Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*.microsoft.com and other sites redirect to google.com


  • This topic is locked This topic is locked
20 replies to this topic

#1 gorfmeister

gorfmeister

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 11 April 2012 - 10:11 AM

It appears that something is intercepting my DNS requests and returning 209.85.299.104 as the IP address for *.microsoft.com and various other sites (e.g. anti-virus), so I can't connect except through proxy sites or using IP address instead of domain.

If I put entries in my hosts file to fix, they are ignored. The IP 209.85.299.104 redirects me to www.google.com, but I am unable to ping it or tracert it directly. I checked my DNS settings and they are OK. I even went into the registry to see if there were any unusual classids under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces. There are 2 extras with IP addresses of 0.0.0.0, but I don't know if that means anything.

I have scanned with Symantec AV, Malwarebytes and TDSSKiller, which found nothing. I tried doing a full scan using SUPERAntiSpyware, but the computer rebooted during the scan (I tried twice). Also, I tried twice to run GMER, but the computer rebooted each time (once to a blue screen, error code 0x0000004).

After the last reboot, Symantec AV found SecurityRisk.URLRedir during startup and quarantined it (Filename=Unavailable).

I have Windows XP and the problem appeared when I rebooted after I did some Windows Updates. It has been a long time since I rebooted my computer (perhaps as long as two months), so it is possible the infection was loaded during that time awaiting a reboot in order to finalize its installation. I bring this up because I notice dds.txt only shows files created in the last 30 days.

C:\>ping www.microsoft.com
Pinging lb1.www.ms.akadns.net [209.85.229.104] with 32 bytes of data:
Reply from 209.85.229.104: bytes=32 time=156ms TTL=45

C:\>ping www.kaspersky.com
Pinging web.geo.kaspersky.com [209.85.229.104] with 32 bytes of data:
Reply from 209.85.229.104: bytes=32 time=157ms TTL=45

C:\>ping www.symantec.com
Pinging e5211.b.akamaiedge.net [209.85.229.104] with 32 bytes of data:
Reply from 209.85.229.104: bytes=32 time=157ms TTL=45

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by myname at 20:12:37 on 2012-04-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.455 [GMT -7:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\program files\west wind web monitor\Webmonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\regedit.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://ie.search.msn.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.search.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Reixu] "c:\documents and settings\myname\application data\diusy\tiyq.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)" -"http://www.asyoulikeitalpacas.com/"
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [WebMonitor] "c:\program files\west wind web monitor\Webmonitor.exe" -trayicon
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\VPTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\myname\startm~1\programs\startup\webtime.lnk - c:\util\WebTime.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eudora.lnk - c:\program files\qualcomm\eudora\Eudora.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://symantec2.atgnow.com/sdccommon/download/tgctlcm.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105390711262
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161185916016
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.60.131.202/activex/AxisCamControl.ocx
DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: Interfaces\{EBA852C2-4811-4398-A702-656C8543FF0C} : NameServer = 192.168.40.2
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 66.127.130.64
Hosts: 184.25.113.29 www.symantec.com
.
============= SERVICES / DRIVERS ===============
.
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-4-21 10901]
R1 MpKsl0eb1c43a;MpKsl0eb1c43a;c:\windows\system32\mpenginestore\MpKsl0eb1c43a.sys [2012-4-10 29904]
R1 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-10 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120409.001\naveng.sys [2012-4-10 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120409.001\navex15.sys [2012-4-10 1576312]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-30 40776]
.
=============== Created Last 30 ================
.
2012-04-11 00:01:08 -------- d-----w- c:\documents and settings\myname\application data\SUPERAntiSpyware.com
2012-04-10 23:58:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-10 23:58:44 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-10 23:23:25 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-10 20:42:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-10 20:40:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-14 16:30:35 -------- d-----w- c:\documents and settings\myname\application data\Turebe
2012-03-14 16:30:35 -------- d-----w- c:\documents and settings\myname\application data\Qyawa
2012-03-14 16:30:35 -------- d-----w- c:\documents and settings\myname\application data\Diusy
.
==================== Find3M ====================
.
2012-04-10 22:46:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-10 20:41:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-10 20:40:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:18:43.22 ===============

Attached Files


Edited by gorfmeister, 11 April 2012 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 gorfmeister

gorfmeister
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 11 April 2012 - 10:24 AM

I know you guys are the experts, but I'm guessing that one problem is here:

c:\windows\system32\mpenginestore\MpKsl0eb1c43a.sys

Also, to remain anonymous, I replaced my name with "myname", so if you provide any scripts, I will edit them accordingly.

While waiting for reply here, I re-ran TDSSKiller and checked all options. There were 21 threats, but they were warnings (unsignedFile) and some files looked legit (like awhost32.exe which is used by pcAnywhere), so I didn't quarantine them. Here's the log of that:


09:27:27.0265 2064 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
09:27:28.0437 2064 ============================================================
09:27:28.0437 2064 Current date / time: 2012/04/11 09:27:28.0437
09:27:28.0437 2064 SystemInfo:
09:27:28.0437 2064
09:27:28.0437 2064 OS Version: 5.1.2600 ServicePack: 3.0
09:27:28.0437 2064 Product type: Workstation
09:27:28.0437 2064 ComputerName: PK
09:27:28.0437 2064 UserName: myname
09:27:28.0437 2064 Windows directory: C:\WINDOWS
09:27:28.0437 2064 System windows directory: C:\WINDOWS
09:27:28.0437 2064 Processor architecture: Intel x86
09:27:28.0437 2064 Number of processors: 2
09:27:28.0437 2064 Page size: 0x1000
09:27:28.0437 2064 Boot type: Normal boot
09:27:28.0437 2064 ============================================================
09:27:33.0328 2064 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:27:33.0328 2064 \Device\Harddisk0\DR0:
09:27:33.0328 2064 MBR used
09:27:33.0328 2064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8DEE830
09:27:33.0375 2064 Initialize success
09:27:33.0375 2064 ============================================================
09:27:53.0954 2612 ============================================================
09:27:53.0954 2612 Scan started
09:27:53.0954 2612 Mode: Manual; SigCheck; TDLFS;
09:27:53.0954 2612 ============================================================
09:27:54.0641 2612 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:27:54.0797 2612 !SASCORE - ok
09:27:55.0125 2612 aawservice (07ae10139d7713d69f57209fdf0425cc) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
09:27:55.0391 2612 aawservice - ok
09:27:55.0641 2612 Abiosdsk - ok
09:27:55.0938 2612 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:27:56.0219 2612 abp480n5 - ok
09:27:56.0563 2612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:27:56.0751 2612 ACPI - ok
09:27:57.0047 2612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:27:57.0219 2612 ACPIEC - ok
09:27:57.0610 2612 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:27:57.0657 2612 AdobeFlashPlayerUpdateSvc - ok
09:27:57.0969 2612 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:27:58.0141 2612 adpu160m - ok
09:27:58.0438 2612 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:27:58.0532 2612 aeaudio - ok
09:27:58.0860 2612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:27:59.0047 2612 aec - ok
09:27:59.0376 2612 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:27:59.0485 2612 AFD - ok
09:27:59.0797 2612 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:27:59.0969 2612 agp440 - ok
09:28:00.0266 2612 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:28:00.0454 2612 agpCPQ - ok
09:28:00.0751 2612 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:28:00.0844 2612 Aha154x - ok
09:28:01.0173 2612 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:28:01.0376 2612 aic78u2 - ok
09:28:01.0704 2612 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:28:01.0891 2612 aic78xx - ok
09:28:02.0173 2612 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:28:02.0360 2612 Alerter - ok
09:28:02.0641 2612 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:28:02.0813 2612 ALG - ok
09:28:03.0126 2612 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:28:03.0282 2612 AliIde - ok
09:28:03.0594 2612 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:28:03.0766 2612 alim1541 - ok
09:28:04.0079 2612 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:28:04.0251 2612 amdagp - ok
09:28:04.0548 2612 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:28:04.0657 2612 amsint - ok
09:28:04.0829 2612 Apple Mobile Device (536fcd2cec5161bfcc91cc21726b9db2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:28:04.0876 2612 Apple Mobile Device - ok
09:28:05.0204 2612 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:28:05.0407 2612 AppMgmt - ok
09:28:05.0720 2612 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:28:05.0891 2612 asc - ok
09:28:06.0204 2612 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:28:06.0298 2612 asc3350p - ok
09:28:06.0626 2612 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:28:06.0798 2612 asc3550 - ok
09:28:07.0110 2612 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:28:07.0204 2612 aspnet_state - ok
09:28:07.0501 2612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:28:07.0673 2612 AsyncMac - ok
09:28:07.0985 2612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:28:08.0142 2612 atapi - ok
09:28:08.0407 2612 Atdisk - ok
09:28:08.0704 2612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:28:08.0860 2612 Atmarpc - ok
09:28:09.0157 2612 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:28:09.0329 2612 AudioSrv - ok
09:28:09.0626 2612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:28:09.0813 2612 audstub - ok
09:28:10.0017 2612 awhost32 (7cf4d19036ba2690e2208379cc56092c) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
09:28:10.0063 2612 awhost32 ( UnsignedFile.Multi.Generic ) - warning
09:28:10.0063 2612 awhost32 - detected UnsignedFile.Multi.Generic (1)
09:28:10.0360 2612 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys
09:28:10.0407 2612 awlegacy ( UnsignedFile.Multi.Generic ) - warning
09:28:10.0407 2612 awlegacy - detected UnsignedFile.Multi.Generic (1)
09:28:10.0704 2612 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys
09:28:10.0735 2612 AW_HOST ( UnsignedFile.Multi.Generic ) - warning
09:28:10.0735 2612 AW_HOST - detected UnsignedFile.Multi.Generic (1)
09:28:11.0032 2612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:28:11.0220 2612 Beep - ok
09:28:11.0642 2612 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:28:12.0189 2612 BITS - ok
09:28:12.0360 2612 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
09:28:12.0407 2612 Bonjour Service - ok
09:28:12.0704 2612 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:28:12.0892 2612 Browser - ok
09:28:13.0142 2612 bvrp_pci - ok
09:28:13.0439 2612 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:28:13.0610 2612 cbidf - ok
09:28:13.0876 2612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:28:14.0032 2612 cbidf2k - ok
09:28:14.0204 2612 ccEvtMgr (0a6786c95a6f8715aa4285e3c27f201f) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
09:28:14.0235 2612 ccEvtMgr - ok
09:28:14.0439 2612 ccSetMgr (3b4898cf051bb04fb76e94361e336a83) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
09:28:14.0470 2612 ccSetMgr - ok
09:28:14.0798 2612 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:28:14.0892 2612 cd20xrnt - ok
09:28:15.0204 2612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:28:15.0392 2612 Cdaudio - ok
09:28:15.0720 2612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:28:15.0892 2612 Cdfs - ok
09:28:16.0204 2612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:28:16.0407 2612 Cdrom - ok
09:28:16.0657 2612 Changer - ok
09:28:16.0923 2612 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:28:17.0111 2612 CiSvc - ok
09:28:17.0392 2612 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:28:17.0579 2612 ClipSrv - ok
09:28:17.0845 2612 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:28:18.0236 2612 clr_optimization_v2.0.50727_32 - ok
09:28:18.0517 2612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:28:18.0657 2612 clr_optimization_v4.0.30319_32 - ok
09:28:18.0970 2612 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:28:19.0126 2612 CmdIde - ok
09:28:19.0361 2612 COMSysApp - ok
09:28:19.0673 2612 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:28:19.0845 2612 Cpqarray - ok
09:28:20.0142 2612 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:28:20.0314 2612 CryptSvc - ok
09:28:20.0673 2612 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:28:20.0861 2612 dac2w2k - ok
09:28:23.0204 2612 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:28:23.0439 2612 dac960nt - ok
09:28:24.0658 2612 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:28:25.0705 2612 DcomLaunch - ok
09:28:26.0064 2612 DefWatch (1f709c66d8aadff35530c56ee261c462) C:\Program Files\Symantec AntiVirus\DefWatch.exe
09:28:26.0095 2612 DefWatch - ok
09:28:26.0689 2612 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:28:26.0845 2612 Dhcp - ok
09:28:27.0595 2612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:28:27.0752 2612 Disk - ok
09:28:28.0267 2612 dmadmin - ok
09:28:29.0330 2612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:28:30.0330 2612 dmboot - ok
09:28:30.0689 2612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:28:30.0877 2612 dmio - ok
09:28:31.0173 2612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:28:31.0345 2612 dmload - ok
09:28:31.0658 2612 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:28:31.0845 2612 dmserver - ok
09:28:32.0158 2612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:28:32.0330 2612 DMusic - ok
09:28:32.0595 2612 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:28:32.0736 2612 Dnscache - ok
09:28:33.0049 2612 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:28:33.0205 2612 Dot3svc - ok
09:28:33.0517 2612 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:28:33.0705 2612 dpti2o - ok
09:28:33.0986 2612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:28:34.0174 2612 drmkaud - ok
09:28:34.0502 2612 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:28:34.0533 2612 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
09:28:34.0533 2612 drvmcdb - detected UnsignedFile.Multi.Generic (1)
09:28:34.0892 2612 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
09:28:34.0924 2612 drvnddm ( UnsignedFile.Multi.Generic ) - warning
09:28:34.0924 2612 drvnddm - detected UnsignedFile.Multi.Generic (1)
09:28:35.0267 2612 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:28:35.0361 2612 E100B - ok
09:28:35.0674 2612 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:28:35.0861 2612 EapHost - ok
09:28:36.0111 2612 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:28:36.0299 2612 eeCtrl - ok
09:28:36.0471 2612 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:28:36.0502 2612 EraserUtilRebootDrv - ok
09:28:36.0814 2612 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:28:37.0002 2612 ERSvc - ok
09:28:37.0299 2612 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:28:37.0361 2612 Eventlog - ok
09:28:37.0705 2612 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:28:37.0799 2612 EventSystem - ok
09:28:38.0158 2612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:28:38.0392 2612 Fastfat - ok
09:28:38.0705 2612 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:28:38.0814 2612 FastUserSwitchingCompatibility - ok
09:28:39.0158 2612 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
09:28:39.0346 2612 Fax - ok
09:28:39.0674 2612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:28:39.0846 2612 Fdc - ok
09:28:40.0158 2612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:28:40.0330 2612 Fips - ok
09:28:40.0627 2612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:28:40.0799 2612 Flpydisk - ok
09:28:41.0143 2612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:28:41.0314 2612 FltMgr - ok
09:28:41.0564 2612 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:28:41.0596 2612 FontCache3.0.0.0 - ok
09:28:41.0893 2612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:28:42.0064 2612 Fs_Rec - ok
09:28:42.0393 2612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:28:42.0580 2612 Ftdisk - ok
09:28:42.0877 2612 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:28:42.0893 2612 GEARAspiWDM - ok
09:28:43.0158 2612 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
09:28:43.0189 2612 Gernuwa ( UnsignedFile.Multi.Generic ) - warning
09:28:43.0189 2612 Gernuwa - detected UnsignedFile.Multi.Generic (1)
09:28:43.0486 2612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:28:43.0658 2612 Gpc - ok
09:28:43.0846 2612 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:28:44.0018 2612 helpsvc - ok
09:28:44.0252 2612 HidServ - ok
09:28:44.0518 2612 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:28:44.0705 2612 hkmsvc - ok
09:28:45.0065 2612 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:28:45.0205 2612 hpn - ok
09:28:45.0533 2612 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:28:45.0611 2612 HSFHWBS2 - ok
09:28:46.0315 2612 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:28:46.0799 2612 HSF_DP - ok
09:28:47.0174 2612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:28:47.0283 2612 HTTP - ok
09:28:47.0580 2612 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:28:47.0768 2612 HTTPFilter - ok
09:28:48.0049 2612 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:28:48.0221 2612 i2omgmt - ok
09:28:48.0518 2612 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:28:48.0674 2612 i2omp - ok
09:28:48.0987 2612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:28:49.0174 2612 i8042prt - ok
09:28:49.0862 2612 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:28:50.0596 2612 ialm - ok
09:28:50.0862 2612 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:28:50.0893 2612 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:28:50.0893 2612 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:28:51.0377 2612 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:28:51.0768 2612 idsvc - ok
09:28:52.0080 2612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:28:52.0252 2612 Imapi - ok
09:28:52.0596 2612 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:28:52.0784 2612 ImapiService - ok
09:28:53.0096 2612 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:28:53.0268 2612 ini910u - ok
09:28:53.0580 2612 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:28:53.0737 2612 IntelIde - ok
09:28:54.0034 2612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:28:54.0190 2612 intelppm - ok
09:28:54.0534 2612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:28:54.0705 2612 Ip6Fw - ok
09:28:55.0018 2612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:28:55.0190 2612 IpFilterDriver - ok
09:28:55.0471 2612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:28:55.0627 2612 IpInIp - ok
09:28:55.0971 2612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:28:56.0159 2612 IpNat - ok
09:28:56.0409 2612 iPod Service (05cf6a56fbf436c347bb87fd1957adc1) C:\Program Files\iPod\bin\iPodService.exe
09:28:56.0565 2612 iPod Service - ok
09:28:56.0909 2612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:28:57.0081 2612 IPSec - ok
09:28:57.0377 2612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:28:57.0549 2612 IRENUM - ok
09:28:57.0846 2612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:28:58.0002 2612 isapnp - ok
09:28:58.0221 2612 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:28:58.0252 2612 JavaQuickStarterService - ok
09:28:58.0549 2612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:28:58.0737 2612 Kbdclass - ok
09:28:59.0065 2612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:28:59.0237 2612 kmixer - ok
09:28:59.0565 2612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:28:59.0690 2612 KSecDD - ok
09:29:00.0003 2612 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:29:00.0081 2612 lanmanserver - ok
09:29:00.0440 2612 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:29:00.0565 2612 lanmanworkstation - ok
09:29:00.0815 2612 lbrtfdc - ok
09:29:01.0737 2612 LiveUpdate (fb3a35318ca7f6a10fa3c3826a69affe) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:29:03.0018 2612 LiveUpdate - ok
09:29:03.0300 2612 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:29:03.0487 2612 LmHosts - ok
09:29:03.0800 2612 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:29:03.0831 2612 MBAMSwissArmy - ok
09:29:04.0128 2612 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:29:04.0190 2612 MDM - ok
09:29:04.0487 2612 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:29:04.0550 2612 mdmxsdk - ok
09:29:04.0831 2612 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:29:05.0018 2612 Messenger - ok
09:29:05.0300 2612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:29:05.0456 2612 mnmdd - ok
09:29:05.0737 2612 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:29:05.0893 2612 mnmsrvc - ok
09:29:06.0206 2612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:29:06.0378 2612 Modem - ok
09:29:06.0675 2612 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:29:06.0847 2612 MODEMCSA - ok
09:29:07.0143 2612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:29:07.0315 2612 Mouclass - ok
09:29:07.0675 2612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:29:07.0847 2612 MountMgr - ok
09:29:08.0143 2612 MpKsl0eb1c43a (a69630d039c38018689190234f866d77) C:\WINDOWS\system32\MpEngineStore\MpKsl0eb1c43a.sys
09:29:08.0159 2612 MpKsl0eb1c43a - ok
09:29:08.0440 2612 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:29:08.0628 2612 mraid35x - ok
09:29:09.0018 2612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:29:09.0347 2612 MRxDAV - ok
09:29:09.0800 2612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:29:09.0956 2612 MRxSmb - ok
09:29:10.0237 2612 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:29:10.0409 2612 MSDTC - ok
09:29:10.0753 2612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:29:10.0894 2612 Msfs - ok
09:29:11.0128 2612 MSIServer - ok
09:29:11.0534 2612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:29:11.0690 2612 MSKSSRV - ok
09:29:12.0003 2612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:29:12.0159 2612 MSPCLOCK - ok
09:29:12.0440 2612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:29:12.0612 2612 MSPQM - ok
09:29:12.0925 2612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:29:13.0065 2612 mssmbios - ok
09:29:13.0206 2612 MSSQL$SQLEXPRESS - ok
09:29:13.0315 2612 MSSQLSERVER - ok
09:29:13.0456 2612 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:29:13.0487 2612 MSSQLServerADHelper - ok
09:29:13.0815 2612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:29:13.0909 2612 Mup - ok
09:29:14.0237 2612 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
09:29:14.0284 2612 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
09:29:14.0284 2612 MxlW2k - detected UnsignedFile.Multi.Generic (1)
09:29:14.0644 2612 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:29:14.0847 2612 napagent - ok
09:29:15.0050 2612 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120410.003\naveng.sys
09:29:15.0066 2612 NAVENG - ok
09:29:15.0706 2612 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120410.003\navex15.sys
09:29:16.0097 2612 NAVEX15 - ok
09:29:16.0472 2612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:29:16.0644 2612 NDIS - ok
09:29:16.0956 2612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:29:17.0034 2612 NdisTapi - ok
09:29:17.0347 2612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:29:17.0519 2612 Ndisuio - ok
09:29:17.0878 2612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:29:18.0066 2612 NdisWan - ok
09:29:18.0362 2612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:29:18.0441 2612 NDProxy - ok
09:29:18.0769 2612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:29:18.0941 2612 NetBIOS - ok
09:29:19.0269 2612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:29:19.0456 2612 NetBT - ok
09:29:19.0784 2612 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:29:20.0003 2612 NetDDE - ok
09:29:20.0034 2612 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:29:20.0175 2612 NetDDEdsdm - ok
09:29:20.0456 2612 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:29:20.0644 2612 Netlogon - ok
09:29:20.0972 2612 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:29:21.0159 2612 Netman - ok
09:29:21.0331 2612 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
09:29:21.0347 2612 NetSvc ( UnsignedFile.Multi.Generic ) - warning
09:29:21.0347 2612 NetSvc - detected UnsignedFile.Multi.Generic (1)
09:29:21.0628 2612 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:29:21.0722 2612 NetTcpPortSharing - ok
09:29:22.0081 2612 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:29:22.0128 2612 Nla - ok
09:29:22.0456 2612 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
09:29:22.0488 2612 NPF - ok
09:29:22.0769 2612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:29:22.0941 2612 Npfs - ok
09:29:23.0394 2612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:29:23.0785 2612 Ntfs - ok
09:29:24.0066 2612 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:29:24.0206 2612 NtLmSsp - ok
09:29:24.0613 2612 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:29:24.0941 2612 NtmsSvc - ok
09:29:25.0222 2612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:29:25.0410 2612 Null - ok
09:29:27.0660 2612 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:29:31.0488 2612 nv - ok
09:29:31.0972 2612 NVSvc (8d64b827a6709c3d18f855619d7d89e9) C:\WINDOWS\system32\nvsvc32.exe
09:29:32.0035 2612 NVSvc - ok
09:29:32.0332 2612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:29:32.0535 2612 NwlnkFlt - ok
09:29:32.0847 2612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:29:33.0035 2612 NwlnkFwd - ok
09:29:33.0160 2612 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:29:33.0175 2612 ose - ok
09:29:33.0488 2612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:29:33.0691 2612 Parport - ok
09:29:33.0988 2612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:29:34.0129 2612 PartMgr - ok
09:29:34.0394 2612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:29:34.0582 2612 ParVdm - ok
09:29:34.0863 2612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:29:35.0051 2612 PCI - ok
09:29:35.0301 2612 PCIDump - ok
09:29:35.0582 2612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:29:35.0754 2612 PCIIde - ok
09:29:36.0082 2612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:29:36.0285 2612 Pcmcia - ok
09:29:36.0535 2612 PDCOMP - ok
09:29:36.0785 2612 PDFRAME - ok
09:29:37.0051 2612 PDRELI - ok
09:29:37.0285 2612 PDRFRAME - ok
09:29:37.0566 2612 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:29:37.0738 2612 perc2 - ok
09:29:38.0066 2612 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:29:38.0223 2612 perc2hib - ok
09:29:38.0551 2612 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:29:38.0582 2612 PlugPlay - ok
09:29:38.0863 2612 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:29:39.0004 2612 PolicyAgent - ok
09:29:39.0301 2612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:29:39.0473 2612 PptpMiniport - ok
09:29:39.0754 2612 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:29:39.0894 2612 ProtectedStorage - ok
09:29:40.0207 2612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:29:40.0379 2612 PSched - ok
09:29:40.0691 2612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:29:40.0879 2612 Ptilink - ok
09:29:41.0176 2612 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:29:41.0191 2612 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:29:41.0191 2612 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:29:41.0504 2612 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:29:41.0691 2612 ql1080 - ok
09:29:42.0004 2612 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:29:42.0191 2612 Ql10wnt - ok
09:29:42.0488 2612 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:29:42.0645 2612 ql12160 - ok
09:29:42.0941 2612 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:29:43.0113 2612 ql1240 - ok
09:29:43.0410 2612 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:29:43.0582 2612 ql1280 - ok
09:29:43.0879 2612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:29:44.0035 2612 RasAcd - ok
09:29:44.0332 2612 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:29:44.0488 2612 RasAuto - ok
09:29:44.0816 2612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:29:44.0988 2612 Rasl2tp - ok
09:29:45.0316 2612 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:29:45.0488 2612 RasMan - ok
09:29:45.0785 2612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:29:45.0973 2612 RasPppoe - ok
09:29:46.0270 2612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:29:46.0457 2612 Raspti - ok
09:29:46.0785 2612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:29:46.0942 2612 Rdbss - ok
09:29:47.0238 2612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:29:47.0395 2612 RDPCDD - ok
09:29:47.0723 2612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:29:47.0910 2612 rdpdr - ok
09:29:48.0285 2612 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:29:48.0348 2612 RDPWD - ok
09:29:48.0660 2612 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:29:48.0817 2612 RDSessMgr - ok
09:29:49.0285 2612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:29:49.0442 2612 redbook - ok
09:29:50.0676 2612 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:29:50.0895 2612 RemoteAccess - ok
09:29:51.0176 2612 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:29:51.0348 2612 RemoteRegistry - ok
09:29:51.0489 2612 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
09:29:51.0520 2612 rpcapd - ok
09:29:51.0848 2612 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:29:51.0989 2612 RpcLocator - ok
09:29:52.0379 2612 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:29:52.0473 2612 RpcSs - ok
09:29:52.0832 2612 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:29:53.0004 2612 RSVP - ok
09:29:53.0348 2612 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:29:53.0489 2612 SamSs - ok
09:29:53.0614 2612 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:29:53.0629 2612 SASDIFSV - ok
09:29:53.0817 2612 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:29:53.0832 2612 SASKUTIL - ok
09:29:53.0989 2612 SavRoam (3525fdcfc567e807a337c61aff366be8) C:\Program Files\Symantec AntiVirus\SavRoam.exe
09:29:54.0020 2612 SavRoam - ok
09:29:54.0223 2612 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
09:29:54.0364 2612 SAVRT - ok
09:29:54.0504 2612 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
09:29:54.0520 2612 SAVRTPEL - ok
09:29:54.0832 2612 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:29:55.0004 2612 SCardSvr - ok
09:29:55.0332 2612 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:29:55.0536 2612 Schedule - ok
09:29:55.0832 2612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:29:56.0004 2612 Secdrv - ok
09:29:56.0286 2612 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:29:56.0442 2612 seclogon - ok
09:29:56.0739 2612 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:29:56.0926 2612 SENS - ok
09:29:57.0207 2612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:29:57.0379 2612 serenum - ok
09:29:57.0676 2612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:29:57.0848 2612 Serial - ok
09:29:58.0176 2612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:29:58.0348 2612 Sfloppy - ok
09:29:58.0723 2612 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:29:58.0973 2612 SharedAccess - ok
09:29:59.0286 2612 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:29:59.0301 2612 ShellHWDetection - ok
09:29:59.0567 2612 Simbad - ok
09:29:59.0833 2612 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:29:59.0973 2612 sisagp - ok
09:30:00.0458 2612 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
09:30:00.0723 2612 smwdm - ok
09:30:00.0926 2612 SNDSrvc (0d411eea92751c1ecd8453892f41e726) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
09:30:00.0958 2612 SNDSrvc - ok
09:30:01.0254 2612 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:30:01.0364 2612 Sparrow - ok
09:30:01.0630 2612 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:30:01.0801 2612 SPBBCDrv - ok
09:30:02.0364 2612 SPBBCSvc (c830007369e18a54aed23b5bb3afa2ba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
09:30:03.0005 2612 SPBBCSvc - ok
09:30:03.0395 2612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:30:03.0567 2612 splitter - ok
09:30:03.0864 2612 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:30:03.0926 2612 Spooler - ok
09:30:04.0130 2612 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:30:04.0223 2612 SQLBrowser - ok
09:30:04.0317 2612 SQLSERVERAGENT - ok
09:30:04.0442 2612 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:30:04.0473 2612 SQLWriter - ok
09:30:04.0801 2612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:30:04.0973 2612 sr - ok
09:30:05.0302 2612 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:30:05.0442 2612 srservice - ok
09:30:05.0848 2612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:30:06.0098 2612 Srv - ok
09:30:06.0395 2612 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:30:06.0427 2612 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
09:30:06.0427 2612 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
09:30:06.0723 2612 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:30:06.0880 2612 SSDPSRV - ok
09:30:07.0192 2612 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
09:30:07.0208 2612 ssrtln ( UnsignedFile.Multi.Generic ) - warning
09:30:07.0208 2612 ssrtln - detected UnsignedFile.Multi.Generic (1)
09:30:07.0583 2612 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:30:07.0833 2612 stisvc - ok
09:30:08.0130 2612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:30:08.0302 2612 swenum - ok
09:30:08.0645 2612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:30:08.0817 2612 swmidi - ok
09:30:09.0052 2612 SwPrv - ok
09:30:09.0692 2612 Symantec AntiVirus (8fdaadf204a4f29214da1b03342e2735) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
09:30:10.0708 2612 Symantec AntiVirus - ok
09:30:11.0020 2612 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:30:11.0161 2612 symc810 - ok
09:30:11.0458 2612 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:30:11.0645 2612 symc8xx - ok
09:30:11.0786 2612 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
09:30:11.0802 2612 SymEvent - ok
09:30:12.0114 2612 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:30:12.0130 2612 SYMREDRV - ok
09:30:12.0474 2612 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:30:12.0520 2612 SYMTDI - ok
09:30:12.0880 2612 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:30:13.0067 2612 sym_hi - ok
09:30:13.0380 2612 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:30:13.0567 2612 sym_u3 - ok
09:30:13.0880 2612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:30:14.0052 2612 sysaudio - ok
09:30:14.0364 2612 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:30:14.0505 2612 SysmonLog - ok
09:30:14.0849 2612 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:30:15.0036 2612 TapiSrv - ok
09:30:15.0427 2612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:30:15.0583 2612 Tcpip - ok
09:30:15.0911 2612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:30:16.0083 2612 TDPIPE - ok
09:30:16.0380 2612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:30:16.0552 2612 TDTCP - ok
09:30:16.0849 2612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:30:17.0021 2612 TermDD - ok
09:30:17.0380 2612 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:30:17.0568 2612 TermService - ok
09:30:17.0896 2612 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
09:30:17.0943 2612 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
09:30:17.0943 2612 tfsnboio - detected UnsignedFile.Multi.Generic (1)
09:30:18.0271 2612 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
09:30:18.0302 2612 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
09:30:18.0302 2612 tfsncofs - detected UnsignedFile.Multi.Generic (1)
09:30:18.0646 2612 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
09:30:18.0693 2612 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
09:30:18.0693 2612 tfsndrct - detected UnsignedFile.Multi.Generic (1)
09:30:19.0005 2612 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
09:30:19.0036 2612 tfsndres ( UnsignedFile.Multi.Generic ) - warning
09:30:19.0036 2612 tfsndres - detected UnsignedFile.Multi.Generic (1)
09:30:19.0380 2612 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
09:30:19.0411 2612 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
09:30:19.0411 2612 tfsnifs - detected UnsignedFile.Multi.Generic (1)
09:30:19.0739 2612 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
09:30:19.0786 2612 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
09:30:19.0786 2612 tfsnopio - detected UnsignedFile.Multi.Generic (1)
09:30:20.0099 2612 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
09:30:20.0146 2612 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
09:30:20.0146 2612 tfsnpool - detected UnsignedFile.Multi.Generic (1)
09:30:20.0489 2612 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
09:30:20.0521 2612 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
09:30:20.0521 2612 tfsnudf - detected UnsignedFile.Multi.Generic (1)
09:30:20.0880 2612 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:30:20.0911 2612 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
09:30:20.0911 2612 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
09:30:21.0224 2612 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:30:21.0255 2612 Themes - ok
09:30:21.0552 2612 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:30:21.0755 2612 TlntSvr - ok
09:30:22.0068 2612 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
09:30:22.0083 2612 tmcomm - ok
09:30:22.0365 2612 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:30:22.0536 2612 TosIde - ok
09:30:22.0833 2612 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:30:23.0005 2612 TrkWks - ok
09:30:23.0333 2612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:30:23.0521 2612 Udfs - ok
09:30:23.0865 2612 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:30:23.0958 2612 ultra - ok
09:30:24.0365 2612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:30:24.0677 2612 Update - ok
09:30:25.0005 2612 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:30:25.0177 2612 upnphost - ok
09:30:25.0443 2612 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:30:25.0615 2612 UPS - ok
09:30:25.0927 2612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:30:26.0083 2612 usbehci - ok
09:30:26.0396 2612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:30:26.0615 2612 usbhub - ok
09:30:26.0927 2612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:30:27.0099 2612 usbuhci - ok
09:30:27.0396 2612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:30:27.0568 2612 VgaSave - ok
09:30:27.0865 2612 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:30:28.0052 2612 viaagp - ok
09:30:28.0333 2612 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:30:28.0505 2612 ViaIde - ok
09:30:28.0834 2612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:30:28.0990 2612 VolSnap - ok
09:30:29.0365 2612 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:30:29.0537 2612 VSS - ok
09:30:29.0880 2612 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:30:30.0068 2612 w32time - ok
09:30:30.0380 2612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:30:30.0552 2612 Wanarp - ok
09:30:30.0834 2612 WDICA - ok
09:30:31.0115 2612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:30:31.0287 2612 wdmaud - ok
09:30:31.0584 2612 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:30:31.0771 2612 WebClient - ok
09:30:32.0271 2612 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:30:32.0599 2612 winachsf - ok
09:30:33.0006 2612 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:30:33.0162 2612 winmgmt - ok
09:30:33.0802 2612 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:30:34.0365 2612 WinRM - ok
09:30:34.0631 2612 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
09:30:34.0740 2612 WinVNC4 - ok
09:30:35.0037 2612 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:30:35.0193 2612 WmdmPmSN - ok
09:30:35.0646 2612 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:30:35.0990 2612 Wmi - ok
09:30:36.0365 2612 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:30:36.0553 2612 WmiApSrv - ok
09:30:36.0943 2612 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:30:37.0381 2612 WMPNetworkSvc - ok
09:30:37.0896 2612 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:30:38.0271 2612 WPFFontCache_v0400 - ok
09:30:38.0568 2612 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:30:38.0756 2612 wscsvc - ok
09:30:38.0990 2612 WSearch - ok
09:30:39.0256 2612 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:30:39.0474 2612 wuauserv - ok
09:30:39.0787 2612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:30:39.0865 2612 WudfPf - ok
09:30:40.0178 2612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:30:40.0240 2612 WudfRd - ok
09:30:40.0521 2612 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:30:40.0568 2612 WudfSvc - ok
09:30:41.0006 2612 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:30:41.0318 2612 WZCSVC - ok
09:30:41.0631 2612 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:30:41.0787 2612 xmlprov - ok
09:30:41.0834 2612 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
09:30:41.0990 2612 \Device\Harddisk0\DR0 - ok
09:30:42.0021 2612 Boot (0x1200) (bdeb344ab48c3f43f6f7acfb0722ad62) \Device\Harddisk0\DR0\Partition0
09:30:42.0037 2612 \Device\Harddisk0\DR0\Partition0 - ok
09:30:42.0037 2612 ============================================================
09:30:42.0037 2612 Scan finished
09:30:42.0037 2612 ============================================================
09:30:42.0146 4020 Detected object count: 21
09:30:42.0146 4020 Actual detected object count: 21
09:31:17.0913 4020 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0913 4020 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0929 4020 awlegacy ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0929 4020 awlegacy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0929 4020 AW_HOST ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0929 4020 AW_HOST ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0929 4020 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0929 4020 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0944 4020 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0944 4020 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0944 4020 Gernuwa ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0944 4020 Gernuwa ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0944 4020 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0944 4020 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0960 4020 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0960 4020 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0960 4020 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0960 4020 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0960 4020 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0960 4020 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0976 4020 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0976 4020 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0976 4020 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0976 4020 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:17.0976 4020 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:17.0976 4020 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0038 4020 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0038 4020 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0038 4020 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0038 4020 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0038 4020 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0038 4020 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0054 4020 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0054 4020 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0054 4020 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0054 4020 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0054 4020 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0054 4020 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0054 4020 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0054 4020 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:18.0069 4020 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:18.0069 4020 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:56.0774 2344 ============================================================
09:31:56.0774 2344 Scan started
09:31:56.0774 2344 Mode: Manual; SigCheck; TDLFS;
09:31:56.0774 2344 ============================================================
09:31:58.0414 2344 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:31:58.0461 2344 !SASCORE - ok
09:31:58.0758 2344 aawservice (07ae10139d7713d69f57209fdf0425cc) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
09:31:58.0930 2344 aawservice - ok
09:31:59.0211 2344 Abiosdsk - ok
09:31:59.0508 2344 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:31:59.0790 2344 abp480n5 - ok
09:32:00.0133 2344 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:32:00.0305 2344 ACPI - ok
09:32:00.0586 2344 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:32:00.0758 2344 ACPIEC - ok
09:32:01.0133 2344 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:32:01.0149 2344 AdobeFlashPlayerUpdateSvc - ok
09:32:01.0493 2344 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:32:01.0665 2344 adpu160m - ok
09:32:01.0961 2344 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:32:02.0008 2344 aeaudio - ok
09:32:02.0336 2344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:32:02.0508 2344 aec - ok
09:32:02.0837 2344 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:32:02.0883 2344 AFD - ok
09:32:03.0196 2344 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:32:03.0352 2344 agp440 - ok
09:32:03.0665 2344 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:32:03.0821 2344 agpCPQ - ok
09:32:04.0133 2344 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:32:04.0227 2344 Aha154x - ok
09:32:04.0540 2344 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:32:04.0727 2344 aic78u2 - ok
09:32:05.0040 2344 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:32:05.0243 2344 aic78xx - ok
09:32:05.0508 2344 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:32:05.0665 2344 Alerter - ok
09:32:05.0946 2344 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:32:06.0133 2344 ALG - ok
09:32:06.0430 2344 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:32:06.0587 2344 AliIde - ok
09:32:06.0899 2344 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:32:07.0055 2344 alim1541 - ok
09:32:07.0368 2344 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:32:07.0524 2344 amdagp - ok
09:32:07.0821 2344 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:32:07.0930 2344 amsint - ok
09:32:08.0118 2344 Apple Mobile Device (536fcd2cec5161bfcc91cc21726b9db2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:32:08.0134 2344 Apple Mobile Device - ok
09:32:08.0462 2344 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:32:08.0618 2344 AppMgmt - ok
09:32:08.0915 2344 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:32:09.0102 2344 asc - ok
09:32:09.0399 2344 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:32:09.0493 2344 asc3350p - ok
09:32:09.0774 2344 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:32:09.0962 2344 asc3550 - ok
09:32:10.0259 2344 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:32:10.0274 2344 aspnet_state - ok
09:32:10.0571 2344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:32:10.0727 2344 AsyncMac - ok
09:32:11.0040 2344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:32:11.0165 2344 atapi - ok
09:32:11.0415 2344 Atdisk - ok
09:32:11.0681 2344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:32:11.0837 2344 Atmarpc - ok
09:32:12.0134 2344 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:32:12.0306 2344 AudioSrv - ok
09:32:12.0587 2344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:32:12.0759 2344 audstub - ok
09:32:12.0962 2344 awhost32 (7cf4d19036ba2690e2208379cc56092c) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
09:32:13.0024 2344 awhost32 ( UnsignedFile.Multi.Generic ) - warning
09:32:13.0024 2344 awhost32 - detected UnsignedFile.Multi.Generic (1)
09:32:13.0321 2344 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys
09:32:13.0352 2344 awlegacy ( UnsignedFile.Multi.Generic ) - warning
09:32:13.0352 2344 awlegacy - detected UnsignedFile.Multi.Generic (1)
09:32:13.0649 2344 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys
09:32:13.0665 2344 AW_HOST ( UnsignedFile.Multi.Generic ) - warning
09:32:13.0665 2344 AW_HOST - detected UnsignedFile.Multi.Generic (1)
09:32:14.0009 2344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:32:14.0181 2344 Beep - ok
09:32:14.0556 2344 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:32:14.0806 2344 BITS - ok
09:32:14.0962 2344 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
09:32:14.0978 2344 Bonjour Service - ok
09:32:15.0321 2344 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:32:15.0540 2344 Browser - ok
09:32:15.0790 2344 bvrp_pci - ok
09:32:16.0087 2344 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:32:16.0321 2344 cbidf - ok
09:32:16.0634 2344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:32:16.0853 2344 cbidf2k - ok
09:32:17.0056 2344 ccEvtMgr (0a6786c95a6f8715aa4285e3c27f201f) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
09:32:17.0087 2344 ccEvtMgr - ok
09:32:17.0259 2344 ccSetMgr (3b4898cf051bb04fb76e94361e336a83) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
09:32:17.0274 2344 ccSetMgr - ok
09:32:17.0587 2344 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:32:17.0728 2344 cd20xrnt - ok
09:32:18.0040 2344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:32:18.0275 2344 Cdaudio - ok
09:32:18.0571 2344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:32:18.0775 2344 Cdfs - ok
09:32:19.0087 2344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:32:19.0259 2344 Cdrom - ok
09:32:19.0509 2344 Changer - ok
09:32:19.0775 2344 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:32:19.0915 2344 CiSvc - ok
09:32:20.0196 2344 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:32:20.0368 2344 ClipSrv - ok
09:32:20.0618 2344 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:32:20.0634 2344 clr_optimization_v2.0.50727_32 - ok
09:32:20.0900 2344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:32:20.0915 2344 clr_optimization_v4.0.30319_32 - ok
09:32:21.0243 2344 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:32:21.0400 2344 CmdIde - ok
09:32:21.0650 2344 COMSysApp - ok
09:32:21.0946 2344 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:32:22.0118 2344 Cpqarray - ok
09:32:22.0400 2344 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:32:22.0572 2344 CryptSvc - ok
09:32:22.0915 2344 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:32:23.0087 2344 dac2w2k - ok
09:32:23.0384 2344 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:32:23.0556 2344 dac960nt - ok
09:32:23.0947 2344 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:32:24.0072 2344 DcomLaunch - ok
09:32:24.0197 2344 DefWatch (1f709c66d8aadff35530c56ee261c462) C:\Program Files\Symantec AntiVirus\DefWatch.exe
09:32:24.0197 2344 DefWatch - ok
09:32:24.0525 2344 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:32:24.0665 2344 Dhcp - ok
09:32:24.0962 2344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:32:25.0103 2344 Disk - ok
09:32:25.0337 2344 dmadmin - ok
09:32:25.0868 2344 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:32:26.0181 2344 dmboot - ok
09:32:26.0525 2344 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:32:26.0681 2344 dmio - ok
09:32:26.0978 2344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:32:27.0150 2344 dmload - ok
09:32:27.0415 2344 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:32:27.0572 2344 dmserver - ok
09:32:27.0869 2344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:32:28.0025 2344 DMusic - ok
09:32:28.0306 2344 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:32:28.0369 2344 Dnscache - ok
09:32:28.0681 2344 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:32:28.0822 2344 Dot3svc - ok
09:32:29.0119 2344 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:32:29.0306 2344 dpti2o - ok
09:32:29.0587 2344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:32:29.0744 2344 drmkaud - ok
09:32:30.0072 2344 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:32:30.0103 2344 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
09:32:30.0103 2344 drvmcdb - detected UnsignedFile.Multi.Generic (1)
09:32:30.0431 2344 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
09:32:30.0478 2344 drvnddm ( UnsignedFile.Multi.Generic ) - warning
09:32:30.0478 2344 drvnddm - detected UnsignedFile.Multi.Generic (1)
09:32:30.0822 2344 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:32:30.0853 2344 E100B - ok
09:32:31.0134 2344 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:32:31.0306 2344 EapHost - ok
09:32:31.0556 2344 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:32:31.0634 2344 eeCtrl - ok
09:32:31.0822 2344 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:32:31.0837 2344 EraserUtilRebootDrv - ok
09:32:32.0119 2344 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:32:32.0291 2344 ERSvc - ok
09:32:32.0587 2344 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:32:32.0619 2344 Eventlog - ok
09:32:33.0009 2344 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:32:33.0056 2344 EventSystem - ok
09:32:33.0384 2344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:32:33.0541 2344 Fastfat - ok
09:32:33.0869 2344 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:32:33.0916 2344 FastUserSwitchingCompatibility - ok
09:32:34.0259 2344 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
09:32:34.0447 2344 Fax - ok
09:32:34.0759 2344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:32:34.0931 2344 Fdc - ok
09:32:35.0228 2344 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:32:35.0400 2344 Fips - ok
09:32:35.0728 2344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:32:35.0884 2344 Flpydisk - ok
09:32:36.0213 2344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:32:36.0384 2344 FltMgr - ok
09:32:36.0650 2344 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:32:36.0666 2344 FontCache3.0.0.0 - ok
09:32:36.0963 2344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:32:37.0119 2344 Fs_Rec - ok
09:32:37.0447 2344 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:32:37.0634 2344 Ftdisk - ok
09:32:37.0916 2344 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:32:37.0931 2344 GEARAspiWDM - ok
09:32:38.0197 2344 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
09:32:38.0228 2344 Gernuwa ( UnsignedFile.Multi.Generic ) - warning
09:32:38.0228 2344 Gernuwa - detected UnsignedFile.Multi.Generic (1)
09:32:38.0525 2344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:32:38.0697 2344 Gpc - ok
09:32:38.0853 2344 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:32:39.0025 2344 helpsvc - ok
09:32:39.0244 2344 HidServ - ok
09:32:39.0525 2344 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:32:39.0666 2344 hkmsvc - ok
09:32:39.0978 2344 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:32:40.0119 2344 hpn - ok
09:32:40.0478 2344 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:32:40.0541 2344 HSFHWBS2 - ok
09:32:41.0135 2344 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:32:41.0431 2344 HSF_DP - ok
09:32:41.0791 2344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:32:41.0838 2344 HTTP - ok
09:32:42.0119 2344 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:32:42.0307 2344 HTTPFilter - ok
09:32:42.0603 2344 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:32:42.0760 2344 i2omgmt - ok
09:32:43.0041 2344 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:32:43.0197 2344 i2omp - ok
09:32:43.0510 2344 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:32:43.0682 2344 i8042prt - ok
09:32:44.0369 2344 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:32:44.0697 2344 ialm - ok
09:32:44.0916 2344 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:32:44.0932 2344 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:32:44.0932 2344 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:32:45.0432 2344 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:32:45.0697 2344 idsvc - ok
09:32:45.0994 2344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:32:46.0166 2344 Imapi - ok
09:32:46.0479 2344 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:32:46.0635 2344 ImapiService - ok
09:32:46.0963 2344 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:32:47.0119 2344 ini910u - ok
09:32:47.0416 2344 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:32:47.0572 2344 IntelIde - ok
09:32:47.0869 2344 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:32:47.0994 2344 intelppm - ok
09:32:48.0260 2344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:32:48.0432 2344 Ip6Fw - ok
09:32:48.0729 2344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:32:48.0885 2344 IpFilterDriver - ok
09:32:49.0166 2344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:32:49.0322 2344 IpInIp - ok
09:32:49.0651 2344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:32:49.0822 2344 IpNat - ok
09:32:50.0072 2344 iPod Service (05cf6a56fbf436c347bb87fd1957adc1) C:\Program Files\iPod\bin\iPodService.exe
09:32:50.0151 2344 iPod Service - ok
09:32:50.0494 2344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:32:50.0666 2344 IPSec - ok
09:32:50.0963 2344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:32:51.0119 2344 IRENUM - ok
09:32:51.0416 2344 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:32:51.0588 2344 isapnp - ok
09:32:51.0807 2344 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:32:51.0822 2344 JavaQuickStarterService - ok
09:32:52.0119 2344 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:32:52.0291 2344 Kbdclass - ok
09:32:52.0651 2344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:32:52.0807 2344 kmixer - ok
09:32:53.0151 2344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:32:53.0197 2344 KSecDD - ok
09:32:53.0494 2344 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:32:53.0541 2344 lanmanserver - ok
09:32:53.0854 2344 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:32:53.0885 2344 lanmanworkstation - ok
09:32:54.0166 2344 lbrtfdc - ok
09:32:55.0041 2344 LiveUpdate (fb3a35318ca7f6a10fa3c3826a69affe) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:32:55.0744 2344 LiveUpdate - ok
09:32:56.0010 2344 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:32:56.0166 2344 LmHosts - ok
09:32:56.0494 2344 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:32:56.0510 2344 MBAMSwissArmy - ok
09:32:56.0729 2344 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:32:56.0744 2344 MDM - ok
09:32:57.0073 2344 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:32:57.0104 2344 mdmxsdk - ok
09:32:57.0385 2344 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:32:57.0541 2344 Messenger - ok
09:32:57.0823 2344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:32:57.0979 2344 mnmdd - ok
09:32:58.0245 2344 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:32:58.0401 2344 mnmsrvc - ok
09:32:58.0698 2344 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:32:58.0854 2344 Modem - ok
09:32:59.0166 2344 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:32:59.0338 2344 MODEMCSA - ok
09:32:59.0635 2344 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:32:59.0807 2344 Mouclass - ok
09:33:00.0104 2344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:33:00.0276 2344 MountMgr - ok
09:33:00.0573 2344 MpKsl0eb1c43a (a69630d039c38018689190234f866d77) C:\WINDOWS\system32\MpEngineStore\MpKsl0eb1c43a.sys
09:33:00.0573 2344 MpKsl0eb1c43a - ok
09:33:00.0885 2344 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:33:01.0057 2344 mraid35x - ok
09:33:01.0401 2344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:33:01.0557 2344 MRxDAV - ok
09:33:01.0995 2344 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:33:02.0120 2344 MRxSmb - ok
09:33:02.0385 2344 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:33:02.0557 2344 MSDTC - ok
09:33:02.0854 2344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:33:02.0995 2344 Msfs - ok
09:33:03.0198 2344 MSIServer - ok
09:33:03.0510 2344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:33:03.0667 2344 MSKSSRV - ok
09:33:03.0963 2344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:33:04.0104 2344 MSPCLOCK - ok
09:33:04.0401 2344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:33:04.0542 2344 MSPQM - ok
09:33:04.0838 2344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:33:04.0979 2344 mssmbios - ok
09:33:05.0151 2344 MSSQL$SQLEXPRESS - ok
09:33:05.0245 2344 MSSQLSERVER - ok
09:33:05.0385 2344 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:33:05.0401 2344 MSSQLServerADHelper - ok
09:33:05.0729 2344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:33:05.0776 2344 Mup - ok
09:33:06.0073 2344 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
09:33:06.0120 2344 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
09:33:06.0120 2344 MxlW2k - detected UnsignedFile.Multi.Generic (1)
09:33:06.0479 2344 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:33:06.0651 2344 napagent - ok
09:33:06.0870 2344 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120410.003\naveng.sys
09:33:06.0870 2344 NAVENG - ok
09:33:07.0510 2344 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120410.003\navex15.sys
09:33:07.0932 2344 NAVEX15 - ok
09:33:08.0276 2344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:33:08.0448 2344 NDIS - ok
09:33:08.0745 2344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:33:08.0776 2344 NdisTapi - ok
09:33:09.0089 2344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:33:09.0245 2344 Ndisuio - ok
09:33:09.0557 2344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:33:09.0714 2344 NdisWan - ok
09:33:10.0057 2344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:33:10.0089 2344 NDProxy - ok
09:33:10.0417 2344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:33:10.0589 2344 NetBIOS - ok
09:33:10.0964 2344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:33:11.0151 2344 NetBT - ok
09:33:11.0448 2344 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:33:11.0604 2344 NetDDE - ok
09:33:11.0651 2344 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:33:11.0792 2344 NetDDEdsdm - ok
09:33:12.0057 2344 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:33:12.0229 2344 Netlogon - ok
09:33:12.0557 2344 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:33:12.0714 2344 Netman - ok
09:33:12.0901 2344 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
09:33:12.0917 2344 NetSvc ( UnsignedFile.Multi.Generic ) - warning
09:33:12.0917 2344 NetSvc - detected UnsignedFile.Multi.Generic (1)
09:33:13.0198 2344 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:33:13.0198 2344 NetTcpPortSharing - ok
09:33:13.0542 2344 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:33:13.0589 2344 Nla - ok
09:33:13.0933 2344 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
09:33:13.0948 2344 NPF - ok
09:33:14.0214 2344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:33:14.0386 2344 Npfs - ok
09:33:14.0839 2344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:33:15.0073 2344 Ntfs - ok
09:33:15.0354 2344 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:33:15.0495 2344 NtLmSsp - ok
09:33:15.0886 2344 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:33:16.0151 2344 NtmsSvc - ok
09:33:16.0464 2344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:33:16.0620 2344 Null - ok
09:33:18.0855 2344 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:33:20.0714 2344 nv - ok
09:33:21.0042 2344 NVSvc (8d64b827a6709c3d18f855619d7d89e9) C:\WINDOWS\system32\nvsvc32.exe
09:33:21.0089 2344 NVSvc - ok
09:33:21.0402 2344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:33:21.0573 2344 NwlnkFlt - ok
09:33:21.0839 2344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:33:21.0980 2344 NwlnkFwd - ok
09:33:22.0105 2344 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:33:22.0120 2344 ose - ok
09:33:22.0448 2344 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:33:22.0620 2344 Parport - ok
09:33:22.0917 2344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:33:23.0058 2344 PartMgr - ok
09:33:23.0339 2344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:33:23.0495 2344 ParVdm - ok
09:33:23.0777 2344 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:33:23.0948 2344 PCI - ok
09:33:24.0198 2344 PCIDump - ok
09:33:24.0511 2344 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:33:24.0667 2344 PCIIde - ok
09:33:24.0995 2344 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:33:25.0152 2344 Pcmcia - ok
09:33:25.0386 2344 PDCOMP - ok
09:33:25.0620 2344 PDFRAME - ok
09:33:25.0870 2344 PDRELI - ok
09:33:26.0105 2344 PDRFRAME - ok
09:33:26.0417 2344 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:33:26.0589 2344 perc2 - ok
09:33:26.0902 2344 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:33:27.0058 2344 perc2hib - ok
09:33:27.0386 2344 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:33:27.0402 2344 PlugPlay - ok
09:33:27.0699 2344 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:33:27.0839 2344 PolicyAgent - ok
09:33:28.0136 2344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:33:28.0292 2344 PptpMiniport - ok
09:33:28.0574 2344 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:33:28.0714 2344 ProtectedStorage - ok
09:33:29.0042 2344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:33:29.0199 2344 PSched - ok
09:33:29.0511 2344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:33:29.0667 2344 Ptilink - ok
09:33:29.0964 2344 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:33:29.0980 2344 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:33:29.0980 2344 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:33:30.0292 2344 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:33:30.0464 2344 ql1080 - ok
09:33:30.0792 2344 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:33:30.0949 2344 Ql10wnt - ok
09:33:31.0277 2344 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:33:31.0417 2344 ql12160 - ok
09:33:31.0730 2344 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:33:31.0886 2344 ql1240 - ok
09:33:32.0199 2344 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:33:32.0355 2344 ql1280 - ok
09:33:32.0652 2344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:33:32.0793 2344 RasAcd - ok
09:33:33.0074 2344 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:33:33.0230 2344 RasAuto - ok
09:33:33.0543 2344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:33:33.0714 2344 Rasl2tp - ok
09:33:34.0043 2344 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:33:34.0199 2344 RasMan - ok
09:33:34.0496 2344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:33:34.0668 2344 RasPppoe - ok
09:33:34.0964 2344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:33:35.0136 2344 Raspti - ok
09:33:35.0464 2344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:33:35.0605 2344 Rdbss - ok
09:33:36.0043 2344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:33:36.0168 2344 RDPCDD - ok
09:33:36.0543 2344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:33:36.0699 2344 rdpdr - ok
09:33:37.0043 2344 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:33:37.0058 2344 RDPWD - ok
09:33:37.0386 2344 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:33:37.0527 2344 RDSessMgr - ok
09:33:37.0855 2344 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:33:38.0011 2344 redbook - ok
09:33:38.0293 2344 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:33:38.0449 2344 RemoteAccess - ok
09:33:38.0746 2344 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:33:38.0902 2344 RemoteRegistry - ok
09:33:39.0027 2344 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
09:33:39.0043 2344 rpcapd - ok
09:33:39.0355 2344 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:33:39.0496 2344 RpcLocator - ok
09:33:39.0886 2344 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:33:39.0980 2344 RpcSs - ok
09:33:40.0324 2344 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:33:40.0465 2344 RSVP - ok
09:33:40.0746 2344 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:33:40.0887 2344 SamSs - ok
09:33:41.0012 2344 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:33:41.0027 2344 SASDIFSV - ok
09:33:41.0168 2344 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:33:41.0183 2344 SASKUTIL - ok
09:33:41.0293 2344 SavRoam (3525fdcfc567e807a337c61aff366be8) C:\Program Files\Symantec AntiVirus\SavRoam.exe
09:33:41.0308 2344 SavRoam - ok
09:33:41.0527 2344 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
09:33:41.0605 2344 SAVRT - ok
09:33:41.0746 2344 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
09:33:41.0746 2344 SAVRTPEL - ok
09:33:42.0058 2344 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:33:42.0215 2344 SCardSvr - ok
09:33:42.0543 2344 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:33:42.0715 2344 Schedule - ok
09:33:43.0012 2344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:33:43.0168 2344 Secdrv - ok
09:33:43.0449 2344 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:33:43.0605 2344 seclogon - ok
09:33:43.0887 2344 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:33:44.0059 2344 SENS - ok
09:33:44.0340 2344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:33:44.0512 2344 serenum - ok
09:33:44.0824 2344 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:33:44.0996 2344 Serial - ok
09:33:45.0309 2344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:33:45.0465 2344 Sfloppy - ok
09:33:45.0840 2344 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:33:46.0059 2344 SharedAccess - ok
09:33:46.0387 2344 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:33:46.0402 2344 ShellHWDetection - ok
09:33:46.0730 2344 Simbad - ok
09:33:47.0043 2344 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:33:47.0184 2344 sisagp - ok
09:33:47.0637 2344 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
09:33:47.0809 2344 smwdm - ok
09:33:48.0012 2344 SNDSrvc (0d411eea92751c1ecd8453892f41e726) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
09:33:48.0027 2344 SNDSrvc - ok
09:33:48.0324 2344 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:33:48.0418 2344 Sparrow - ok
09:33:48.0715 2344 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:33:48.0809 2344 SPBBCDrv - ok
09:33:49.0340 2344 SPBBCSvc (c830007369e18a54aed23b5bb3afa2ba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
09:33:49.0652 2344 SPBBCSvc - ok
09:33:49.0981 2344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:33:50.0137 2344 splitter - ok
09:33:50.0434 2344 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:33:50.0465 2344 Spooler - ok
09:33:50.0684 2344 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:33:50.0699 2344 SQLBrowser - ok
09:33:50.0809 2344 SQLSERVERAGENT - ok
09:33:50.0934 2344 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:33:50.0949 2344 SQLWriter - ok
09:33:51.0277 2344 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:33:51.0449 2344 sr - ok
09:33:51.0777 2344 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:33:51.0918 2344 srservice - ok
09:33:52.0356 2344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:33:52.0465 2344 Srv - ok
09:33:52.0746 2344 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:33:52.0778 2344 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
09:33:52.0778 2344 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
09:33:53.0059 2344 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:33:53.0231 2344 SSDPSRV - ok
09:33:53.0528 2344 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
09:33:53.0559 2344 ssrtln ( UnsignedFile.Multi.Generic ) - warning
09:33:53.0559 2344 ssrtln - detected UnsignedFile.Multi.Generic (1)
09:33:53.0918 2344 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:33:54.0168 2344 stisvc - ok
09:33:54.0481 2344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:33:54.0637 2344 swenum - ok
09:33:54.0949 2344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:33:55.0106 2344 swmidi - ok
09:33:55.0340 2344 SwPrv - ok
09:33:55.0981 2344 Symantec AntiVirus (8fdaadf204a4f29214da1b03342e2735) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
09:33:56.0450 2344 Symantec AntiVirus - ok
09:33:56.0746 2344 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:33:56.0903 2344 symc810 - ok
09:33:57.0184 2344 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:33:57.0356 2344 symc8xx - ok
09:33:57.0481 2344 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
09:33:57.0496 2344 SymEvent - ok
09:33:57.0809 2344 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:33:57.0825 2344 SYMREDRV - ok
09:33:58.0153 2344 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:33:58.0168 2344 SYMTDI - ok
09:33:58.0450 2344 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:33:58.0637 2344 sym_hi - ok
09:33:58.0950 2344 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:33:59.0106 2344 sym_u3 - ok
09:33:59.0418 2344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:33:59.0606 2344 sysaudio - ok
09:33:59.0903 2344 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:34:00.0043 2344 SysmonLog - ok
09:34:00.0387 2344 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:34:00.0528 2344 TapiSrv - ok
09:34:00.0934 2344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:34:01.0043 2344 Tcpip - ok
09:34:01.0325 2344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:34:01.0481 2344 TDPIPE - ok
09:34:01.0778 2344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:34:01.0934 2344 TDTCP - ok
09:34:02.0247 2344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:34:02.0403 2344 TermDD - ok
09:34:02.0762 2344 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:34:02.0918 2344 TermService - ok
09:34:03.0247 2344 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
09:34:03.0262 2344 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
09:34:03.0262 2344 tfsnboio - detected UnsignedFile.Multi.Generic (1)
09:34:03.0590 2344 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
09:34:03.0637 2344 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
09:34:03.0637 2344 tfsncofs - detected UnsignedFile.Multi.Generic (1)
09:34:03.0965 2344 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
09:34:03.0997 2344 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
09:34:03.0997 2344 tfsndrct - detected UnsignedFile.Multi.Generic (1)
09:34:04.0309 2344 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
09:34:04.0340 2344 tfsndres ( UnsignedFile.Multi.Generic ) - warning
09:34:04.0340 2344 tfsndres - detected UnsignedFile.Multi.Generic (1)
09:34:04.0684 2344 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
09:34:04.0731 2344 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
09:34:04.0731 2344 tfsnifs - detected UnsignedFile.Multi.Generic (1)
09:34:05.0059 2344 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
09:34:05.0090 2344 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
09:34:05.0090 2344 tfsnopio - detected UnsignedFile.Multi.Generic (1)
09:34:05.0419 2344 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
09:34:05.0434 2344 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
09:34:05.0434 2344 tfsnpool - detected UnsignedFile.Multi.Generic (1)
09:34:05.0778 2344 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
09:34:05.0825 2344 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
09:34:05.0825 2344 tfsnudf - detected UnsignedFile.Multi.Generic (1)
09:34:06.0169 2344 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:34:06.0200 2344 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
09:34:06.0200 2344 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
09:34:06.0544 2344 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:34:06.0559 2344 Themes - ok
09:34:06.0856 2344 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:34:07.0012 2344 TlntSvr - ok
09:34:07.0325 2344 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
09:34:07.0340 2344 tmcomm - ok
09:34:07.0653 2344 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:34:07.0809 2344 TosIde - ok
09:34:08.0106 2344 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:34:08.0247 2344 TrkWks - ok
09:34:08.0575 2344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:34:08.0731 2344 Udfs - ok
09:34:09.0044 2344 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:34:09.0153 2344 ultra - ok
09:34:09.0575 2344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:34:09.0809 2344 Update - ok
09:34:10.0137 2344 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:34:10.0294 2344 upnphost - ok
09:34:10.0575 2344 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:34:10.0731 2344 UPS - ok
09:34:11.0059 2344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:34:11.0216 2344 usbehci - ok
09:34:11.0559 2344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:34:11.0731 2344 usbhub - ok
09:34:12.0059 2344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:34:12.0216 2344 usbuhci - ok
09:34:12.0544 2344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:34:12.0700 2344 VgaSave - ok
09:34:12.0997 2344 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:34:13.0169 2344 viaagp - ok
09:34:13.0466 2344 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:34:13.0622 2344 ViaIde - ok
09:34:13.0934 2344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:34:14.0106 2344 VolSnap - ok
09:34:14.0466 2344 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:34:14.0606 2344 VSS - ok
09:34:14.0981 2344 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:34:15.0153 2344 w32time - ok
09:34:15.0481 2344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:34:15.0653 2344 Wanarp - ok
09:34:15.0903 2344 WDICA - ok
09:34:16.0200 2344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:34:16.0372 2344 wdmaud - ok
09:34:16.0685 2344 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:34:16.0841 2344 WebClient - ok
09:34:17.0325 2344 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:34:17.0497 2344 winachsf - ok
09:34:17.0872 2344 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:34:18.0013 2344 winmgmt - ok
09:34:18.0606 2344 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:34:18.0872 2344 WinRM - ok
09:34:19.0138 2344 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
09:34:19.0232 2344 WinVNC4 - ok
09:34:19.0528 2344 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:34:19.0575 2344 WmdmPmSN - ok
09:34:20.0028 2344 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:34:20.0232 2344 Wmi - ok
09:34:20.0591 2344 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:34:20.0778 2344 WmiApSrv - ok
09:34:21.0169 2344 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:34:21.0419 2344 WMPNetworkSvc - ok
09:34:21.0950 2344 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:34:22.0122 2344 WPFFontCache_v0400 - ok
09:34:22.0435 2344 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:34:22.0591 2344 wscsvc - ok
09:34:22.0825 2344 WSearch - ok
09:34:23.0107 2344 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:34:23.0263 2344 wuauserv - ok
09:34:23.0560 2344 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:34:23.0607 2344 WudfPf - ok
09:34:23.0904 2344 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:34:23.0950 2344 WudfRd - ok
09:34:24.0247 2344 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:34:24.0279 2344 WudfSvc - ok
09:34:24.0685 2344 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:34:24.0935 2344 WZCSVC - ok
09:34:25.0247 2344 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:34:25.0388 2344 xmlprov - ok
09:34:25.0435 2344 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
09:34:25.0591 2344 \Device\Harddisk0\DR0 - ok
09:34:25.0622 2344 Boot (0x1200) (bdeb344ab48c3f43f6f7acfb0722ad62) \Device\Harddisk0\DR0\Partition0
09:34:25.0638 2344 \Device\Harddisk0\DR0\Partition0 - ok
09:34:25.0638 2344 ============================================================
09:34:25.0638 2344 Scan finished
09:34:25.0638 2344 ============================================================
09:34:25.0654 0520 Detected object count: 21
09:34:25.0654 0520 Actual detected object count: 21
09:35:35.0578 0520 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0578 0520 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0578 0520 awlegacy ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0578 0520 awlegacy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0593 0520 AW_HOST ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0593 0520 AW_HOST ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0593 0520 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0593 0520 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0593 0520 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0593 0520 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0609 0520 Gernuwa ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0609 0520 Gernuwa ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0609 0520 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0609 0520 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0609 0520 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0609 0520 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0625 0520 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0625 0520 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0625 0520 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0625 0520 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0625 0520 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0625 0520 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0625 0520 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0625 0520 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0640 0520 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0640 0520 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0640 0520 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0640 0520 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0640 0520 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0640 0520 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0656 0520 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0656 0520 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0656 0520 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0656 0520 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0656 0520 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0656 0520 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0671 0520 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0671 0520 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0671 0520 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0671 0520 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:35.0671 0520 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:35.0671 0520 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

Edited by gorfmeister, 11 April 2012 - 11:43 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 13 April 2012 - 10:15 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 16 April 2012 - 12:32 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gorfmeister

gorfmeister
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 17 April 2012 - 10:58 AM

Hi, I was able to solve the redirection problem by deleting an .exe file in c:\documents and settings\myname\application data\Diusy and then removing the registry entry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run that referenced the file.

Since then, I have had three separate suspicious program freezes (with Malwarebytes, Internet Explorer and Process Explorer) which required reboots to clear (Kill Process is unsuccessful). I still want you to review my logs and make sure there's nothing wrong.

I have not had access to the computer until today and I plan to provide logs in a few hours, so please keep the topic open.

Thanks.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 17 April 2012 - 01:09 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gorfmeister

gorfmeister
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 17 April 2012 - 05:07 PM

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Symantec AntiVirus
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Abexo Free Registry Cleaner
Java™ 6 Update 31
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Microsoft Security Essentials msseces.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus SavRoam.exe
Symantec AntiVirus Rtvscan.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


ComboFix 12-04-17.01 - myname 04/17/2012 14:27:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1247 [GMT -7:00]
Running from: c:\documents and settings\myname\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\myname\WINDOWS
c:\windows\system32\SET1978.tmp
c:\windows\system32\SET1A24.tmp
c:\windows\system32\setb5.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 20:29 . 2012-04-17 20:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-04-16 18:25 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF9EEE8C-715D-4913-AEF0-244BB2258B57}\mpengine.dll
2012-04-14 20:37 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-13 18:20 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-13 18:14 . 2012-04-13 18:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-13 15:02 . 2012-04-13 15:02 14024 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-04-13 14:50 . 2012-04-13 14:50 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys
2012-04-13 14:43 . 2012-04-13 14:43 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-13 14:32 . 2012-04-13 14:39 -------- d-----w- c:\documents and settings\myname\Application Data\QuickScan
2012-04-10 23:23 . 2012-04-10 23:23 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-10 20:42 . 2012-04-10 20:42 -------- d-----w- c:\program files\Common Files\Java
2012-04-10 20:42 . 2012-04-10 20:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-10 20:40 . 2012-04-14 01:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:09 . 2011-05-13 19:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 20:41 . 2010-06-01 15:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2010-03-30 20:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 20:10 . 2010-04-15 15:01 4777280 ----a-w- c:\windows\system32\procexp.exe
2012-02-03 09:22 . 2004-08-04 11:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"WebMonitor"="c:\program files\west wind web monitor\Webmonitor.exe" [2005-04-30 20480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2006-09-28 125168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-05 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-24 8491008]
"nwiz"="nwiz.exe" [2008-07-24 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-24 81920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\myname\Start Menu\Programs\Startup\
WebTime.lnk - c:\util\WebTime.exe [2005-8-5 139264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2011-8-30 40368]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2011-8-30 738776]
Eudora.lnk - c:\program files\Qualcomm\Eudora\Eudora.exe [2005-2-2 2658304]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 18:01 8704 ----a-w- c:\windows\SYSTEM32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 11:19 AM 50704]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/10/2012 3:11 AM 106104]
S1 jcfopgij;jcfopgij;\??\c:\windows\system32\drivers\jcfopgij.sys --> c:\windows\system32\drivers\jcfopgij.sys [?]
S1 jhmkbxqd;jhmkbxqd;\??\c:\windows\system32\drivers\jhmkbxqd.sys --> c:\windows\system32\drivers\jhmkbxqd.sys [?]
S1 kulfqsgy;kulfqsgy;\??\c:\windows\system32\drivers\kulfqsgy.sys --> c:\windows\system32\drivers\kulfqsgy.sys [?]
S1 nubwcwyq;nubwcwyq;\??\c:\windows\system32\drivers\nubwcwyq.sys --> c:\windows\system32\drivers\nubwcwyq.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 1:40 PM 253088]
S3 protecter.sys;protecter.sys;\??\c:\documents and settings\myname\Local Settings\Temp\BDRemovalTool\protecter.sys --> c:\documents and settings\myname\Local Settings\Temp\BDRemovalTool\protecter.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 01:09]
.
2008-11-14 c:\windows\Tasks\Freecell.job
- c:\windows\SYSTEM32\freecell.exe [2004-08-04 11:00]
.
2012-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2012-04-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
2012-04-17 c:\windows\Tasks\WebTime.job
- c:\util\WebTime.exe [2005-08-05 06:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{EBA852C2-4811-4398-A702-656C8543FF0C}: NameServer = 192.168.40.2
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 14:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2074698520-597062257-1931810814-1029\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1208)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2012-04-17 14:55:48
ComboFix-quarantined-files.txt 2012-04-17 21:55
.
Pre-Run: 28,182,339,584 bytes free
Post-Run: 28,528,009,216 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6BC77A22D918FF522E4D05152D9CD6D2

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 17 April 2012 - 06:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gorfmeister

gorfmeister
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 17 April 2012 - 08:18 PM

17:59:07.0822 5640 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:59:08.0494 5640 ============================================================
17:59:08.0494 5640 Current date / time: 2012/04/17 17:59:08.0494
17:59:08.0494 5640 SystemInfo:
17:59:08.0494 5640
17:59:08.0494 5640 OS Version: 5.1.2600 ServicePack: 3.0
17:59:08.0494 5640 Product type: Workstation
17:59:08.0494 5640 ComputerName: PK
17:59:08.0494 5640 UserName: myname
17:59:08.0494 5640 Windows directory: C:\WINDOWS
17:59:08.0494 5640 System windows directory: C:\WINDOWS
17:59:08.0494 5640 Processor architecture: Intel x86
17:59:08.0494 5640 Number of processors: 2
17:59:08.0494 5640 Page size: 0x1000
17:59:08.0494 5640 Boot type: Normal boot
17:59:08.0494 5640 ============================================================
17:59:58.0339 5640 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:59:58.0401 5640 \Device\Harddisk0\DR0:
17:59:58.0448 5640 MBR used
17:59:58.0448 5640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8DEE830
18:00:01.0573 5640 Initialize success
18:00:01.0573 5640 ============================================================
18:00:04.0714 6056 ============================================================
18:00:04.0714 6056 Scan started
18:00:04.0714 6056 Mode: Manual;
18:00:04.0714 6056 ============================================================
18:00:23.0105 6056 aawservice (07ae10139d7713d69f57209fdf0425cc) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
18:00:26.0152 6056 aawservice - ok
18:00:26.0871 6056 Abiosdsk - ok
18:00:27.0652 6056 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:00:28.0074 6056 abp480n5 - ok
18:00:29.0918 6056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:00:31.0715 6056 ACPI - ok
18:00:32.0090 6056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:00:32.0293 6056 ACPIEC - ok
18:00:33.0481 6056 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:00:33.0887 6056 AdobeFlashPlayerUpdateSvc - ok
18:00:34.0996 6056 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:00:35.0184 6056 adpu160m - ok
18:00:35.0949 6056 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
18:00:35.0965 6056 aeaudio - ok
18:00:37.0028 6056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:00:37.0184 6056 aec - ok
18:00:38.0059 6056 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:00:38.0184 6056 AFD - ok
18:00:39.0028 6056 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:00:39.0168 6056 agp440 - ok
18:00:39.0918 6056 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:00:40.0215 6056 agpCPQ - ok
18:00:41.0247 6056 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:00:41.0278 6056 Aha154x - ok
18:00:41.0903 6056 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:00:41.0950 6056 aic78u2 - ok
18:00:42.0856 6056 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:00:42.0997 6056 aic78xx - ok
18:00:43.0793 6056 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:00:43.0965 6056 Alerter - ok
18:00:44.0419 6056 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:00:44.0434 6056 ALG - ok
18:00:45.0434 6056 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:00:45.0762 6056 AliIde - ok
18:00:46.0669 6056 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:00:46.0762 6056 alim1541 - ok
18:00:47.0356 6056 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:00:47.0497 6056 amdagp - ok
18:00:48.0137 6056 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:00:48.0169 6056 amsint - ok
18:00:48.0419 6056 Apple Mobile Device (536fcd2cec5161bfcc91cc21726b9db2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
18:00:48.0512 6056 Apple Mobile Device - ok
18:00:49.0075 6056 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:00:49.0153 6056 AppMgmt - ok
18:00:50.0028 6056 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:00:50.0122 6056 asc - ok
18:00:50.0981 6056 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:00:51.0075 6056 asc3350p - ok
18:00:51.0966 6056 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:00:52.0294 6056 asc3550 - ok
18:00:53.0138 6056 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:00:53.0434 6056 aspnet_state - ok
18:00:54.0825 6056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:00:54.0950 6056 AsyncMac - ok
18:00:55.0810 6056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:00:55.0919 6056 atapi - ok
18:00:57.0091 6056 Atdisk - ok
18:00:58.0966 6056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:00:59.0310 6056 Atmarpc - ok
18:00:59.0841 6056 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:01:00.0169 6056 AudioSrv - ok
18:01:01.0153 6056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:01:01.0169 6056 audstub - ok
18:01:01.0794 6056 awhost32 (7cf4d19036ba2690e2208379cc56092c) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
18:01:02.0200 6056 awhost32 - ok
18:01:02.0935 6056 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys
18:01:03.0060 6056 awlegacy - ok
18:01:03.0669 6056 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys
18:01:03.0872 6056 AW_HOST - ok
18:01:04.0732 6056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:01:05.0232 6056 Beep - ok
18:01:05.0888 6056 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:01:07.0763 6056 BITS - ok
18:01:08.0029 6056 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
18:01:08.0872 6056 Bonjour Service - ok
18:01:09.0294 6056 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:01:09.0591 6056 Browser - ok
18:01:10.0138 6056 bvrp_pci - ok
18:01:10.0404 6056 catchme - ok
18:01:11.0060 6056 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:01:11.0107 6056 cbidf - ok
18:01:11.0951 6056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:01:11.0951 6056 cbidf2k - ok
18:01:12.0138 6056 ccEvtMgr (0a6786c95a6f8715aa4285e3c27f201f) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
18:01:12.0201 6056 ccEvtMgr - ok
18:01:12.0357 6056 ccSetMgr (3b4898cf051bb04fb76e94361e336a83) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
18:01:12.0435 6056 ccSetMgr - ok
18:01:13.0232 6056 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:01:14.0138 6056 cd20xrnt - ok
18:01:15.0373 6056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:01:15.0404 6056 Cdaudio - ok
18:01:15.0935 6056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:01:15.0998 6056 Cdfs - ok
18:01:16.0451 6056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:01:17.0232 6056 Cdrom - ok
18:01:17.0935 6056 Changer - ok
18:01:18.0498 6056 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:01:18.0545 6056 CiSvc - ok
18:01:19.0357 6056 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:01:19.0435 6056 ClipSrv - ok
18:01:19.0967 6056 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:20.0576 6056 clr_optimization_v2.0.50727_32 - ok
18:01:21.0045 6056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:21.0263 6056 clr_optimization_v4.0.30319_32 - ok
18:01:22.0060 6056 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:01:22.0107 6056 CmdIde - ok
18:01:22.0467 6056 COMSysApp - ok
18:01:23.0373 6056 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:01:23.0451 6056 Cpqarray - ok
18:01:24.0185 6056 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:01:24.0232 6056 CryptSvc - ok
18:01:24.0857 6056 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:01:25.0060 6056 dac2w2k - ok
18:01:25.0404 6056 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:01:25.0420 6056 dac960nt - ok
18:01:26.0201 6056 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:01:26.0389 6056 DcomLaunch - ok
18:01:26.0576 6056 DefWatch (1f709c66d8aadff35530c56ee261c462) C:\Program Files\Symantec AntiVirus\DefWatch.exe
18:01:26.0701 6056 DefWatch - ok
18:01:27.0232 6056 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:01:27.0279 6056 Dhcp - ok
18:01:27.0951 6056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:01:28.0029 6056 Disk - ok
18:01:28.0404 6056 dmadmin - ok
18:01:32.0873 6056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:01:33.0920 6056 dmboot - ok
18:01:34.0545 6056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:01:34.0623 6056 dmio - ok
18:01:34.0983 6056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:01:34.0998 6056 dmload - ok
18:01:35.0389 6056 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:01:35.0514 6056 dmserver - ok
18:01:35.0983 6056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:01:36.0030 6056 DMusic - ok
18:01:36.0545 6056 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:01:36.0576 6056 Dnscache - ok
18:01:37.0233 6056 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:01:37.0592 6056 Dot3svc - ok
18:01:38.0655 6056 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:01:38.0701 6056 dpti2o - ok
18:01:39.0217 6056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:01:39.0233 6056 drmkaud - ok
18:01:39.0889 6056 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:01:39.0998 6056 drvmcdb - ok
18:01:40.0623 6056 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
18:01:41.0342 6056 drvnddm - ok
18:01:42.0920 6056 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:01:43.0155 6056 E100B - ok
18:01:43.0889 6056 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:01:43.0920 6056 EapHost - ok
18:01:44.0295 6056 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:01:44.0780 6056 eeCtrl - ok
18:01:44.0999 6056 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:01:45.0108 6056 EraserUtilRebootDrv - ok
18:01:45.0545 6056 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:01:45.0592 6056 ERSvc - ok
18:01:46.0499 6056 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:01:46.0577 6056 Eventlog - ok
18:01:47.0389 6056 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:01:47.0530 6056 EventSystem - ok
18:01:48.0280 6056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:01:48.0342 6056 Fastfat - ok
18:01:48.0952 6056 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:01:49.0014 6056 FastUserSwitchingCompatibility - ok
18:01:49.0608 6056 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:01:49.0796 6056 Fax - ok
18:01:50.0530 6056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:01:50.0655 6056 Fdc - ok
18:01:51.0358 6056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:01:51.0561 6056 Fips - ok
18:01:52.0358 6056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:01:52.0389 6056 Flpydisk - ok
18:01:52.0796 6056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:01:52.0999 6056 FltMgr - ok
18:01:53.0249 6056 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:01:53.0280 6056 FontCache3.0.0.0 - ok
18:01:53.0608 6056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:01:53.0624 6056 Fs_Rec - ok
18:01:54.0061 6056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:01:54.0108 6056 Ftdisk - ok
18:01:54.0452 6056 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:01:54.0483 6056 GEARAspiWDM - ok
18:01:54.0858 6056 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
18:01:54.0890 6056 Gernuwa - ok
18:01:55.0218 6056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:01:55.0405 6056 Gpc - ok
18:01:55.0593 6056 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:01:55.0608 6056 helpsvc - ok
18:01:55.0890 6056 HidServ - ok
18:01:56.0155 6056 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:01:56.0186 6056 hkmsvc - ok
18:01:56.0561 6056 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:01:56.0577 6056 hpn - ok
18:01:56.0968 6056 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:01:57.0077 6056 HSFHWBS2 - ok
18:01:57.0733 6056 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:01:58.0093 6056 HSF_DP - ok
18:01:58.0546 6056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:01:58.0624 6056 HTTP - ok
18:01:58.0999 6056 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:01:59.0030 6056 HTTPFilter - ok
18:01:59.0390 6056 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:01:59.0405 6056 i2omgmt - ok
18:01:59.0733 6056 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:01:59.0749 6056 i2omp - ok
18:02:00.0124 6056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:02:00.0296 6056 i8042prt - ok
18:02:01.0062 6056 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:02:01.0546 6056 ialm - ok
18:02:01.0780 6056 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:02:01.0812 6056 IDriverT - ok
18:02:02.0312 6056 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:02:02.0843 6056 idsvc - ok
18:02:03.0218 6056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:02:03.0468 6056 Imapi - ok
18:02:03.0827 6056 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:02:03.0905 6056 ImapiService - ok
18:02:04.0265 6056 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:02:04.0280 6056 ini910u - ok
18:02:04.0780 6056 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:02:04.0780 6056 IntelIde - ok
18:02:05.0140 6056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:02:05.0155 6056 intelppm - ok
18:02:05.0515 6056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:02:05.0530 6056 Ip6Fw - ok
18:02:06.0093 6056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:02:06.0109 6056 IpFilterDriver - ok
18:02:06.0484 6056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:02:06.0499 6056 IpInIp - ok
18:02:06.0874 6056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:02:07.0031 6056 IpNat - ok
18:02:07.0281 6056 iPod Service (05cf6a56fbf436c347bb87fd1957adc1) C:\Program Files\iPod\bin\iPodService.exe
18:02:07.0531 6056 iPod Service - ok
18:02:07.0906 6056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:02:07.0968 6056 IPSec - ok
18:02:08.0359 6056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:02:08.0374 6056 IRENUM - ok
18:02:08.0718 6056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:02:08.0749 6056 isapnp - ok
18:02:08.0937 6056 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
18:02:08.0984 6056 JavaQuickStarterService - ok
18:02:09.0281 6056 jcfopgij - ok
18:02:09.0562 6056 jhmkbxqd - ok
18:02:09.0843 6056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:02:09.0859 6056 Kbdclass - ok
18:02:10.0296 6056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:02:10.0343 6056 kmixer - ok
18:02:10.0671 6056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:02:10.0703 6056 KSecDD - ok
18:02:11.0031 6056 kulfqsgy - ok
18:02:11.0359 6056 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:02:11.0390 6056 lanmanserver - ok
18:02:11.0734 6056 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:02:11.0781 6056 lanmanworkstation - ok
18:02:12.0109 6056 lbrtfdc - ok
18:02:13.0062 6056 LiveUpdate (fb3a35318ca7f6a10fa3c3826a69affe) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:02:14.0343 6056 LiveUpdate - ok
18:02:14.0656 6056 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:02:14.0671 6056 LmHosts - ok
18:02:14.0875 6056 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:02:14.0984 6056 MDM - ok
18:02:15.0312 6056 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:02:15.0328 6056 mdmxsdk - ok
18:02:15.0703 6056 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:02:15.0734 6056 Messenger - ok
18:02:16.0046 6056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:02:16.0046 6056 mnmdd - ok
18:02:16.0390 6056 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:02:16.0421 6056 mnmsrvc - ok
18:02:16.0765 6056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:02:16.0875 6056 Modem - ok
18:02:17.0234 6056 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:02:17.0250 6056 MODEMCSA - ok
18:02:17.0609 6056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:02:17.0625 6056 Mouclass - ok
18:02:17.0968 6056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:02:18.0000 6056 MountMgr - ok
18:02:18.0390 6056 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:02:18.0453 6056 MpFilter - ok
18:02:18.0640 6056 MpKslfd4fea97 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC054C8D-2682-49A5-93D3-671C59DF4F34}\MpKslfd4fea97.sys
18:02:18.0640 6056 MpKslfd4fea97 - ok
18:02:18.0984 6056 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:02:19.0000 6056 mraid35x - ok
18:02:19.0406 6056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:02:19.0468 6056 MRxDAV - ok
18:02:19.0922 6056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:02:20.0062 6056 MRxSmb - ok
18:02:20.0390 6056 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:02:20.0406 6056 MSDTC - ok
18:02:20.0765 6056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:02:20.0781 6056 Msfs - ok
18:02:21.0047 6056 MSIServer - ok
18:02:21.0390 6056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:02:21.0390 6056 MSKSSRV - ok
18:02:21.0515 6056 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:02:21.0531 6056 MsMpSvc - ok
18:02:21.0875 6056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:02:21.0875 6056 MSPCLOCK - ok
18:02:22.0203 6056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:02:22.0219 6056 MSPQM - ok
18:02:22.0547 6056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:02:22.0578 6056 mssmbios - ok
18:02:22.0719 6056 MSSQL$SQLEXPRESS - ok
18:02:22.0812 6056 MSSQLSERVER - ok
18:02:22.0906 6056 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:02:22.0937 6056 MSSQLServerADHelper - ok
18:02:23.0281 6056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:02:23.0312 6056 Mup - ok
18:02:23.0656 6056 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
18:02:23.0719 6056 MxlW2k - ok
18:02:24.0109 6056 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:02:24.0234 6056 napagent - ok
18:02:24.0406 6056 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120416.001\naveng.sys
18:02:24.0422 6056 NAVENG - ok
18:02:25.0062 6056 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120416.001\navex15.sys
18:02:25.0562 6056 NAVEX15 - ok
18:02:25.0953 6056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:02:26.0219 6056 NDIS - ok
18:02:26.0578 6056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:02:26.0578 6056 NdisTapi - ok
18:02:26.0891 6056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:02:26.0906 6056 Ndisuio - ok
18:02:27.0281 6056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:02:27.0547 6056 NdisWan - ok
18:02:27.0891 6056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:02:27.0906 6056 NDProxy - ok
18:02:28.0266 6056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:02:28.0281 6056 NetBIOS - ok
18:02:28.0703 6056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:02:28.0984 6056 NetBT - ok
18:02:29.0328 6056 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:02:29.0594 6056 NetDDE - ok
18:02:29.0656 6056 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:02:29.0656 6056 NetDDEdsdm - ok
18:02:29.0984 6056 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:29.0984 6056 Netlogon - ok
18:02:30.0359 6056 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:02:30.0422 6056 Netman - ok
18:02:30.0609 6056 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
18:02:30.0797 6056 NetSvc - ok
18:02:31.0047 6056 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:02:31.0188 6056 NetTcpPortSharing - ok
18:02:31.0594 6056 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:02:31.0672 6056 Nla - ok
18:02:32.0047 6056 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
18:02:32.0078 6056 NPF - ok
18:02:32.0547 6056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:02:32.0563 6056 Npfs - ok
18:02:33.0047 6056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:02:33.0359 6056 Ntfs - ok
18:02:33.0813 6056 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:33.0813 6056 NtLmSsp - ok
18:02:34.0266 6056 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:02:34.0875 6056 NtmsSvc - ok
18:02:35.0188 6056 nubwcwyq - ok
18:02:35.0656 6056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:02:35.0688 6056 Null - ok
18:02:38.0407 6056 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:02:40.0610 6056 nv - ok
18:02:41.0422 6056 NVSvc (8d64b827a6709c3d18f855619d7d89e9) C:\WINDOWS\system32\nvsvc32.exe
18:02:41.0532 6056 NVSvc - ok
18:02:41.0860 6056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:02:41.0875 6056 NwlnkFlt - ok
18:02:42.0204 6056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:02:42.0235 6056 NwlnkFwd - ok
18:02:42.0344 6056 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:42.0391 6056 ose - ok
18:02:42.0766 6056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:02:42.0797 6056 Parport - ok
18:02:43.0141 6056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:02:43.0157 6056 PartMgr - ok
18:02:43.0454 6056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:02:43.0469 6056 ParVdm - ok
18:02:43.0813 6056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:02:43.0844 6056 PCI - ok
18:02:44.0188 6056 PCIDump - ok
18:02:44.0516 6056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:02:44.0516 6056 PCIIde - ok
18:02:44.0907 6056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:02:44.0954 6056 Pcmcia - ok
18:02:45.0251 6056 PDCOMP - ok
18:02:45.0547 6056 PDFRAME - ok
18:02:45.0860 6056 PDRELI - ok
18:02:46.0157 6056 PDRFRAME - ok
18:02:46.0501 6056 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:02:46.0688 6056 perc2 - ok
18:02:47.0016 6056 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:02:47.0032 6056 perc2hib - ok
18:02:47.0360 6056 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:02:47.0360 6056 PlugPlay - ok
18:02:47.0719 6056 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:47.0719 6056 PolicyAgent - ok
18:02:48.0094 6056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:02:48.0235 6056 PptpMiniport - ok
18:02:48.0547 6056 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:48.0547 6056 ProtectedStorage - ok
18:02:48.0719 6056 protecter.sys - ok
18:02:49.0110 6056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:02:49.0157 6056 PSched - ok
18:02:49.0485 6056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:02:49.0501 6056 Ptilink - ok
18:02:49.0844 6056 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:02:49.0876 6056 PxHelp20 - ok
18:02:50.0219 6056 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:02:50.0235 6056 ql1080 - ok
18:02:50.0641 6056 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:02:50.0657 6056 Ql10wnt - ok
18:02:50.0969 6056 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:02:51.0001 6056 ql12160 - ok
18:02:51.0360 6056 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:02:51.0391 6056 ql1240 - ok
18:02:51.0719 6056 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:02:51.0751 6056 ql1280 - ok
18:02:52.0079 6056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:02:52.0094 6056 RasAcd - ok
18:02:52.0423 6056 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:02:52.0469 6056 RasAuto - ok
18:02:52.0860 6056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:02:52.0891 6056 Rasl2tp - ok
18:02:53.0266 6056 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:02:53.0360 6056 RasMan - ok
18:02:53.0704 6056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:02:53.0876 6056 RasPppoe - ok
18:02:54.0235 6056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:02:54.0313 6056 Raspti - ok
18:02:54.0782 6056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:02:54.0891 6056 Rdbss - ok
18:02:55.0220 6056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:02:55.0235 6056 RDPCDD - ok
18:02:55.0595 6056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:02:55.0673 6056 rdpdr - ok
18:02:56.0110 6056 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:02:56.0157 6056 RDPWD - ok
18:02:56.0501 6056 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:02:56.0860 6056 RDSessMgr - ok
18:02:57.0251 6056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:02:57.0392 6056 redbook - ok
18:02:57.0688 6056 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:02:57.0735 6056 RemoteAccess - ok
18:02:58.0063 6056 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:02:58.0095 6056 RemoteRegistry - ok
18:02:58.0267 6056 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
18:02:58.0392 6056 rpcapd - ok
18:02:58.0704 6056 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:02:58.0751 6056 RpcLocator - ok
18:02:59.0157 6056 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:02:59.0157 6056 RpcSs - ok
18:02:59.0501 6056 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:02:59.0673 6056 RSVP - ok
18:02:59.0985 6056 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:02:59.0985 6056 SamSs - ok
18:03:00.0142 6056 SavRoam (3525fdcfc567e807a337c61aff366be8) C:\Program Files\Symantec AntiVirus\SavRoam.exe
18:03:00.0204 6056 SavRoam - ok
18:03:00.0407 6056 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
18:03:00.0563 6056 SAVRT - ok
18:03:00.0704 6056 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:03:00.0735 6056 SAVRTPEL - ok
18:03:01.0064 6056 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:03:01.0345 6056 SCardSvr - ok
18:03:01.0735 6056 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:03:01.0814 6056 Schedule - ok
18:03:02.0189 6056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:03:02.0220 6056 Secdrv - ok
18:03:02.0532 6056 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:03:02.0564 6056 seclogon - ok
18:03:02.0892 6056 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:03:03.0048 6056 SENS - ok
18:03:03.0407 6056 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:03:03.0485 6056 serenum - ok
18:03:03.0876 6056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:03:03.0907 6056 Serial - ok
18:03:04.0282 6056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:03:04.0298 6056 Sfloppy - ok
18:03:04.0689 6056 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:03:04.0845 6056 SharedAccess - ok
18:03:05.0236 6056 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:03:05.0236 6056 ShellHWDetection - ok
18:03:05.0579 6056 Simbad - ok
18:03:05.0907 6056 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:03:05.0939 6056 sisagp - ok
18:03:06.0486 6056 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
18:03:06.0751 6056 smwdm - ok
18:03:06.0954 6056 SNDSrvc (0d411eea92751c1ecd8453892f41e726) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
18:03:07.0048 6056 SNDSrvc - ok
18:03:07.0392 6056 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:03:07.0407 6056 Sparrow - ok
18:03:07.0626 6056 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:03:07.0829 6056 SPBBCDrv - ok
18:03:08.0376 6056 SPBBCSvc (c830007369e18a54aed23b5bb3afa2ba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
18:03:08.0783 6056 SPBBCSvc - ok
18:03:09.0173 6056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:03:09.0173 6056 splitter - ok
18:03:09.0501 6056 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:03:09.0517 6056 Spooler - ok
18:03:09.0720 6056 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:03:09.0829 6056 SQLBrowser - ok
18:03:09.0908 6056 SQLSERVERAGENT - ok
18:03:10.0048 6056 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:03:10.0064 6056 SQLWriter - ok
18:03:10.0423 6056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:03:10.0470 6056 sr - ok
18:03:10.0861 6056 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:03:10.0939 6056 srservice - ok
18:03:11.0376 6056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:03:11.0486 6056 Srv - ok
18:03:11.0845 6056 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:03:11.0861 6056 sscdbhk5 - ok
18:03:12.0173 6056 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:03:12.0220 6056 SSDPSRV - ok
18:03:12.0564 6056 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
18:03:12.0626 6056 ssrtln - ok
18:03:13.0017 6056 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:03:13.0189 6056 stisvc - ok
18:03:13.0548 6056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:03:13.0548 6056 swenum - ok
18:03:13.0923 6056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:03:13.0939 6056 swmidi - ok
18:03:14.0205 6056 SwPrv - ok
18:03:14.0892 6056 Symantec AntiVirus (8fdaadf204a4f29214da1b03342e2735) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
18:03:15.0455 6056 Symantec AntiVirus - ok
18:03:15.0783 6056 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:03:15.0798 6056 symc810 - ok
18:03:16.0111 6056 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:03:16.0142 6056 symc8xx - ok
18:03:16.0251 6056 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
18:03:16.0298 6056 SymEvent - ok
18:03:16.0658 6056 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:03:16.0673 6056 SYMREDRV - ok
18:03:17.0080 6056 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:03:17.0158 6056 SYMTDI - ok
18:03:17.0486 6056 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:03:17.0517 6056 sym_hi - ok
18:03:17.0814 6056 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:03:17.0830 6056 sym_u3 - ok
18:03:18.0205 6056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:03:18.0252 6056 sysaudio - ok
18:03:18.0580 6056 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:03:18.0642 6056 SysmonLog - ok
18:03:19.0017 6056 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:03:19.0111 6056 TapiSrv - ok
18:03:19.0627 6056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:03:19.0783 6056 Tcpip - ok
18:03:20.0127 6056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:03:20.0158 6056 TDPIPE - ok
18:03:20.0502 6056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:03:20.0517 6056 TDTCP - ok
18:03:20.0877 6056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:03:20.0908 6056 TermDD - ok
18:03:21.0299 6056 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:03:21.0455 6056 TermService - ok
18:03:21.0783 6056 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
18:03:21.0830 6056 tfsnboio - ok
18:03:22.0174 6056 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
18:03:22.0236 6056 tfsncofs - ok
18:03:22.0580 6056 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
18:03:22.0580 6056 tfsndrct - ok
18:03:22.0955 6056 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
18:03:22.0970 6056 tfsndres - ok
18:03:23.0345 6056 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
18:03:23.0439 6056 tfsnifs - ok
18:03:23.0799 6056 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
18:03:23.0830 6056 tfsnopio - ok
18:03:24.0189 6056 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
18:03:24.0236 6056 tfsnpool - ok
18:03:24.0642 6056 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
18:03:24.0752 6056 tfsnudf - ok
18:03:25.0142 6056 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:03:25.0330 6056 tfsnudfa - ok
18:03:25.0689 6056 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:03:25.0689 6056 Themes - ok
18:03:26.0017 6056 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:03:26.0174 6056 TlntSvr - ok
18:03:26.0549 6056 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
18:03:26.0596 6056 tmcomm - ok
18:03:26.0939 6056 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:03:26.0955 6056 TosIde - ok
18:03:27.0236 6056 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:03:27.0283 6056 TrkWks - ok
18:03:27.0627 6056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:03:27.0658 6056 Udfs - ok
18:03:28.0017 6056 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:03:28.0033 6056 ultra - ok
18:03:28.0580 6056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:03:28.0752 6056 Update - ok
18:03:29.0111 6056 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:03:29.0189 6056 upnphost - ok
18:03:29.0518 6056 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:03:29.0533 6056 UPS - ok
18:03:29.0986 6056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:03:30.0018 6056 usbehci - ok
18:03:30.0377 6056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:03:30.0486 6056 usbhub - ok
18:03:30.0846 6056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:03:30.0861 6056 usbuhci - ok
18:03:31.0189 6056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:03:31.0205 6056 VgaSave - ok
18:03:31.0564 6056 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:03:31.0580 6056 viaagp - ok
18:03:31.0924 6056 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:03:31.0924 6056 ViaIde - ok
18:03:32.0252 6056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:03:32.0283 6056 VolSnap - ok
18:03:32.0674 6056 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:03:32.0815 6056 VSS - ok
18:03:33.0205 6056 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:03:33.0299 6056 w32time - ok
18:03:33.0674 6056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:03:33.0690 6056 Wanarp - ok
18:03:34.0002 6056 WDICA - ok
18:03:34.0361 6056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:03:34.0393 6056 wdmaud - ok
18:03:34.0721 6056 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:03:34.0768 6056 WebClient - ok
18:03:35.0330 6056 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:03:35.0565 6056 winachsf - ok
18:03:35.0971 6056 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:03:36.0049 6056 winmgmt - ok
18:03:36.0737 6056 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
18:03:37.0283 6056 WinRM - ok
18:03:37.0674 6056 WinVNC4 (3fc39dc90318c1b72d867fe04962a20f) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
18:03:37.0830 6056 WinVNC4 - ok
18:03:38.0158 6056 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:03:38.0190 6056 WmdmPmSN - ok
18:03:38.0690 6056 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:03:38.0893 6056 Wmi - ok
18:03:39.0283 6056 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:03:39.0346 6056 WmiApSrv - ok
18:03:39.0768 6056 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:03:40.0112 6056 WMPNetworkSvc - ok
18:03:40.0612 6056 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:03:40.0987 6056 WPFFontCache_v0400 - ok
18:03:41.0315 6056 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:03:41.0330 6056 WS2IFSL - ok
18:03:41.0643 6056 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:03:41.0690 6056 wscsvc - ok
18:03:41.0955 6056 WSearch - ok
18:03:42.0268 6056 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:03:42.0346 6056 wuauserv - ok
18:03:42.0705 6056 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:03:42.0737 6056 WudfPf - ok
18:03:43.0096 6056 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:03:43.0143 6056 WudfRd - ok
18:03:43.0471 6056 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:03:43.0502 6056 WudfSvc - ok
18:03:43.0956 6056 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:03:44.0143 6056 WZCSVC - ok
18:03:44.0487 6056 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:03:44.0549 6056 xmlprov - ok
18:03:44.0565 6056 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
18:03:44.0596 6056 \Device\Harddisk0\DR0 - ok
18:03:44.0627 6056 Boot (0x1200) (bdeb344ab48c3f43f6f7acfb0722ad62) \Device\Harddisk0\DR0\Partition0
18:03:44.0627 6056 \Device\Harddisk0\DR0\Partition0 - ok
18:03:44.0627 6056 ============================================================
18:03:44.0627 6056 Scan finished
18:03:44.0627 6056 ============================================================
18:03:44.0643 3620 Detected object count: 0
18:03:44.0643 3620 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 18:06:36
-----------------------------
18:06:36.289 OS Version: Windows 5.1.2600 Service Pack 3
18:06:36.289 Number of processors: 2 586 0x304
18:06:36.289 ComputerName: PK UserName:
18:06:38.180 Initialize success
18:10:21.690 AVAST engine defs: 12041701
18:10:26.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:10:26.581 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
18:10:26.643 Disk 0 MBR read successfully
18:10:26.643 Disk 0 MBR scan
18:10:26.878 Disk 0 unknown MBR code
18:10:26.925 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
18:10:27.221 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72669 MB offset 64260
18:10:27.487 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 148890420
18:10:27.581 Disk 0 scanning sectors +156232125
18:10:27.893 Disk 0 scanning C:\WINDOWS\system32\drivers
18:11:32.209 Service scanning
18:12:12.789 Service MpKslfd4fea97 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC054C8D-2682-49A5-93D3-671C59DF4F34}\MpKslfd4fea97.sys **LOCKED** 32
18:15:41.985 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\myname\Desktop\MBR.dat"
18:15:41.985 The log file has been saved successfully to "C:\Documents and Settings\myname\Desktop\aswMBR.txt"

Edited by gorfmeister, 17 April 2012 - 11:44 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 17 April 2012 - 08:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
Driver::
jcfopgij
jhmkbxqd
kulfqsgy
nubwcwyq

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gorfmeister

gorfmeister
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 17 April 2012 - 11:39 PM

For the last step, I had to work remotely on the computer. Sometime during the running of ComboFix, I lost my connection. When I was able to reconnect, the computer had rebooted and ComboFix was finishing its log. Even though it said to not run any programs, I couldn't prevent the auto startup programs from running.

The only problems I have are:

1. When I reboot, I get a new hardware detected window (search for drivers), but it doesn't say what the new hardware is. I always cancel it without having it look for drivers. This started happening about a day ago and it happened with the most recent reboot.

2. Sometimes, at random times, one or more of the open applications "freeze" for about 5 to 15 minutes. The Task Manager shows their status as "Not Responding". These are often idle applications (i.e. an open Word document or an Internet Explorer window that has already finished displaying the page). I need to use the computer a while to see if the last step fixed this problem.


ComboFix 12-04-17.01 - myname 04/17/2012 20:46:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1129 [GMT -7:00]
Running from: c:\documents and settings\myname\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\myname\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\ODCTOOLS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jcfopgij
-------\Service_jhmkbxqd
-------\Service_kulfqsgy
-------\Service_nubwcwyq
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-17 23:29 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC054C8D-2682-49A5-93D3-671C59DF4F34}\mpengine.dll
2012-04-17 20:29 . 2012-04-17 20:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-04-14 20:37 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-13 18:20 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-13 18:14 . 2012-04-13 18:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-13 15:02 . 2012-04-13 15:02 14024 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-04-13 14:50 . 2012-04-13 14:50 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys
2012-04-13 14:43 . 2012-04-13 14:43 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-13 14:32 . 2012-04-13 14:39 -------- d-----w- c:\documents and settings\myname\Application Data\QuickScan
2012-04-10 23:23 . 2012-04-10 23:23 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-10 20:42 . 2012-04-10 20:42 -------- d-----w- c:\program files\Common Files\Java
2012-04-10 20:42 . 2012-04-10 20:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-10 20:40 . 2012-04-14 01:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:09 . 2011-05-13 19:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 20:41 . 2010-06-01 15:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2010-03-30 20:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 20:10 . 2010-04-15 15:01 4777280 ----a-w- c:\windows\system32\procexp.exe
2012-02-03 09:22 . 2004-08-04 11:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-17_21.49.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-18 04:16 . 2012-04-18 04:16 16384 c:\windows\Temp\Perflib_Perfdata_624.dat
+ 2011-07-21 15:26 . 2012-04-17 23:50 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A83000000003}\SC_Reader.exe
- 2011-07-21 15:26 . 2012-04-10 20:46 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A83000000003}\SC_Reader.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"WebMonitor"="c:\program files\west wind web monitor\Webmonitor.exe" [2005-04-30 20480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2006-09-28 125168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-05 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-24 8491008]
"nwiz"="nwiz.exe" [2008-07-24 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-24 81920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\myname\Start Menu\Programs\Startup\
WebTime.lnk - c:\util\WebTime.exe [2005-8-5 139264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2011-8-30 40368]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2011-8-30 738776]
Eudora.lnk - c:\program files\Qualcomm\Eudora\Eudora.exe [2005-2-2 2658304]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 18:01 8704 ----a-w- c:\windows\SYSTEM32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [10/20/2009 11:19 AM 50704]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/10/2012 3:11 AM 106104]
S1 MpKslfd4fea97;MpKslfd4fea97;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC054C8D-2682-49A5-93D3-671C59DF4F34}\MpKslfd4fea97.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC054C8D-2682-49A5-93D3-671C59DF4F34}\MpKslfd4fea97.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 1:40 PM 253088]
S3 protecter.sys;protecter.sys;\??\c:\documents and settings\myname\Local Settings\Temp\BDRemovalTool\protecter.sys --> c:\documents and settings\myname\Local Settings\Temp\BDRemovalTool\protecter.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 01:09]
.
2008-11-14 c:\windows\Tasks\Freecell.job
- c:\windows\SYSTEM32\freecell.exe [2004-08-04 11:00]
.
2012-04-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2012-04-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
2012-04-18 c:\windows\Tasks\WebTime.job
- c:\util\WebTime.exe [2005-08-05 06:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{EBA852C2-4811-4398-A702-656C8543FF0C}: NameServer = 192.168.40.2
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 21:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2074698520-597062257-1931810814-1029\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1208)
c:\program files\Bonjour\mdnsNSP.dll
.
- - - - - - - > 'explorer.exe'(3052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\pcAnywhere\awhost32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\logon.scr
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-04-17 21:36:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 04:36
ComboFix2.txt 2012-04-17 21:55
.
Pre-Run: 28,561,530,880 bytes free
Post-Run: 28,727,246,848 bytes free
.
- - End Of File - - C273187EABFCD17EB3C1B6F1580BAD56

Edited by gorfmeister, 17 April 2012 - 11:42 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 18 April 2012 - 06:03 AM

Hello


go into device manager and look for anything with a yellow question mark or exclamation mark - uninstall that device



:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 6.0.1
Adobe Reader 8.2.1
Adobe Reader 8.3.1
BitTorrent
Internet Explorer Default Page
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gorfmeister

gorfmeister
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 18 April 2012 - 10:36 AM

I removed the unknown device.

I didn't understand about removing "Internet Explorer Default Page". My default page is set to blank.

re Adobe Reader: I have Adobe Acrobat 6.0 for creating PDF files and it doesn't work well other versions of Reader, so I need to upgrade it or replace it first before I can mess with my Reader installations.

Other issues:

Last night MSE removed Trojan:JS/Alescurf.D and Trojan:JS/Redirector.IR files from the Windows\Temp directory. Every time for the last 4 nights, between 3:00 and 4:00 AM, there are similar entries in my history log.

When I start IE, it says it is not my default browser. I don't use any other browsers or have any other browser installed.

When I reboot, Outlook Express asks to compress files. I don't use Outlook Express.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
myname :: PK [administrator]

4/17/2012 8:40:26 AM
mbam-log-2012-04-17 (08-40-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256322
Time elapsed: 55 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:10:51 AM, on 4/18/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\program files\west wind web monitor\Webmonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WebMonitor] "c:\program files\west wind web monitor\Webmonitor.exe" -trayicon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: WebTime.lnk = C:\util\WebTime.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Eudora.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://symantec2.atgnow.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105390711262
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161185916016
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://64.60.131.202/activex/AxisCamControl.ocx
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=724
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mydomain.com
O17 - HKLM\Software\..\Telephony: DomainName = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA852C2-4811-4398-A702-656C8543FF0C}: NameServer = 192.168.40.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mydomain.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 14277 bytes

Edited by gorfmeister, 18 April 2012 - 10:39 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:28 PM

Posted 18 April 2012 - 10:47 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
      O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [WebMonitor] "c:\program files\west wind web monitor\Webmonitor.exe" -trayicon
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: WebTime.lnk = C:\util\WebTime.exe
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Eudora.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gorfmeister

gorfmeister
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 18 April 2012 - 11:57 PM

OUCH! ... 12 hours to complete the scan!

Do you have feedback about my other issues?

1. Last night MSE removed Trojan:JS/Alescurf.D and Trojan:JS/Redirector.IR files from the Windows\Temp directory. Every time for the last 4 nights, between 3:00 and 4:00 AM, there are similar entries in my history log.

2. When I start IE, it says it is not my default browser. I don't use any other browsers or have any other browser installed.

3. When I reboot, Outlook Express asks to compress files. I don't use Outlook Express.


C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2458\A0126688.exe a variant of Win32/Kryptik.AECJ trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users