Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Computer is infected with FBI Ransom Virus


  • This topic is locked This topic is locked
36 replies to this topic

#1 artk1

artk1

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 21 March 2014 - 05:27 PM

 My computer running Windows 8 boots to the FBI Ransom Virus and has locked me out of all functions.

I was able to get the machine to boot into Safe Mode but I am now unable to do anything else but stare

at that foolish warning screen. I appreciate any help you can provide as I have tried offline scans of

Kapersky, Microsoft, and Norton with no success. Let me know what information I can provide and thank you

in advance.

 

Art



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 26 March 2014 - 12:06 PM

Hi artk1 :)

 

My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

 

Thanks for your patience.

 

polskamachina



#3 artk1

artk1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 March 2014 - 02:56 PM

Thanks



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 27 March 2014 - 09:44 AM

Hi artk1 :)
 
 I would like to officially welcome you to Bleeping Computer. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know.

I am in California at GMT-7 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started with the fixing:

  • On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system.

    Plug the flashdrive into the infected PC.
  • Since you are using Windows 8 consult the How to use the Windows 8 System Recovery Environment Command Prompt to enter the System Recovery Command prompt.


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Let me know if you have any questions.
polskamachina



#5 artk1

artk1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 27 March 2014 - 10:51 AM

 Here is the log:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-PKTMU99 on 28-03-2014 02:45:26
Running from G:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKU\pete\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S4 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
S4 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-03-21] (Emsisoft GmbH)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-03-21] (Emsisoft GmbH)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131221.006\ENG64.SYS [126040 2013-09-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131221.006\EX64.SYS [2099288 2013-09-28] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-25] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 22:32 - 2014-03-22 06:00 - 222548312 _____ () C:\emerg.exe
2014-03-22 21:08 - 2014-03-22 21:08 - 00000546 _____ () C:\Users\pete\Desktop\Emsisoft Emergency Kit.lnk
2014-03-22 21:08 - 2014-03-22 21:08 - 00000000 ____D () C:\EEK
2014-03-22 06:03 - 2014-03-23 05:23 - 00000000 ____D () C:\FRST
2014-03-22 04:49 - 2014-03-22 04:49 - 00000000 ____D () C:\Windows\LastGood
2014-03-21 21:38 - 2014-03-21 21:38 - 00000070 _____ () C:\Windows\System32\Tasks\.directory
2014-03-21 21:35 - 2014-03-21 21:35 - 00000049 _____ () C:\Windows\SysWOW64\.directory
2014-03-21 15:01 - 2013-03-01 18:45 - 04577792 _____ (Microsoft Corporation) C:\wordpad.exe
2014-03-21 14:48 - 2014-03-21 14:48 - 00000050 _____ () C:\.directory
2014-03-21 06:06 - 2014-03-21 06:06 - 00000000 ____D () C:\NBRT
2014-03-21 02:01 - 2014-03-21 23:34 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-20 23:51 - 2014-03-22 17:58 - 00000000 ____D () C:\Users\pete\AppData\Local\CrashDumps
2014-03-20 21:47 - 2014-03-20 21:53 - 00000000 ____D () C:\Users\pete\AppData\Local\NPE
2014-03-20 05:17 - 2014-03-20 05:17 - 00000000 ____D () C:\Windows\pss
2014-03-17 05:41 - 2014-03-17 05:42 - 00292688 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-15 18:42 - 2014-03-16 16:21 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-03-13 17:32 - 2014-02-23 00:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 17:32 - 2014-02-23 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 17:32 - 2014-02-23 00:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2014-03-13 17:32 - 2014-02-23 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-13 17:32 - 2014-02-23 00:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 17:32 - 2014-02-23 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-13 17:32 - 2014-02-23 00:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-13 17:32 - 2014-02-22 22:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:32 - 2014-02-22 22:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:32 - 2014-02-22 22:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 17:32 - 2014-02-07 20:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-13 17:32 - 2013-10-24 23:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2014-03-13 17:32 - 2013-10-24 14:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2014-03-13 17:31 - 2014-02-23 00:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2014-03-13 17:31 - 2014-02-23 00:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-13 17:31 - 2014-02-23 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 17:31 - 2014-02-22 22:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:31 - 2014-02-22 22:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:31 - 2014-02-22 22:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:31 - 2014-02-22 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 17:31 - 2014-02-22 22:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:31 - 2014-02-22 20:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 17:31 - 2014-02-05 15:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-13 17:31 - 2014-02-05 15:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 17:31 - 2014-01-30 16:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:31 - 2014-01-30 16:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-13 17:31 - 2013-12-06 22:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-03-13 17:31 - 2013-12-06 21:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

==================== One Month Modified Files and Folders =======

2014-03-23 05:23 - 2014-03-22 06:03 - 00000000 ____D () C:\FRST
2014-03-22 21:56 - 2013-06-22 02:01 - 01126340 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 21:10 - 2012-07-25 23:28 - 00941050 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-22 21:08 - 2014-03-22 21:08 - 00000546 _____ () C:\Users\pete\Desktop\Emsisoft Emergency Kit.lnk
2014-03-22 21:08 - 2014-03-22 21:08 - 00000000 ____D () C:\EEK
2014-03-22 17:58 - 2014-03-20 23:51 - 00000000 ____D () C:\Users\pete\AppData\Local\CrashDumps
2014-03-22 06:00 - 2014-03-22 22:32 - 222548312 _____ () C:\emerg.exe
2014-03-22 04:49 - 2014-03-22 04:49 - 00000000 ____D () C:\Windows\LastGood
2014-03-21 23:34 - 2014-03-21 02:01 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-21 21:38 - 2014-03-21 21:38 - 00000070 _____ () C:\Windows\System32\Tasks\.directory
2014-03-21 21:35 - 2014-03-21 21:35 - 00000049 _____ () C:\Windows\SysWOW64\.directory
2014-03-21 14:48 - 2014-03-21 14:48 - 00000050 _____ () C:\.directory
2014-03-21 06:06 - 2014-03-21 06:06 - 00000000 ____D () C:\NBRT
2014-03-20 21:53 - 2014-03-20 21:47 - 00000000 ____D () C:\Users\pete\AppData\Local\NPE
2014-03-20 05:17 - 2014-03-20 05:17 - 00000000 ____D () C:\Windows\pss
2014-03-20 05:14 - 2013-09-10 18:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 05:14 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 05:07 - 2013-09-10 18:39 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 05:05 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-20 05:04 - 2013-06-22 02:02 - 00000000 ____D () C:\users\pete
2014-03-17 05:43 - 2013-10-16 10:17 - 00000000 ____D () C:\Users\pete\AppData\Roaming\Skype
2014-03-17 05:43 - 2013-10-16 10:17 - 00000000 ____D () C:\ProgramData\Skype
2014-03-17 05:42 - 2014-03-17 05:41 - 00292688 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-16 16:26 - 2013-10-16 10:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 16:21 - 2014-03-15 18:42 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-03-16 16:15 - 2012-07-26 00:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-16 16:15 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 16:15 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 18:27 - 2013-06-22 02:07 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB4A6B51-4E05-4116-8C13-BBDE72250CE4}
2014-03-15 18:26 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru
2014-03-10 20:10 - 2013-09-10 18:40 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-10 19:52 - 2013-06-24 13:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-10 19:52 - 2013-06-24 13:41 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-04 14:52 - 2013-11-17 20:48 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 14:52 - 2013-11-17 20:48 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\pete\classicshell.exe
C:\Users\pete\MSEInstall.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2013-07-23 10:54] - [2013-05-30 15:08] - 1165824 ____A (Microsoft Corporation) 0A5FE5AF556AAEE58EBA2C2BBC32199D

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3560.36 MB
Available physical RAM: 2917.62 MB
Total Pagefile: 3560.36 MB
Available Pagefile: 2929.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.67 GB) (Free:395.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.32 GB) (Free:2.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (WDO_MEDIA64) (Removable) (Total:0.95 GB) (Free:0.29 GB) FAT32
Drive f: (HRM_CENA_X64FREV_EN-US_DV5) (CDROM) (Total:3.25 GB) (Free:0 GB) UDF
Drive g: (NBRT) (Removable) (Total:0.93 GB) (Free:0.1 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1EFAD293)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: D58B240A)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 960 MB) (Disk ID: 554D554D)
Partition 1: (Active) - (Size=957 MB) - (Type=0B)


LastRegBack: 2014-03-12 19:14

==================== End Of Log ============================

 

 

Thanks polskamachina



#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 27 March 2014 - 05:16 PM

Hi artk1 :)

 

By any chance, did you save any of the reports or logs when your ran the Kaspersky, MS, or Norton scans? If so, can you please copy and paste them in your next reply.

 

polskamachina



#7 artk1

artk1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 28 March 2014 - 03:28 AM

 No, none of the logs were saved but they all said no problems were found.



#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 30 March 2014 - 10:53 AM

Hi artk1  :)

 

I am currently working on a fix for your computer.

 

Thanks for your patience.

 

polskamachina



#9 artk1

artk1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 30 March 2014 - 11:28 AM

Thank You



#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 31 March 2014 - 10:33 AM

Hi artk1 :)

 

I would like you to rerun the FRST program in recovery mode as you did before but with some changes to the options. This time I would like you to uncheck all the boxes in the main window. Then click on the scan button. This will provide an unfiltered output of what will hopefully lead us to the malware. The minor drawback is that it may provide us with a log which can be very lengthy. If you find it too large to copy and paste in your next reply to me, then please attach it as a text file.

 

Let me know if you have any questions.

 

polskamachina



#11 artk1

artk1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 31 March 2014 - 11:44 AM

Here's that log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-RC42P3O on 01-04-2014 03:34:06
Running from E:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (All) ===========================

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [25088 2012-07-25] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-25] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2391280 2013-06-01] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2106176 2013-06-01] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKU\pete\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File

==================== Services (All) ========================

S4 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [190976 2012-09-19] (Microsoft Corporation)
S4 ALG; C:\Windows\System32\alg.exe [94208 2012-07-25] (Microsoft Corporation)
S4 AllUserInstallAgent; C:\Windows\system32\AUInstallAgent.dll [122368 2012-07-25] (Microsoft Corporation)
S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2012-08-08] (AMD)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
S4 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [65024 2012-07-25] (Microsoft Corporation)
S4 AppIDSvc; C:\Windows\System32\appidsvc.dll [37888 2012-07-25] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-03-05] (Microsoft Corporation)
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51648 2012-07-11] (Microsoft Corporation)
S4 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [169472 2013-04-08] (Microsoft Corporation)
S4 Audiosrv; C:\Windows\System32\Audiosrv.dll [785408 2013-06-01] (Microsoft Corporation)
S4 AxInstSV; C:\Windows\System32\AxInstSV.dll [112128 2012-07-25] (Microsoft Corporation)
S4 BDESVC; C:\Windows\System32\bdesvc.dll [190976 2012-10-10] (Microsoft Corporation)
S4 BFE; C:\Windows\System32\bfe.dll [723968 2013-10-10] (Microsoft Corporation)
S4 BITS; C:\Windows\System32\qmgr.dll [826368 2012-07-25] (Microsoft Corporation)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
S2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [179712 2013-05-03] (Microsoft Corporation)
S4 Browser; C:\Windows\System32\browser.dll [134144 2012-07-25] (Microsoft Corporation)
S4 bthserv; C:\Windows\system32\bthserv.dll [89088 2012-07-25] (Microsoft Corporation)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S4 CertPropSvc; C:\Windows\System32\certprop.dll [149504 2012-07-25] (Microsoft Corporation)
S4 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
S4 COMSysApp; C:\Windows\system32\dllhost.exe [10752 2012-07-25] (Microsoft Corporation)
S4 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [8704 2012-07-25] (Microsoft Corporation)
S4 CryptSvc; C:\Windows\system32\cryptsvc.dll [68096 2013-07-12] (Microsoft Corporation)
S2 DcomLaunch; C:\Windows\system32\rpcss.dll [817152 2012-07-25] (Microsoft Corporation)
S4 defragsvc; C:\Windows\System32\defragsvc.dll [340480 2012-07-25] (Microsoft Corporation)
S4 DeviceAssociationService; C:\Windows\system32\das.dll [342016 2012-07-25] (Microsoft Corporation)
S4 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [107008 2012-09-19] (Microsoft Corporation)
S4 Dhcp; C:\Windows\system32\dhcpcore.dll [331776 2012-10-10] (Microsoft Corporation)
S4 Dnscache; C:\Windows\System32\dnsrslvr.dll [210432 2012-09-19] (Microsoft Corporation)
S4 dot3svc; C:\Windows\System32\dot3svc.dll [252928 2012-07-25] (Microsoft Corporation)
S4 DPS; C:\Windows\system32\dps.dll [197120 2012-07-25] (Microsoft Corporation)
S4 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [207872 2013-06-01] (Microsoft Corporation)
S4 Eaphost; C:\Windows\System32\eapsvc.dll [105472 2012-07-25] (Microsoft Corporation)
S4 EFS; C:\Windows\system32\efssvc.dll [37376 2012-07-25] (Microsoft Corporation)
S4 EventLog; C:\Windows\System32\wevtsvc.dll [1731584 2012-07-25] (Microsoft Corporation)
S4 EventSystem; C:\Windows\system32\es.dll [507904 2012-07-25] (Microsoft Corporation)
S4 Fax; C:\Windows\system32\fxssvc.exe [669696 2012-07-25] (Microsoft Corporation)
S4 fdPHost; C:\Windows\system32\fdPHost.dll [21504 2012-07-25] (Microsoft Corporation)
S4 FDResPub; C:\Windows\system32\fdrespub.dll [33280 2012-07-25] (Microsoft Corporation)
S4 fhsvc; C:\Windows\system32\fhsvc.dll [116736 2012-09-19] (Microsoft Corporation)
S4 FontCache; C:\Windows\system32\FntCache.dll [1280000 2012-10-10] (Microsoft Corporation)
S4 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43616 2012-07-26] (Microsoft Corporation)
S4 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.)
S2 gpsvc; C:\Windows\System32\gpsvc.dll [1366016 2012-07-25] (Microsoft Corporation)
S4 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-09-10] (Google Inc.)
S4 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-09-10] (Google Inc.)
S4 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2013-09-10] (Google)
S4 hidserv; C:\Windows\system32\hidserv.dll [36352 2012-07-25] (Microsoft Corporation)
S4 hkmsvc; C:\Windows\system32\kmsvc.dll [97792 2012-07-25] (Microsoft Corporation)
S4 HomeGroupListener; C:\Windows\system32\ListSvc.dll [264704 2012-10-10] (Microsoft Corporation)
S4 HomeGroupProvider; C:\Windows\system32\provsvc.dll [394752 2012-07-25] (Microsoft Corporation)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company)
S4 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1129760 2013-06-07] (Hewlett-Packard Company)
S4 hpsrv; C:\Windows\system32\Hpservice.exe [29600 2012-08-10] (Hewlett-Packard Company)
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35232 2012-07-09] (Hewlett-Packard Development Company, L.P.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
S4 IKEEXT; C:\Windows\System32\ikeext.dll [1160192 2013-10-10] (Microsoft Corporation)
S4 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [894464 2013-01-09] (Microsoft Corporation)
S4 KeyIso; C:\Windows\system32\keyiso.dll [59904 2012-07-25] (Microsoft Corporation)
S4 KtmRm; C:\Windows\system32\msdtckrm.dll [358912 2012-07-25] (Microsoft Corporation)
S4 LanmanServer; C:\Windows\system32\srvsvc.dll [309248 2012-07-25] (Microsoft Corporation)
S4 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [191488 2012-07-25] (Microsoft Corporation)
S4 lltdsvc; C:\Windows\System32\lltdsvc.dll [274944 2012-07-25] (Microsoft Corporation)
S4 lmhosts; C:\Windows\System32\lmhsvc.dll [23040 2012-07-25] (Microsoft Corporation)
S2 LSM; C:\Windows\System32\lsm.dll [438272 2013-01-09] (Microsoft Corporation)
S4 MMCSS; C:\Windows\system32\mmcss.dll [80896 2012-09-19] (Microsoft Corporation)
S4 MpsSvc; C:\Windows\system32\mpssvc.dll [915968 2013-10-30] (Microsoft Corporation)
S4 MSDTC; C:\Windows\System32\msdtc.exe [144384 2012-07-25] (Microsoft Corporation)
S4 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151552 2012-07-25] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [124416 2012-07-25] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [62976 2012-07-25] (Microsoft Corporation)
S4 napagent; C:\Windows\system32\qagentRT.dll [428544 2012-07-25] (Microsoft Corporation)
S4 NcaSvc; C:\Windows\System32\ncasvc.dll [161792 2012-07-25] (Microsoft Corporation)
S4 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [73728 2012-07-25] (Microsoft Corporation)
S4 Netlogon; C:\Windows\system32\netlogon.dll [743936 2012-07-25] (Microsoft Corporation)
S4 Netman; C:\Windows\System32\netman.dll [255488 2012-07-25] (Microsoft Corporation)
S4 netprofm; C:\Windows\System32\netprofmsvc.dll [470528 2013-05-03] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-11] (Microsoft Corporation)
S4 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 NlaSvc; C:\Windows\System32\nlasvc.dll [356352 2012-09-19] (Microsoft Corporation)
S4 nsi; C:\Windows\system32\nsisvc.dll [25600 2012-07-25] (Microsoft Corporation)
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
S4 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [329728 2012-07-25] (Microsoft Corporation)
S4 p2psvc; C:\Windows\system32\p2psvc.dll [435712 2012-07-25] (Microsoft Corporation)
S4 PcaSvc; C:\Windows\System32\pcasvc.dll [405504 2012-10-23] (Microsoft Corporation)
S4 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2012-07-25] (Microsoft Corporation)
S4 pla; C:\Windows\system32\pla.dll [1379840 2012-07-25] (Microsoft Corporation)
S4 PlugPlay; C:\Windows\system32\umpnpmgr.dll [107008 2012-09-19] (Microsoft Corporation)
S4 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [26624 2012-07-25] (Microsoft Corporation)
S4 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [329728 2012-07-25] (Microsoft Corporation)
S4 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [474624 2012-07-25] (Microsoft Corporation)
S4 Power; C:\Windows\system32\umpo.dll [89600 2012-09-19] (Microsoft Corporation)
S4 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675200 2012-07-25] (Microsoft Corporation)
S2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-07-25] (Microsoft Corporation)
S4 QWAVE; C:\Windows\system32\qwave.dll [268800 2012-07-25] (Microsoft Corporation)
S4 RasAuto; C:\Windows\System32\rasauto.dll [99840 2012-07-25] (Microsoft Corporation)
S4 RasMan; C:\Windows\System32\rasmans.dll [358400 2012-07-25] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [107520 2012-07-25] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [81920 2012-07-25] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159744 2012-07-25] (Microsoft Corporation)
S2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [76288 2012-09-19] (Microsoft Corporation)
S4 RpcLocator; C:\Windows\system32\locator.exe [9728 2012-07-25] (Microsoft Corporation)
S2 RpcSs; C:\Windows\system32\rpcss.dll [817152 2012-07-25] (Microsoft Corporation)
S4 SamSs; C:\Windows\system32\lsass.exe [35840 2012-09-19] (Microsoft Corporation)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [196608 2012-07-25] (Microsoft Corporation)
S2 Schedule; C:\Windows\system32\schedsvc.dll [1285632 2013-04-08] (Microsoft Corporation)
S4 SCPolicySvc; C:\Windows\System32\certprop.dll [149504 2012-07-25] (Microsoft Corporation)
S4 SDRSVC; C:\Windows\System32\SDRSVC.dll [148480 2012-07-25] (Microsoft Corporation)
S4 seclogon; C:\Windows\system32\seclogon.dll [30720 2012-07-25] (Microsoft Corporation)
S4 SENS; C:\Windows\System32\sens.dll [62976 2012-07-25] (Microsoft Corporation)
S4 SensrSvc; C:\Windows\system32\sensrsvc.dll [161792 2012-07-25] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\system32\sessenv.dll [291328 2012-07-25] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [249344 2012-07-25] (Microsoft Corporation)
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [438784 2012-07-25] (Microsoft Corporation)
S4 ShellHWDetection; C:\Windows\System32\shsvcs.dll [565760 2012-07-25] (Microsoft Corporation)
S4 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [506368 2012-07-25] (Microsoft Corporation)
S4 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S4 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2012-07-25] (Microsoft Corporation)
S4 Spooler; C:\Windows\System32\spoolsv.exe [769024 2012-07-25] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [4917760 2013-08-15] (Microsoft Corporation)
S4 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [266240 2012-07-25] (Microsoft Corporation)
S4 SstpSvc; C:\Windows\system32\sstpsvc.dll [81920 2012-07-25] (Microsoft Corporation)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.)
S4 stisvc; C:\Windows\System32\wiaservc.dll [570880 2012-07-25] (Microsoft Corporation)
S4 StorSvc; C:\Windows\system32\storsvc.dll [20992 2012-07-25] (Microsoft Corporation)
S4 svsvc; C:\Windows\system32\svsvc.dll [12800 2012-07-25] (Microsoft Corporation)
S4 swprv; C:\Windows\System32\swprv.dll [502784 2012-07-25] (Microsoft Corporation)
S4 SysMain; C:\Windows\system32\sysmain.dll [1332736 2013-05-03] (Microsoft Corporation)
S3 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [180224 2013-03-01] (Microsoft Corporation)
S4 TabletInputService; C:\Windows\System32\TabSvc.dll [84480 2012-07-25] (Microsoft Corporation)
S4 TapiSrv; C:\Windows\System32\tapisrv.dll [305664 2012-07-25] (Microsoft Corporation)
S4 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [245760 2012-07-25] (Microsoft Corporation)
S4 TermService; C:\Windows\System32\termsrv.dll [723968 2012-07-25] (Microsoft Corporation)
S4 Themes; C:\Windows\system32\themeservice.dll [47104 2012-07-25] (Microsoft Corporation)
S4 THREADORDER; C:\Windows\system32\mmcss.dll [80896 2012-09-19] (Microsoft Corporation)
S3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [171008 2013-03-01] (Microsoft Corporation)
S4 TrkWks; C:\Windows\System32\trkwks.dll [119808 2012-07-25] (Microsoft Corporation)
S4 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [98304 2013-05-15] (Microsoft Corporation)
S4 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2012-07-25] (Microsoft Corporation)
S4 UmRdpService; C:\Windows\System32\umrdp.dll [250880 2012-07-25] (Microsoft Corporation)
S4 upnphost; C:\Windows\System32\upnphost.dll [520704 2012-07-25] (Microsoft Corporation)
S4 VaultSvc; C:\Windows\System32\vaultsvc.dll [283648 2012-07-25] (Microsoft Corporation)
S4 vds; C:\Windows\System32\vds.exe [680960 2013-06-01] (Microsoft Corporation)
S4 vmicheartbeat; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
S4 vmickvpexchange; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
S4 vmicrdv; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
S4 vmicshutdown; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
S4 vmictimesync; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
S4 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
S4 VSS; C:\Windows\system32\vssvc.exe [1483776 2013-05-03] (Microsoft Corporation)
S4 W32Time; C:\Windows\system32\w32time.dll [358400 2012-07-25] (Microsoft Corporation)
S4 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)
S4 wbengine; C:\Windows\system32\wbengine.exe [1616896 2012-07-25] (Microsoft Corporation)
S4 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [335872 2012-07-25] (Microsoft Corporation)
S4 Wcmsvc; C:\Windows\System32\wcmsvc.dll [263680 2013-06-24] (Microsoft Corporation)
S4 wcncsvc; C:\Windows\System32\wcncsvc.dll [466944 2012-11-05] (Microsoft Corporation)
S4 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [41472 2012-07-25] (Microsoft Corporation)
S4 WdiServiceHost; C:\Windows\system32\wdi.dll [109568 2012-07-25] (Microsoft Corporation)
S4 WdiSystemHost; C:\Windows\system32\wdi.dll [109568 2012-07-25] (Microsoft Corporation)
S4 WebClient; C:\Windows\System32\webclnt.dll [227840 2013-08-26] (Microsoft Corporation)
S4 Wecsvc; C:\Windows\system32\wecsvc.dll [218112 2012-07-25] (Microsoft Corporation)
S4 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2012-07-25] (Microsoft Corporation)
S4 WerSvc; C:\Windows\System32\WerSvc.dll [87552 2013-02-02] (Microsoft Corporation)
S4 WiaRpc; C:\Windows\System32\wiarpc.dll [65536 2012-07-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-24] (Microsoft Corporation)
S4 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [710656 2012-11-05] (Microsoft Corporation)
S4 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [219648 2012-07-25] (Microsoft Corporation)
S4 WinRM; C:\Windows\system32\WsmSvc.dll [2836992 2012-07-25] (Microsoft Corporation)
S4 WlanSvc; C:\Windows\System32\wlansvc.dll [1386496 2012-11-05] (Microsoft Corporation)
S4 wlidsvc; C:\Windows\system32\wlidsvc.dll [1964544 2013-01-09] (Microsoft Corporation)
S4 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [198144 2012-07-25] (Microsoft Corporation)
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1314816 2012-09-19] (Microsoft Corporation)
S4 WPCSvc; C:\Windows\System32\wpcsvc.dll [11776 2012-07-25] (Microsoft Corporation)
S4 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [103936 2013-03-01] (Microsoft Corporation)
S4 wscsvc; C:\Windows\System32\wscsvc.dll [99840 2013-04-08] (Microsoft Corporation)
S4 WSearch; C:\Windows\system32\SearchIndexer.exe [816128 2013-04-08] (Microsoft Corporation)
S4 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [670208 2013-04-08] (Microsoft Corporation)
S3 WSService; C:\Windows\System32\WSService.dll [2371728 2013-08-15] (Microsoft Corporation)
S4 wuauserv; C:\Windows\system32\wuaueng.dll [3279872 2013-10-08] (Microsoft Corporation)
S4 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation)
S4 WwanSvc; C:\Windows\System32\wwansvc.dll [447488 2013-06-24] (Microsoft Corporation)

==================== Drivers (All) ==========================

S3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [226304 2012-07-25] (Microsoft Corporation)
S0 3ware; C:\Windows\System32\drivers\3ware.sys [106736 2012-07-25] (LSI)
S1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-03-21] (Emsisoft GmbH)
S3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [42400 2012-08-10] (Hewlett-Packard Company)
S0 ACPI; C:\Windows\System32\drivers\ACPI.sys [425192 2012-09-20] (Microsoft Corporation)
S0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [77040 2012-07-25] (Microsoft Corporation)
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2012-07-25] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2012-07-25] (Microsoft Corporation)
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2012-07-25] (Microsoft Corporation)
S0 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [492272 2012-07-25] (Adaptec, Inc.)
S0 adpahci; C:\Windows\System32\drivers\adpahci.sys [340720 2012-07-25] (Adaptec, Inc.)
S0 adpu320; C:\Windows\System32\drivers\adpu320.sys [184048 2012-07-25] (Adaptec, Inc.)
S1 AFD; C:\Windows\system32\drivers\afd.sys [576512 2013-09-03] (Microsoft Corporation)
S0 agp440; C:\Windows\System32\drivers\agp440.sys [63216 2012-07-25] (Microsoft Corporation)
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [90624 2012-11-05] (Microsoft Corporation)
S3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [10283520 2012-08-09] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [368640 2012-08-08] (Advanced Micro Devices, Inc.)
S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [88064 2012-11-05] (Microsoft Corporation)
S0 amdsata; C:\Windows\System32\drivers\amdsata.sys [76016 2012-07-25] (Advanced Micro Devices)
S0 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [258288 2012-07-25] (AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [26352 2012-07-25] (Advanced Micro Devices)
S0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [79528 2012-07-24] (Advanced Micro Devices)
S0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [26280 2012-07-24] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [79360 2012-07-25] (Microsoft Corporation)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
S0 arc; C:\Windows\System32\drivers\arc.sys [104688 2012-07-25] (PMC-Sierra, Inc.)
S0 arcsas; C:\Windows\System32\drivers\arcsas.sys [108272 2012-07-25] (PMC-Sierra, Inc.)
S3 AsyncMac; C:\Windows\system32\DRIVERS\asyncmac.sys [26624 2012-07-25] (Microsoft Corporation)
S0 atapi; C:\Windows\System32\drivers\atapi.sys [25840 2012-07-25] (Microsoft Corporation)
S3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3618304 2012-07-24] (Qualcomm Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533224 2012-09-19] (Broadcom Corporation)
S1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [48640 2012-07-25] (Microsoft Corporation)
S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [29696 2012-07-25] (Microsoft Corporation)
S5 BattC; C:\Windows\System32\Drivers\BattC.sys [33512 2012-10-10] (Microsoft Corporation)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [7680 2012-07-25] (Microsoft Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [101888 2012-07-25] (Microsoft Corporation)
S3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [37632 2013-05-31] (Microsoft Corporation)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [51200 2012-07-25] (Microsoft Corporation)
S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [29952 2012-11-26] (Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [65536 2012-07-25] (Microsoft Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [108544 2012-07-25] (Microsoft Corporation)
S1 cdrom; C:\Windows\System32\drivers\cdrom.sys [174080 2012-07-25] (Microsoft Corporation)
S3 circlass; C:\Windows\System32\drivers\circlass.sys [45056 2012-07-25] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-03-21] (Emsisoft GmbH)
S0 CLFS; C:\Windows\System32\drivers\CLFS.sys [361200 2012-07-25] (Microsoft Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25600 2012-07-25] (Microsoft Corporation)
S0 CNG; C:\Windows\System32\Drivers\cng.sys [562392 2012-10-10] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2012-07-25] (Microsoft Corporation)
S3 condrv; C:\Windows\System32\drivers\condrv.sys [33792 2012-07-25] (Microsoft Corporation)
S1 dam; C:\Windows\System32\drivers\dam.sys [58200 2013-08-15] (Microsoft Corporation)
S3 dc3d; C:\Windows\System32\drivers\dc3d.sys [76464 2013-03-25] (Microsoft Corporation)
S1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [118784 2012-07-25] (Microsoft Corporation)
S1 discache; C:\Windows\System32\drivers\discache.sys [50688 2012-07-25] (Microsoft Corporation)
S0 disk; C:\Windows\System32\drivers\disk.sys [100696 2013-10-13] (Microsoft Corporation)
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [33280 2012-07-25] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2012-10-10] (Microsoft Corporation)
S3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [1455448 2013-09-18] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-19] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S0 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [81136 2012-07-25] (Microsoft Corporation)
S0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [113904 2012-07-25] (Microsoft Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2012-07-25] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [194560 2012-07-25] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [210672 2012-07-25] (Microsoft Corporation)
S3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2012-07-25] (Microsoft Corporation)
S0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [71920 2012-07-25] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2012-07-25] (Microsoft Corporation)
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [24576 2012-07-25] (Microsoft Corporation)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [374512 2012-07-25] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [57584 2012-07-25] (Microsoft Corporation)
S0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [25328 2012-07-25] (Microsoft Corporation)
S0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [465240 2013-08-20] (Microsoft Corporation)
S3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [22528 2012-11-05] (Microsoft Corporation)
S0 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [66800 2012-07-25] (Microsoft Corporation)
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [12288 2012-07-25] (Microsoft Corporation)
S3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [120144 2013-07-09] (Microsoft Corporation)
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [341504 2013-06-25] (Microsoft Corporation)
S3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [71168 2012-09-19] (Microsoft Corporation)
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [27136 2012-07-25] (Microsoft Corporation)
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [95744 2013-04-08] (Microsoft Corporation)
S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [39936 2012-11-19] (Microsoft Corporation)
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [46080 2012-07-25] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [27648 2013-05-03] (Microsoft Corporation)
S0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [29600 2012-08-10] (Hewlett-Packard Company)
S0 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64752 2012-07-25] (Hewlett-Packard Company)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [861184 2013-03-14] (Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24816 2012-07-25] (Microsoft Corporation)
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [11776 2012-07-25] (Microsoft Corporation)
S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [24576 2012-07-25] (Microsoft Corporation)
S3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [112640 2012-07-25] (Microsoft Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [645952 2012-07-31] (Intel Corporation)
S0 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [411888 2012-07-25] (Intel Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [10627744 2012-06-02] (Intel Corporation)
S0 iirsp; C:\Windows\System32\drivers\iirsp.sys [45296 2012-07-25] (Intel Corp./ICP vortex GmbH)
S0 intelide; C:\Windows\System32\drivers\intelide.sys [18672 2012-07-25] (Microsoft Corporation)
S3 intelppm; C:\Windows\System32\drivers\intelppm.sys [89088 2012-11-05] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [89088 2012-07-25] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [78336 2012-07-25] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [145920 2012-07-25] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2012-07-25] (Microsoft Corporation)
S0 isapnp; C:\Windows\System32\drivers\isapnp.sys [22256 2012-07-25] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [277736 2012-11-05] (Microsoft Corporation)
S3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [48368 2012-07-25] (Microsoft Corporation)
S3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [29184 2012-07-25] (Microsoft Corporation)
S3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [18432 2012-07-25] (Microsoft Corporation)
S0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100072 2012-09-20] (Microsoft Corporation)
S0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [172264 2012-10-10] (Microsoft Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21376 2012-07-25] (Microsoft Corporation)
S2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [60416 2012-07-25] (Microsoft Corporation)
S0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [108784 2012-07-25] (LSI Corporation)
S0 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [92400 2012-07-25] (LSI Corporation)
S0 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [116976 2012-07-25] (LSI Corporation)
S0 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [81136 2012-07-25] (LSI Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [134144 2012-07-25] (Microsoft Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [51952 2012-07-25] (LSI Corporation)
S0 MegaSR; C:\Windows\System32\drivers\MegaSR.sys [353008 2012-07-25] (LSI Corporation, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2012-07-25] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\drivers\monitor.sys [30720 2013-02-28] (Microsoft Corporation)
S3 mouclass; C:\Windows\System32\drivers\mouclass.sys [45808 2012-07-25] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\drivers\mouhid.sys [26112 2013-03-01] (Microsoft Corporation)
S0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [93936 2012-07-25] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74752 2013-10-30] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [141312 2012-07-25] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [370688 2013-02-05] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [279552 2012-07-25] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [215552 2013-02-05] (Microsoft Corporation)
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-25] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2012-07-25] (Microsoft Corporation)
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [28904 2013-01-09] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8704 2012-07-25] (Microsoft Corporation)
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [10752 2012-07-25] (Microsoft Corporation)
S0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17136 2012-07-25] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [11008 2012-07-25] (Microsoft Corporation)
S3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [68608 2012-07-25] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7168 2012-07-25] (Microsoft Corporation)
S3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6912 2012-07-25] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [390896 2012-07-25] (Microsoft Corporation)
S1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [37616 2012-07-25] (Microsoft Corporation)
S3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [8192 2012-07-25] (Microsoft Corporation)
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [14848 2012-07-25] (Microsoft Corporation)
S0 Mup; C:\Windows\System32\Drivers\mup.sys [83696 2012-07-25] (Microsoft Corporation)
S0 mvumis; C:\Windows\System32\drivers\mvumis.sys [64240 2012-07-25] (Marvell Semiconductor, Inc.)
S2 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [427520 2012-07-25] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131221.006\ENG64.SYS [126040 2013-09-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131221.006\EX64.SYS [2099288 2013-09-28] (Symantec Corporation)
S0 NDIS; C:\Windows\System32\drivers\ndis.sys [997632 2013-06-16] (Microsoft Corporation)
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [46592 2012-07-25] (Microsoft Corporation)
S3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2012-07-25] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [25088 2012-09-19] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [58880 2012-07-25] (Microsoft Corporation)
S3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation)
S3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [60416 2013-04-08] (Microsoft Corporation)
S2 Ndu; C:\Windows\System32\drivers\Ndu.sys [97792 2012-07-25] (Microsoft Corporation)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [46080 2012-07-25] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [331776 2012-07-25] (Microsoft Corporation)
S0 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [52464 2012-07-25] (IBM Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [49152 2012-07-25] (Microsoft Corporation)
S1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23552 2012-07-25] (Microsoft Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [34304 2012-07-25] (Microsoft Corporation)
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1933544 2013-02-02] (Microsoft Corporation)
S1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2012-07-25] (Microsoft Corporation)
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150256 2012-07-25] (NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [168176 2012-07-25] (NVIDIA Corporation)
S0 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [125168 2012-07-25] (Microsoft Corporation)
S3 Parport; C:\Windows\System32\drivers\parport.sys [105984 2012-07-25] (Microsoft Corporation)
S0 partmgr; C:\Windows\System32\drivers\partmgr.sys [91880 2013-01-09] (Microsoft Corporation)
S0 pci; C:\Windows\System32\drivers\pci.sys [234224 2012-07-25] (Microsoft Corporation)
S0 pciide; C:\Windows\System32\drivers\pciide.sys [14064 2012-07-25] (Microsoft Corporation)
S0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [237808 2012-07-25] (Microsoft Corporation)
S0 pcw; C:\Windows\System32\drivers\pcw.sys [52464 2012-07-25] (Microsoft Corporation)
S0 pdc; C:\Windows\System32\drivers\pdc.sys [69864 2013-03-02] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [805376 2013-04-08] (Microsoft Corporation)
S3 Point64; C:\Windows\System32\drivers\point64.sys [50864 2013-05-13] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\system32\DRIVERS\raspptp.sys [114176 2012-07-25] (Microsoft Corporation)
S3 Processor; C:\Windows\System32\drivers\processr.sys [87552 2012-11-05] (Microsoft Corporation)
S1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [145408 2012-07-25] (Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2012-07-25] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [16384 2012-07-25] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [68608 2012-07-25] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [124928 2012-07-25] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [81920 2012-07-25] (Microsoft Corporation)
S3 RasSstp; C:\Windows\system32\DRIVERS\rassstp.sys [92672 2012-07-25] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [427520 2013-05-03] (Microsoft Corporation)
S3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2012-07-25] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [179712 2012-07-25] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [27880 2012-10-12] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [208384 2012-07-25] (Microsoft Corporation)
S0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [217328 2012-07-25] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [78848 2012-07-25] (Microsoft Corporation)
S3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [690832 2012-07-31] (Realtek                                            )
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2012-07-25] (Microsoft Corporation)
S0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107760 2012-07-25] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [36864 2012-07-25] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\drivers\sdbus.sys [195416 2013-06-28] (Microsoft Corporation)
S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [56552 2012-10-10] (Microsoft Corporation)
S2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2012-07-26] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [62976 2012-07-25] (Microsoft Corporation)
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2012-07-25] (Microsoft Corporation)
S3 Serial; C:\Windows\System32\drivers\serial.sys [76800 2012-07-25] (Microsoft Corporation)
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [27136 2012-07-25] (Microsoft Corporation)
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [16896 2012-07-25] (Microsoft Corporation)
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44784 2012-07-25] (Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81648 2012-07-25] (Silicon Integrated Systems)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 spaceport; C:\Windows\System32\drivers\spaceport.sys [285016 2013-10-04] (Microsoft Corporation)
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [59392 2012-07-25] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [416768 2012-07-25] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [623104 2013-04-08] (Microsoft Corporation)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [247808 2013-04-08] (Microsoft Corporation)
S0 stexstor; C:\Windows\System32\drivers\stexstor.sys [30960 2012-07-25] (Promise Technology, Inc.)
S3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [540160 2012-07-21] (IDT, Inc.)
S0 storahci; C:\Windows\System32\drivers\storahci.sys [77544 2013-03-02] (Microsoft Corporation)
S0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [45160 2012-07-25] (Microsoft Corporation)
S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [37992 2012-07-25] (Microsoft Corporation)
S3 swenum; C:\Windows\System32\drivers\swenum.sys [13680 2012-07-25] (Microsoft Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-25] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [495856 2013-06-25] (Synaptics Incorporated)
S0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2232664 2013-10-31] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\system32\DRIVERS\tcpip.sys [2232664 2013-10-31] (Microsoft Corporation)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2012-07-25] (Microsoft Corporation)
S1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [117248 2012-07-25] (Microsoft Corporation)
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [36592 2012-07-25] (Microsoft Corporation)
S3 TPM; C:\Windows\system32\drivers\tpm.sys [151896 2013-08-09] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57344 2012-07-25] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [30208 2012-07-25] (Microsoft Corporation)
S3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [149504 2012-07-25] (Microsoft Corporation)
S0 uagp35; C:\Windows\System32\drivers\uagp35.sys [65776 2012-07-25] (Microsoft Corporation)
S3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [97008 2012-07-25] (Microsoft Corporation)
S3 UCX01000; C:\Windows\System32\drivers\ucx01000.sys [213336 2013-07-01] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [321536 2013-06-25] (Microsoft Corporation)
S0 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [66800 2012-07-25] (Microsoft Corporation)
S3 umbus; C:\Windows\System32\drivers\umbus.sys [48128 2012-07-25] (Microsoft Corporation)
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2012-07-25] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [120832 2013-06-28] (Microsoft Corporation)
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [99328 2013-07-05] (Microsoft Corporation)
S3 usbehci; C:\Windows\System32\drivers\usbehci.sys [79192 2013-06-30] (Microsoft Corporation)
S3 usbfilter; C:\Windows\system32\DRIVERS\usbfilter.sys [57000 2012-06-19] (Advanced Micro Devices)
S3 usbhub; C:\Windows\System32\drivers\usbhub.sys [623448 2013-06-30] (Microsoft Corporation)
S3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [447320 2013-10-01] (Microsoft Corporation)
S3 usbohci; C:\Windows\System32\drivers\usbohci.sys [27136 2012-11-19] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [25600 2013-07-01] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [119040 2013-06-06] (Microsoft Corporation)
S3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [32256 2013-06-28] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [210560 2013-07-05] (Microsoft Corporation)
S3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [337752 2013-07-01] (Microsoft Corporation)
S0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36080 2012-07-25] (Microsoft Corporation)
S3 VerifierExt; C:\Windows\System32\drivers\VerifierExt.sys [106224 2012-07-25] (Microsoft Corporation)
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [495336 2013-03-02] (Microsoft Corporation)
S0 viaide; C:\Windows\System32\drivers\viaide.sys [19184 2012-07-25] (VIA Technologies, Inc.)
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [137832 2012-07-25] (Microsoft Corporation)
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [22144 2012-07-25] (Microsoft Corporation)
S0 volmgr; C:\Windows\System32\drivers\volmgr.sys [83184 2012-07-25] (Microsoft Corporation)
S0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [378608 2012-07-25] (Microsoft Corporation)
S0 volsnap; C:\Windows\System32\drivers\volsnap.sys [327936 2013-06-01] (Microsoft Corporation)
S3 vpci; C:\Windows\System32\drivers\vpci.sys [67824 2012-07-25] (Microsoft Corporation)
S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [164080 2012-07-25] (VIA Technologies Inc.,Ltd)
S0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [322800 2012-07-25] (VIA Corporation)
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24064 2012-07-25] (Microsoft Corporation)
S1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [64000 2012-07-25] (Microsoft Corporation)
S3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [17920 2012-07-25] (Microsoft Corporation)
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [27008 2012-07-25] (Microsoft Corporation)
S3 Wanarp; C:\Windows\system32\DRIVERS\wanarp.sys [83456 2013-04-08] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\system32\DRIVERS\wanarp.sys [83456 2013-04-08] (Microsoft Corporation)
S0 Wd; C:\Windows\System32\drivers\wd.sys [23792 2012-07-25] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2013-10-24] (Microsoft Corporation)
S0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-21] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [248240 2013-10-24] (Microsoft Corporation)
S0 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [96600 2013-10-10] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [33520 2012-07-25] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [17408 2012-07-25] (Microsoft Corporation)
S3 wpcfltr; C:\Windows\System32\DRIVERS\wpcfltr.sys [45056 2012-07-25] (Microsoft Corporation)
S3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [19968 2012-07-25] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22528 2012-09-19] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 22:32 - 2014-03-22 06:00 - 222548312 _____ () C:\emerg.exe
2014-03-22 21:08 - 2014-03-22 21:08 - 00000546 _____ () C:\Users\pete\Desktop\Emsisoft Emergency Kit.lnk
2014-03-22 21:08 - 2014-03-22 21:08 - 00000000 ____D () C:\EEK
2014-03-22 06:03 - 2014-03-28 02:46 - 00000000 ____D () C:\FRST
2014-03-22 04:49 - 2014-03-22 04:49 - 00000000 ____D () C:\Windows\LastGood
2014-03-21 21:38 - 2014-03-21 21:38 - 00000070 _____ () C:\Windows\System32\Tasks\.directory
2014-03-21 21:35 - 2014-03-21 21:35 - 00000049 _____ () C:\Windows\SysWOW64\.directory
2014-03-21 15:01 - 2013-03-01 18:45 - 04577792 _____ (Microsoft Corporation) C:\wordpad.exe
2014-03-21 14:48 - 2014-03-21 14:48 - 00000050 _____ () C:\.directory
2014-03-21 06:06 - 2014-03-21 06:06 - 00000000 ____D () C:\NBRT
2014-03-21 02:01 - 2014-03-21 23:34 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-20 23:51 - 2014-03-22 17:58 - 00000000 ____D () C:\Users\pete\AppData\Local\CrashDumps
2014-03-20 21:47 - 2014-03-20 21:53 - 00000000 ____D () C:\Users\pete\AppData\Local\NPE
2014-03-20 05:17 - 2014-03-20 05:17 - 00000000 ____D () C:\Windows\pss
2014-03-17 05:41 - 2014-03-17 05:42 - 00292688 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-15 18:42 - 2014-03-16 16:21 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-03-13 17:32 - 2014-02-23 00:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 17:32 - 2014-02-23 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 17:32 - 2014-02-23 00:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2014-03-13 17:32 - 2014-02-23 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-13 17:32 - 2014-02-23 00:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 17:32 - 2014-02-23 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-13 17:32 - 2014-02-23 00:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-03-13 17:32 - 2014-02-23 00:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-13 17:32 - 2014-02-22 22:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:32 - 2014-02-22 22:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:32 - 2014-02-22 22:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:32 - 2014-02-22 22:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 17:32 - 2014-02-07 20:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-13 17:32 - 2013-10-24 23:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2014-03-13 17:32 - 2013-10-24 14:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2014-03-13 17:31 - 2014-02-23 00:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2014-03-13 17:31 - 2014-02-23 00:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-13 17:31 - 2014-02-23 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 17:31 - 2014-02-22 22:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:31 - 2014-02-22 22:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:31 - 2014-02-22 22:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:31 - 2014-02-22 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 17:31 - 2014-02-22 22:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:31 - 2014-02-22 20:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 17:31 - 2014-02-05 15:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-13 17:31 - 2014-02-05 15:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 17:31 - 2014-01-30 16:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:31 - 2014-01-30 16:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-13 17:31 - 2013-12-06 22:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-03-13 17:31 - 2013-12-06 21:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

==================== One Month Modified Files and Folders =======

2014-03-28 02:46 - 2014-03-22 06:03 - 00000000 ____D () C:\FRST
2014-03-22 21:56 - 2013-06-22 02:01 - 01126340 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 21:10 - 2012-07-25 23:28 - 00941050 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-22 21:08 - 2014-03-22 21:08 - 00000546 _____ () C:\Users\pete\Desktop\Emsisoft Emergency Kit.lnk
2014-03-22 21:08 - 2014-03-22 21:08 - 00000000 ____D () C:\EEK
2014-03-22 17:58 - 2014-03-20 23:51 - 00000000 ____D () C:\Users\pete\AppData\Local\CrashDumps
2014-03-22 06:00 - 2014-03-22 22:32 - 222548312 _____ () C:\emerg.exe
2014-03-22 04:49 - 2014-03-22 04:49 - 00000000 ____D () C:\Windows\LastGood
2014-03-21 23:34 - 2014-03-21 02:01 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-21 21:38 - 2014-03-21 21:38 - 00000070 _____ () C:\Windows\System32\Tasks\.directory
2014-03-21 21:35 - 2014-03-21 21:35 - 00000049 _____ () C:\Windows\SysWOW64\.directory
2014-03-21 14:48 - 2014-03-21 14:48 - 00000050 _____ () C:\.directory
2014-03-21 06:06 - 2014-03-21 06:06 - 00000000 ____D () C:\NBRT
2014-03-20 21:53 - 2014-03-20 21:47 - 00000000 ____D () C:\Users\pete\AppData\Local\NPE
2014-03-20 05:17 - 2014-03-20 05:17 - 00000000 ____D () C:\Windows\pss
2014-03-20 05:14 - 2013-09-10 18:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 05:14 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 05:07 - 2013-09-10 18:39 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 05:05 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-20 05:04 - 2013-06-22 02:02 - 00000000 ____D () C:\users\pete
2014-03-17 05:43 - 2013-10-16 10:17 - 00000000 ____D () C:\Users\pete\AppData\Roaming\Skype
2014-03-17 05:43 - 2013-10-16 10:17 - 00000000 ____D () C:\ProgramData\Skype
2014-03-17 05:42 - 2014-03-17 05:41 - 00292688 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-16 16:26 - 2013-10-16 10:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 16:21 - 2014-03-15 18:42 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-03-16 16:15 - 2012-07-26 00:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-16 16:15 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 16:15 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 18:27 - 2013-06-22 02:07 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB4A6B51-4E05-4116-8C13-BBDE72250CE4}
2014-03-15 18:26 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru
2014-03-10 20:10 - 2013-09-10 18:40 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-10 19:52 - 2013-06-24 13:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-10 19:52 - 2013-06-24 13:41 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-04 14:52 - 2013-11-17 20:48 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 14:52 - 2013-11-17 20:48 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\pete\classicshell.exe
C:\Users\pete\MSEInstall.exe


==================== Known DLLs (All) =========================

[2013-08-13 13:26] - [2013-05-23 15:02] - 1314816 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2013-08-13 13:26] - [2013-05-23 14:25] - 0694272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2013-07-23 10:54] - [2012-09-19 22:30] - 1743872 ____A (Microsoft Corporation) C:\Windows\System32\combase.dll
[2013-07-23 10:54] - [2012-09-19 21:53] - 1247232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
[2013-06-24 15:40] - [2013-02-01 21:31] - 1690624 ____A (Microsoft Corporation) C:\Windows\System32\gdiplus.dll
[2013-06-24 15:40] - [2013-02-01 21:41] - 1437184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
[2013-12-11 14:57] - [2013-10-18 21:45] - 0062976 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2013-12-11 14:57] - [2013-10-18 20:04] - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2012-07-25 21:26] - [2012-07-25 21:26] - 0654848 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2012-07-25 18:40] - [2012-07-25 19:19] - 0709632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2012-07-25 15:27] - [2012-07-25 19:07] - 0309760 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2012-07-25 15:26] - [2012-07-25 19:19] - 0246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2012-07-25 16:27] - [2012-07-25 19:05] - 0636416 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2012-07-25 16:25] - [2012-07-25 19:18] - 0539136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2012-07-25 18:22] - [2012-07-25 18:22] - 0003584 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2012-07-25 18:29] - [2012-07-25 18:29] - 0002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2012-07-25 16:10] - [2012-07-25 19:07] - 0009728 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2012-07-25 16:12] - [2012-07-25 19:19] - 0007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2012-07-25 16:07] - [2012-07-25 19:08] - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2012-07-25 16:09] - [2012-07-25 19:20] - 0338944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WLDAP32.dll
[2013-07-23 10:41] - [2012-11-05 23:33] - 1566432 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2013-07-23 10:41] - [2012-11-05 20:48] - 1150160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2012-07-25 16:01] - [2012-07-25 19:05] - 0213504 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2012-07-25 18:27] - [2012-07-25 18:27] - 0121344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2012-07-25 18:30] - [2012-07-25 19:08] - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\Wow64cpu.dll
[2014-03-13 17:32] - [2014-02-23 00:13] - 1365504 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2014-03-13 17:32] - [2014-02-22 22:54] - 1140736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\URLMON.dll
[2013-10-20 15:55] - [2013-04-09 15:17] - 1125888 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2013-10-20 15:55] - [2013-04-09 14:29] - 0893952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2012-07-25 18:30] - [2012-07-25 19:08] - 0349696 ____A (Microsoft Corporation) C:\Windows\System32\Wow64win.dll
[2013-12-11 14:57] - [2013-09-27 21:48] - 0778752 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2013-12-11 14:57] - [2013-09-27 19:58] - 0551424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OLEAUT32.dll
[2013-06-24 15:31] - [2012-11-07 20:02] - 0003072 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2013-06-24 15:31] - [2012-11-07 20:01] - 0003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2012-07-25 15:31] - [2012-07-25 19:05] - 0589824 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2012-07-25 15:31] - [2012-07-25 19:18] - 0454656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2012-07-25 21:26] - [2012-07-25 21:26] - 0345088 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2012-07-25 16:11] - [2012-07-25 19:20] - 0310784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll
[2014-03-13 17:31] - [2013-12-06 22:36] - 19751936 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2014-03-13 17:31] - [2013-12-06 21:15] - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHELL32.dll
[2013-11-15 12:32] - [2013-10-02 15:25] - 1300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2013-11-15 12:32] - [2013-10-01 14:22] - 1022976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2012-07-25 18:30] - [2012-07-25 19:08] - 0257536 ____A (Microsoft Corporation) C:\Windows\System32\Wow64.dll
[2012-07-25 17:04] - [2012-07-25 19:05] - 0393216 ____A (Microsoft Corporation) C:\Windows\System32\DifxApi.dll
[2012-07-25 17:19] - [2012-07-25 19:18] - 0359936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DifxApi.dll
[2013-06-25 15:11] - [2013-01-09 15:23] - 1886208 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2013-06-25 15:11] - [2013-01-09 15:26] - 1752064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2013-06-25 13:33] - [2013-05-30 15:24] - 1257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2013-06-25 13:32] - [2013-05-30 15:08] - 0974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2012-07-25 18:11] - [2012-07-25 19:05] - 0894464 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2012-07-25 18:16] - [2012-07-25 19:17] - 0702464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2013-07-23 10:54] - [2012-09-19 22:33] - 1342464 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2013-07-23 10:54] - [2013-05-30 15:08] - 1165824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2014-03-13 17:32] - [2014-02-23 00:11] - 2648576 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2014-03-13 17:32] - [2014-02-22 22:53] - 2049024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2014-03-13 17:32] - [2014-02-23 00:13] - 2241536 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2014-03-13 17:32] - [2014-02-22 22:54] - 1767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WININET.dll
[2012-07-25 21:26] - [2012-07-25 21:26] - 0019456 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2012-07-25 21:26] - [2012-07-25 21:26] - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2012-07-25 21:26] - [2012-07-25 21:26] - 0279040 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2012-07-25 16:10] - [2012-07-25 19:19] - 0199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2013-07-23 10:54] - [2013-05-30 15:08] - 1165824 ____A (Microsoft Corporation) 0A5FE5AF556AAEE58EBA2C2BBC32199D

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3560.36 MB
Available physical RAM: 2923.35 MB
Total Pagefile: 3560.36 MB
Available Pagefile: 2935.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.67 GB) (Free:395.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.32 GB) (Free:2.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (NBRT) (Removable) (Total:0.93 GB) (Free:0.1 GB) FAT32
Drive f: (HRM_CENA_X64FREV_EN-US_DV5) (CDROM) (Total:3.25 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1EFAD293)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 960 MB) (Disk ID: 554D554D)
Partition 1: (Active) - (Size=957 MB) - (Type=0B)


LastRegBack: 2014-03-12 19:14

==================== End Of Log ============================



#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 03 April 2014 - 09:44 AM

Hi artk1 :)

 

We need to check out a specific file. Please open the FRST program again in recovery mode. For this particular scan, it does not matter if the option boxes are checked.

 

In the Search: box, please type in, user32.dll. Then click on the Search File(s) button.

 

After the scan is complete, please copy and paste the report in your next reply to me.

 

polskamachina



#13 artk1

artk1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 03 April 2014 - 10:42 AM

Here it is:

 

Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by SYSTEM at 2014-04-04 02:30:55
Running from E:\
Boot Mode: Recovery

================== Search: "user32.dll" ===================

C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll
[2013-07-23 10:54] - [2013-07-31 09:38] - 0000178 ____A () DEC097437B2E4949C4464C8738C61EE2

C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll
[2013-07-23 10:54] - [2012-09-19 20:10] - 1126912 ____A (Microsoft Corporation) BA1C3ACD929A71E88B49C2B6E38F92B3

C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll
[2012-07-25 16:02] - [2013-07-31 09:37] - 0000190 ____A () 8A9150C4EBD94C3D7B063AD98BDBE241

C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll
[2013-07-23 10:54] - [2013-07-29 14:55] - 0001384 ____A () E5993112257ADC8C204A01D83AD751C5

C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll
[2013-07-23 10:54] - [2012-09-19 22:33] - 1342464 ____A (Microsoft Corporation) A99AD14F26BDA7D7F27F76BC91B7EED7

C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll
[2012-07-25 16:01] - [2013-07-29 14:55] - 0001406 ____A () FC1DC28033236E2535D409A8E1F134A0

C:\Windows\SysWOW64\user32.dll
[2013-07-23 10:54] - [2013-05-30 15:08] - 1165824 ____A (Microsoft Corporation) 0A5FE5AF556AAEE58EBA2C2BBC32199D

C:\Windows\System32\user32.dll
[2013-07-23 10:54] - [2012-09-19 22:33] - 1342464 ____A (Microsoft Corporation) A99AD14F26BDA7D7F27F76BC91B7EED7

X:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll
[2012-07-25 22:12] - [2012-07-25 22:12] - 1342464 ____A (Microsoft Corporation) 1D08594400EE1B500B93256795FE30AE

X:\Windows\System32\user32.dll
[2012-07-25 22:12] - [2012-07-25 22:12] - 1342464 ____A (Microsoft Corporation) 1D08594400EE1B500B93256795FE30AE

====== End Of Search ======



#14 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 05 April 2014 - 11:07 AM

Hi artk1 :)

Let's see if replacing the suspicious file with a known good copy will make your computer bootable again. Please copy and paste the code below into notepad.

Replace: C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll C:\Windows\SysWOW64\User32.dll 

Then save the file in the same location as your FRST program as, fixlist.txt

 

Now, open the FRST program in recovery mode. Then click on the Fix button.

When the program is finished and the log is posted, please copy and paste it into your next reply to me.

 

Let me know if you have any questions. How is your computer behaving now?

 

poslkamachina

 

 



#15 artk1

artk1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 05 April 2014 - 04:06 PM

 That worked. Was able to boot without a problem.

 

THANK YOU Polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users