 3524 usbvideo - ok

18:35:26.0510 3524 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

18:35:26.0510 3524 UxSms - ok

18:35:26.0572 3524 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

18:35:26.0572 3524 vds - ok

18:35:26.0604 3524 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:35:26.0604 3524 vga - ok

18:35:26.0619 3524 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

18:35:26.0619 3524 VgaSave - ok

18:35:26.0635 3524 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

18:35:26.0650 3524 viaagp - ok

18:35:26.0682 3524 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

18:35:26.0682 3524 ViaC7 - ok

18:35:26.0697 3524 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

18:35:26.0713 3524 viaide - ok

18:35:26.0713 3524 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:35:26.0728 3524 volmgr - ok

18:35:26.0760 3524 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:35:26.0760 3524 volmgrx - ok

18:35:26.0822 3524 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:35:26.0822 3524 volsnap - ok

18:35:26.0853 3524 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

18:35:26.0869 3524 vsmraid - ok

18:35:26.0931 3524 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

18:35:26.0947 3524 VSS - ok

18:35:26.0994 3524 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

18:35:27.0009 3524 W32Time - ok

18:35:27.0025 3524 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

18:35:27.0040 3524 WacomPen - ok

18:35:27.0087 3524 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

18:35:27.0087 3524 Wanarp - ok

18:35:27.0103 3524 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:35:27.0103 3524 Wanarpv6 - ok

18:35:27.0118 3524 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:35:27.0134 3524 wcncsvc - ok

18:35:27.0165 3524 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:35:27.0181 3524 WcsPlugInService - ok

18:35:27.0196 3524 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

18:35:27.0196 3524 Wd - ok

18:35:27.0259 3524 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:35:27.0259 3524 Wdf01000 - ok

18:35:27.0306 3524 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:35:27.0321 3524 WdiServiceHost - ok

18:35:27.0321 3524 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:35:27.0337 3524 WdiSystemHost - ok

18:35:27.0368 3524 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

18:35:27.0384 3524 WebClient - ok

18:35:27.0430 3524 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:35:27.0430 3524 Wecsvc - ok

18:35:27.0446 3524 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:35:27.0462 3524 wercplsupport - ok

18:35:27.0493 3524 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

18:35:27.0493 3524 WerSvc - ok

18:35:27.0555 3524 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

18:35:27.0555 3524 WinDefend - ok

18:35:27.0571 3524 WinHttpAutoProxySvc - ok

18:35:27.0633 3524 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:35:27.0633 3524 Winmgmt - ok

18:35:27.0696 3524 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

18:35:27.0727 3524 WinRM - ok

18:35:27.0805 3524 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

18:35:27.0805 3524 WinUSB - ok

18:35:27.0867 3524 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

18:35:27.0883 3524 Wlansvc - ok

18:35:27.0914 3524 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

18:35:27.0914 3524 WmiAcpi - ok

18:35:27.0945 3524 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:35:27.0961 3524 wmiApSrv - ok

18:35:28.0039 3524 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

18:35:28.0054 3524 WMPNetworkSvc - ok

18:35:28.0086 3524 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:35:28.0101 3524 WPCSvc - ok

18:35:28.0132 3524 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:35:28.0148 3524 WPDBusEnum - ok

18:35:28.0164 3524 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

18:35:28.0179 3524 WpdUsb - ok

18:35:28.0304 3524 [ 120F3B596F79FC990B7D808857A8B3BC ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:35:28.0320 3524 WPFFontCache_v0400 - ok

18:35:28.0351 3524 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:35:28.0351 3524 ws2ifsl - ok

18:35:28.0382 3524 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

18:35:28.0382 3524 wscsvc - ok

18:35:28.0444 3524 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

18:35:28.0444 3524 WSDPrintDevice - ok

18:35:28.0444 3524 WSearch - ok

18:35:28.0569 3524 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

18:35:28.0600 3524 wuauserv - ok

18:35:28.0647 3524 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:35:28.0647 3524 WudfPf - ok

18:35:28.0663 3524 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:35:28.0678 3524 WUDFRd - ok

18:35:28.0710 3524 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:35:28.0725 3524 wudfsvc - ok

18:35:28.0756 3524 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl

18:35:28.0772 3524 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok

18:35:28.0788 3524 ================ Scan global ===============================

18:35:28.0819 3524 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

18:35:28.0881 3524 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

18:35:28.0912 3524 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll

18:35:28.0944 3524 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

18:35:28.0959 3524 [Global] - ok

18:35:28.0959 3524 ================ Scan MBR ==================================

18:35:28.0975 3524 [ 4E21D458A40C15E660464D81BF7302E4 ] \Device\Harddisk0\DR0

18:35:32.0111 3524 \Device\Harddisk0\DR0 - ok

18:35:32.0111 3524 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR2

18:35:32.0767 3524 \Device\Harddisk1\DR2 - ok

18:35:32.0767 3524 ================ Scan VBR ==================================

18:35:32.0767 3524 [ 789F922896EE0B2C2FC0404B8803B878 ] \Device\Harddisk0\DR0\Partition1

18:35:32.0782 3524 \Device\Harddisk0\DR0\Partition1 - ok

18:35:32.0813 3524 [ 7CF19D6012F3ABDF239ED2D2CFAB8AF7 ] \Device\Harddisk0\DR0\Partition2

18:35:32.0813 3524 \Device\Harddisk0\DR0\Partition2 - ok

18:35:32.0829 3524 [ F6490644FFD8E6C939A011C9676EF967 ] \Device\Harddisk1\DR2\Partition1

18:35:32.0829 3524 \Device\Harddisk1\DR2\Partition1 - ok

18:35:32.0829 3524 ============================================================

18:35:32.0829 3524 Scan finished

18:35:32.0829 3524 ============================================================

18:35:32.0845 5056 Detected object count: 0

18:35:32.0845 5056 Actual detected object count: 0



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 09 October 2013 - 07:45 PM

Just a quick question....is this a business computer by chance?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 October 2013 - 07:55 PM

no - purely personal, was my wife's laptop then passed on to daughter.  Is there something in the logfiles that indicates it is a business computer?



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 09 October 2013 - 07:57 PM

Just checking because of the antivirus program.   :)
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 October 2013 - 08:04 PM

OK.  My employer makes Symantec available for free to us - that's why it's on the laptop.

 

Will work on combofix.



#15 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 October 2013 - 08:13 PM

Loaded combofix.exe onto the desktop via USB drive from another computer.  Tried running in normal mode, did not run, had to shut down computer and got the brief alert during shutdown - "Too many other files are in use by 16 bit programs.  Quit one of the other programs or increase the files"

 

Any idea what is causing this?

 

Will try running in safe mode with networking.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users