Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP freezes up/locks constantly


  • Please log in to reply
6 replies to this topic

#1 rxmurphy

rxmurphy

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 09 May 2012 - 11:26 AM

Hi. Windows XP keeps locking up on me. Almost always when I click "My Computer" to search for a file, and usually when I click "Print" to print a word document. The print functions freezes for about 20-60 seconds. The my computer freeze can be that short, or as long as forever and I have to ctr-alt-del to kill it and try again.

I run Symantec Endpoint AV, SuperAntiSpyware and Malwarebytes pretty religiously, looks clean from there.

Any ideas would be appreciated.

Thanks!

BC AdBot (Login to Remove)

 


#2 Pizza and Pepsi

Pizza and Pepsi

  • Members
  • 277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CA
  • Local time:09:17 PM

Posted 09 May 2012 - 07:01 PM

My name is Pizza and Pepsi. I will try to give you a hand and help you solve the problem.


Lets run Security Check.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Please download MiniToolBox and run it.

Checkmark following boxes:


List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size


Click Go and post the result.




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com).
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.




I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Hold down Control and click on this link to open ESET OnlineScan in a new window.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the Posted Image
icon on your desktop.

Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
On ESET: Click the Back button, then the Finish button.


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Post the logs and tell me how the computer is running now.
Malware shall not pass!

#3 rxmurphy

rxmurphy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 10 May 2012 - 11:11 AM

Thank you. let's see how we did. Here are the logs you requested. Computer is still running the same, still locks up for a bit when I search for a file in My Computer, the Print function will lock for a bit, even Microsoft Outlook occasionally will freeze up when I click on a message, then it opens it after it thaws.


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
Java™ 6 Update 31
Java™ SE Runtime Environment 6
Adobe Flash Player 11.2.202.233
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````



MiniToolBox by Farbar Version: 18-01-2012
Ran by rmurphy (administrator) on 10-05-2012 at 09:44:27
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/10/2012 09:41:52 AM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Word.

Error: (05/10/2012 08:59:53 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for TMAC\rmurphy failed to contact the active directory (0x8007054b).

The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (05/10/2012 08:58:43 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain

either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/10/2012 08:55:53 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).

The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (05/10/2012 08:55:52 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain

either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/10/2012 06:36:36 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang

address 0x00000000.

Error: (05/10/2012 06:36:34 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6661.5000, hang module hungapp, version 0.0.0.0, hang

address 0x00000000.

Error: (05/10/2012 06:35:07 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for TMAC\rmurphy failed to contact the active directory (0x8007054b).

The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (05/10/2012 06:33:57 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain

either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/10/2012 03:42:31 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that

wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (05/10/2012 09:41:58 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (05/10/2012 09:11:43 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (05/10/2012 08:58:19 AM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service hung on starting.

Error: (05/10/2012 08:56:54 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (05/10/2012 08:56:54 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (05/10/2012 08:56:28 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (05/10/2012 08:56:28 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (05/10/2012 08:55:46 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain TMAC due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (05/10/2012 08:55:10 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.106 for the Network Card with network address 001F3CA0B6BB has been
denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/10/2012 07:41:18 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain TMAC due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================
Error: (02/06/2012 11:52:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft

Office Version: 12.0.6425.1000. This session lasted 7740 seconds with 1140 seconds of active time. This session

ended with a crash.

Error: (12/09/2011 01:58:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a

crash.

Error: (12/09/2011 01:57:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 1471 seconds with 1380 seconds of active time. This session ended with

a crash.

Error: (10/26/2011 02:59:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 5722 seconds with 1440 seconds of active time. This session ended with

a crash.

Error: (09/22/2011 01:38:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 484 seconds with 420 seconds of active time. This session ended with a

crash.

Error: (09/22/2011 01:29:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 2525 seconds with 720 seconds of active time. This session ended with

a crash.

Error: (09/09/2011 05:00:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 3647 seconds with 660 seconds of active time. This session ended with

a crash.

Error: (08/31/2011 02:07:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft

Office Version: 12.0.6425.1000. This session lasted 586 seconds with 120 seconds of active time. This session ended

with a crash.

Error: (08/07/2011 10:28:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 13994 seconds with 120 seconds of active time. This session ended with

a crash.

Error: (07/12/2011 05:14:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft

Office Version: 12.0.6425.1000. This session lasted 5514 seconds with 660 seconds of active time. This session

ended with a crash.


=========================== Installed Programs ============================

Meeting Manager for Mozilla Firefox/Netscape Navigator (Version: 7.5.3)
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
32 Bit HP CIO Components Installer (Version: 1.0.0)
7-Zip 4.65
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 8 Professional (Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional (Version: 8.3.1)
Adobe Acrobat 9 Pro (Version: 9.3.0)
Adobe Acrobat 9.3.0 - CPSID_52073
Adobe Acrobat Connect Add-in for Microsoft Outlook
Adobe Acrobat Connect Add-in for Microsoft Outlook (Version: 1.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Connect Add-in
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Photoshop Elements 9 (Version: 9.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Presenter 7 (Version: 7.0)
Agere Systems HDA Modem
AiO_Scan (Version: 50.0.227.000)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Amazon MP3 Uploader (Version: 1.0.7)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Ant Renamer (Version: 2.10.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Application Installer 4.00.B14 (Version: 4.00.B14)
ArcSoft MediaImpression (Version: 1.2.26.429)
AutoHistorySetup (Version: 1.0.0)
Bing Bar (Version: 5.0.1363.0)
Bing Bar Platform (Version: 5.0.1423.0)
Bonjour (Version: 3.0.0.10)
Boxee
BPD_Scan (Version: 3.00.0000)
BufferChm (Version: 53.0.13.000)
Canon Camera Access Library (Version: 8.2.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Utilities EOS Utility (Version: 1.0.4.18)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CCleaner (Version: 3.16)
Cisco Systems VPN Client 5.0.01.0600 (Version: 5.0.1)
Collaboration Data Objects 1.2.1 (Version: 6.5.8067.0)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder (Version: 1.00.0000)
Deployment Manager 1.2.0.219 (Version: 1.2.0.219)
Destinations (Version: 53.0.13.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
Discovery Manager MIS
Document Express DjVu Plug-in (Version: 6.1.26155)
Drive Encryption for HP ProtectTools (Version: 1.0.1)
Dropbox (Version: 1.2.52)
DVD Shrink 3.2
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
Epson Copy Utility 3.5 (Version: 3.5.0.0)
Epson Event Manager (Version: 2.30.01)
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Perfection V500P User's Guide
EPSON Scan
eSupportQFolder (Version: 1.00.0000)
Evernote v. 4.5.2 (Version: 4.5.2.5904)
Evicel Economic Model v1.0
Facemoods Toolbar
FileZilla Client 3.5.3 (Version: 3.5.3)
Folder Size Shell Extension v3.2
Free YouTube Downloader 3.3.120
Freemake Video Converter version 3.0.2 (Version: 3.0.2)
Google Chrome (Version: 18.0.1025.168)
Google Earth (Version: 5.2.1.1588)
Google Update Helper (Version: 1.2.183.29)
GoToMeeting 4.8.0.721 (Version: 4.8.0.721)
GoToMyPC
HandBrake 0.9.5 (Version: 0.9.5)
HP 3D DriveGuard (Version: 1.00 A4)
HP Backup and Recovery Manager Installer (Version: 2.4)
HP BIOS Configuration for ProtectTools (Version: 3.00 A1)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet 5900 series (Version: 5.0)
HP Doc Viewer (Version: 1.01.0005)
HP Help and Support (Version: 4.4.0002)
HP Imaging Device Functions 5.0 (Version: 5.0)
HP LaserJet 3050/3052/3055/3390/3392 4.0 (Version: 4.0)
HP Notebook Accessories Product Tour (Version: 13.0.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP ProtectTools Security Manager (Version: 3.00 A10)
HP PSC & OfficeJet 5.3.B
HP Quick Launch Buttons 6.40 B2 (Version: 6.40 B2)
HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)
HP Update (Version: 4.000.006.003)
HP User Guide Bluetooth Addendum 0062 (Version: 1.01.0000)
HP User Guides 0064 (Version: 1.03.0000)
HP Wireless Assistant (Version: 3.00 G1)
HPDeskjet5900Series (Version: 1.00.0000)
hpp3390usg (Version: 000.105.00099)
hppfaxdrv3390 (Version: 001.102.00066)
hppFaxUtility (Version: 001.102.00066)
hppFonts (Version: 001.001.00056)
hppIOFiles (Version: 002.000.00030)
hppLJ3390 (Version: 001.102.00067)
hppManuals3390 (Version: 001.102.00067)
HPProductAssistant (Version: 53.0.13.000)
hppscan3390 (Version: 001.102.00071)
hppScanTo (Version: 001.102.00067)
hppSendFax (Version: 001.102.00066)
hppTooCool (Version: 003.000.00004)
hppToolBoxFX (Version: 001.006.00099)
hpzTLBXFX (Version: 002.005.00191)
Intel® Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD
InterVideo WinDVD (Version: 5.0-B11.1164)
IRMS 5 Development Client Uninstall (Version: 5)
IRMS 5 Production Client Uninstall (Version: 5)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.6.0.40)
iTunes Library Updater (Version: 1.2.2)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
LightScribe 1.6.43.1 (Version: 1.6.43.1)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.69)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Harmony Remote Software 7 (Version: 7.6.0.8)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech High Quality Video (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LogMeIn (Version: 4.0.784)
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (Version: 1)
Macromedia FlashPaper 2 (Version: 2.0.0)
MakeMKV v1.6.16 (Version: v1.6.16)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Manual of Drug Safety (Version: 1.00.0000)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Access 2002 Runtime (Version: 10.0.6626.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.201)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
Music Manager
Musicnotes Software Suite 1.5.3 (Version: 1.5.3)
NetDeviceManager (Version: 90.0.192.000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF-XChange 3
Picasa 3 (Version: 3.8)
PrintFolder 1.3
PuTTY version 0.60 (Version: 0.60)
Quicken 2012 (Version: 21.1.7.18)
QuickTime (Version: 7.69.80.9)
Remote Control USB Driver (Version: 2.3.2.317)
Revo Uninstaller 1.91 (Version: 1.91)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Basic v9 (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler 3 (Version: 2.1.0)
Scan (Version: 8.1.0.0)
Scheduler (Version: 1.0.0)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Skype web features (Version: 1.0.3971)
Skype™ 4.1 (Version: 4.1.166)
SmartFTP Client (Version: 4.0.1144.0)
SmartFTP Client 4.0 Setup Files (remove only) (Version: 4.0)
SolutionCenter (Version: 50.0.152.000)
Sonic Activation Module (Version: 1.0)
SoundMAX (Version: 5.10.01.5160)
Status (Version: 53.0.13.000)
SUPERAntiSpyware (Version: 4.50.1002)
Symantec Endpoint Protection (Version: 11.0.4000.2295)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
TrayApp (Version: 53.0.13.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
VLC media player 2.0.1 (Version: 2.0.1)
VNC Free Edition 4.1.3 (Version: 4.1.3)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows PowerShell™ 1.0 (Version: 2)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinSCP 4.2.9 (Version: 4.2.9)
Xtension Recorder from Comvurgent

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 3063.23 MB
Available physical RAM: 2075.23 MB
Total Pagefile: 5964.89 MB
Available Pagefile: 5110.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.44 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:65.21 GB) (Free:1.21 GB) NTFS
3 Drive e: (HP_RECOVERY) (Fixed) (Total:9.32 GB) (Free:9.06 GB) NTFS
4 Drive p: () (Network) (Total:136.5 GB) (Free:37.04 GB) NTFS
6 Drive z: () (Network) (Total:136.5 GB) (Free:37.04 GB) NTFS

========================= Users: ========================================

User accounts for \\TMAC_RMURPHY2

Guest HelpAssistant nuageadmin
Rmurphy SUPPORT_388945a0


**** End of log ****


09:49:03.0890 5452 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:49:04.0296 5452 ============================================================
09:49:04.0296 5452 Current date / time: 2012/05/10 09:49:04.0296
09:49:04.0296 5452 SystemInfo:
09:49:04.0296 5452
09:49:04.0296 5452 OS Version: 5.1.2600 ServicePack: 3.0
09:49:04.0296 5452 Product type: Workstation
09:49:04.0296 5452 ComputerName: TMAC_RMURPHY2
09:49:04.0296 5452 UserName: rmurphy
09:49:04.0296 5452 Windows directory: C:\WINDOWS
09:49:04.0296 5452 System windows directory: C:\WINDOWS
09:49:04.0296 5452 Processor architecture: Intel x86
09:49:04.0296 5452 Number of processors: 2
09:49:04.0296 5452 Page size: 0x1000
09:49:04.0296 5452 Boot type: Normal boot
09:49:04.0296 5452 ============================================================
09:49:08.0921 5452 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders:

0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:49:08.0921 5452 ============================================================
09:49:08.0921 5452 \Device\Harddisk0\DR0:
09:49:08.0921 5452 MBR partitions:
09:49:08.0921 5452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x826CFC2
09:49:08.0921 5452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x826D001, BlocksNum 0x12A14C0
09:49:08.0921 5452 ============================================================
09:49:08.0953 5452 C: <-> \Device\Harddisk0\DR0\Partition0
09:49:08.0984 5452 E: <-> \Device\Harddisk0\DR0\Partition1
09:49:08.0984 5452 ============================================================
09:49:08.0984 5452 Initialize success
09:49:08.0984 5452 ============================================================
09:49:22.0609 4520 ============================================================
09:49:22.0609 4520 Scan started
09:49:22.0609 4520 Mode: Manual;
09:49:22.0609 4520 ============================================================
09:49:24.0171 4520 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program

Files\SUPERAntiSpyware\SASCORE.EXE
09:49:24.0187 4520 !SASCORE - ok
09:49:24.0312 4520 Abiosdsk - ok
09:49:24.0328 4520 abp480n5 - ok
09:49:24.0359 4520 Accelerometer (ac24b66995aff48be6b2f8cc3ca843c7) C:\WINDOWS\system32

\DRIVERS\Accelerometer.sys
09:49:24.0359 4520 Accelerometer - ok
09:49:24.0500 4520 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common

Files\ArcSoft\Connection Service\Bin\ACService.exe
09:49:24.0500 4520 ACDaemon - ok
09:49:24.0562 4520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:49:24.0562 4520 ACPI - ok
09:49:24.0609 4520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:49:24.0609 4520 ACPIEC - ok
09:49:24.0671 4520 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32

\drivers\ADIHdAud.sys
09:49:24.0671 4520 ADIHdAudAddService - ok
09:49:24.0781 4520 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files\Adobe\Elements

9 Organizer\PhotoshopElementsFileAgent.exe
09:49:24.0781 4520 AdobeActiveFileMonitor9.0 - ok
09:49:24.0875 4520 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32

\Macromed\Flash\FlashPlayerUpdateService.exe
09:49:24.0875 4520 AdobeFlashPlayerUpdateSvc - ok
09:49:24.0890 4520 adpu160m - ok
09:49:24.0921 4520 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
09:49:24.0921 4520 AEAudio - ok
09:49:24.0953 4520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:49:24.0968 4520 aec - ok
09:49:25.0015 4520 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
09:49:25.0015 4520 Afc - ok
09:49:25.0046 4520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:49:25.0046 4520 AFD - ok
09:49:25.0093 4520 AgereModemAudio (9c9d3b7a05445b1ab2df4d0c4d6b77e8) C:\Program Files\LSI

SoftModem\agrsmsvc.exe
09:49:25.0093 4520 AgereModemAudio - ok
09:49:25.0234 4520 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
09:49:25.0250 4520 AgereSoftModem - ok
09:49:25.0250 4520 Aha154x - ok
09:49:25.0250 4520 aic78u2 - ok
09:49:25.0265 4520 aic78xx - ok
09:49:25.0296 4520 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:49:25.0296 4520 Alerter - ok
09:49:25.0312 4520 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:49:25.0312 4520 ALG - ok
09:49:25.0343 4520 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:49:25.0343 4520 AliIde - ok
09:49:25.0343 4520 amsint - ok
09:49:25.0453 4520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common

Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:49:25.0453 4520 Apple Mobile Device - ok
09:49:25.0500 4520 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:49:25.0500 4520 AppMgmt - ok
09:49:25.0531 4520 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:49:25.0546 4520 Arp1394 - ok
09:49:25.0546 4520 asc - ok
09:49:25.0562 4520 asc3350p - ok
09:49:25.0562 4520 asc3550 - ok
09:49:25.0671 4520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad)

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:49:25.0734 4520 aspnet_state - ok
09:49:25.0750 4520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:49:25.0750 4520 AsyncMac - ok
09:49:25.0765 4520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:49:25.0765 4520 atapi - ok
09:49:25.0765 4520 Atdisk - ok
09:49:25.0796 4520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:49:25.0796 4520 Atmarpc - ok
09:49:25.0843 4520 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
09:49:25.0843 4520 ATSWPDRV - ok
09:49:25.0875 4520 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:49:25.0875 4520 AudioSrv - ok
09:49:25.0875 4520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:49:25.0875 4520 audstub - ok
09:49:25.0906 4520 b57w2k (74a65415dfaad20f06e7550fa9b6e012) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:49:25.0921 4520 b57w2k - ok
09:49:25.0937 4520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:49:25.0937 4520 Beep - ok
09:49:25.0984 4520 BFRD4G (460858b93ca8146a0cb3abcafb1e4a92) C:\WINDOWS\system32\DRIVERS\BFRD4G.sys
09:49:25.0984 4520 BFRD4G - ok
09:49:26.0031 4520 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:49:26.0046 4520 BITS - ok
09:49:26.0156 4520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program

Files\Bonjour\mDNSResponder.exe
09:49:26.0171 4520 Bonjour Service - ok
09:49:26.0203 4520 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:49:26.0203 4520 Browser - ok
09:49:26.0234 4520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:49:26.0234 4520 cbidf2k - ok
09:49:26.0281 4520 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
09:49:26.0296 4520 CCALib8 - ok
09:49:26.0328 4520 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:49:26.0328 4520 CCDECODE - ok
09:49:26.0390 4520 ccEvtMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
09:49:26.0390 4520 ccEvtMgr - ok
09:49:26.0406 4520 ccSetMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
09:49:26.0406 4520 ccSetMgr - ok
09:49:26.0406 4520 cd20xrnt - ok
09:49:26.0421 4520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:49:26.0421 4520 Cdaudio - ok
09:49:26.0453 4520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:49:26.0453 4520 Cdfs - ok
09:49:26.0468 4520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:49:26.0468 4520 Cdrom - ok
09:49:26.0468 4520 Changer - ok
09:49:26.0500 4520 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:49:26.0515 4520 CiSvc - ok
09:49:26.0531 4520 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:49:26.0531 4520 ClipSrv - ok
09:49:26.0625 4520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c)

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:49:26.0640 4520 clr_optimization_v2.0.50727_32 - ok
09:49:26.0687 4520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841)

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:49:26.0687 4520 clr_optimization_v4.0.30319_32 - ok
09:49:26.0703 4520 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:49:26.0703 4520 CmBatt - ok
09:49:26.0703 4520 CmdIde - ok
09:49:26.0734 4520 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
09:49:26.0734 4520 COH_Mon - ok
09:49:26.0750 4520 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:49:26.0765 4520 Compbatt - ok
09:49:26.0765 4520 COMSysApp - ok
09:49:26.0781 4520 Cpqarray - ok
09:49:26.0812 4520 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:49:26.0812 4520 CryptSvc - ok
09:49:26.0828 4520 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:49:26.0828 4520 CVirtA - ok
09:49:27.0015 4520 CVPND (dad192d12dd0b4c92f6843203852829f) C:\Program Files\Cisco Systems\VPN

Client\cvpnd.exe
09:49:27.0062 4520 CVPND - ok
09:49:27.0234 4520 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:49:27.0234 4520 CVPNDRVA - ok
09:49:27.0250 4520 dac2w2k - ok
09:49:27.0250 4520 dac960nt - ok
09:49:27.0312 4520 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:49:27.0312 4520 DcomLaunch - ok
09:49:27.0343 4520 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:49:27.0359 4520 Dhcp - ok
09:49:27.0390 4520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:49:27.0390 4520 Disk - ok
09:49:27.0406 4520 dmadmin - ok
09:49:27.0500 4520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:49:27.0500 4520 dmboot - ok
09:49:27.0515 4520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:49:27.0531 4520 dmio - ok
09:49:27.0546 4520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:49:27.0546 4520 dmload - ok
09:49:27.0578 4520 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:49:27.0578 4520 dmserver - ok
09:49:27.0609 4520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:49:27.0609 4520 DMusic - ok
09:49:27.0656 4520 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:49:27.0656 4520 DNE - ok
09:49:27.0687 4520 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:49:27.0687 4520 Dnscache - ok
09:49:27.0718 4520 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:49:27.0718 4520 Dot3svc - ok
09:49:27.0750 4520 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
09:49:27.0750 4520 Dot4Scan - ok
09:49:27.0750 4520 dpti2o - ok
09:49:27.0781 4520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:49:27.0781 4520 drmkaud - ok
09:49:27.0812 4520 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:49:27.0812 4520 EapHost - ok
09:49:27.0921 4520 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec

Shared\EENGINE\eeCtrl.sys
09:49:27.0921 4520 eeCtrl - ok
09:49:27.0968 4520 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common

Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:49:27.0968 4520 EraserUtilRebootDrv - ok
09:49:27.0984 4520 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:49:28.0000 4520 ERSvc - ok
09:49:28.0031 4520 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:49:28.0031 4520 Eventlog - ok
09:49:28.0078 4520 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:49:28.0078 4520 EventSystem - ok
09:49:28.0109 4520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:49:28.0109 4520 Fastfat - ok
09:49:28.0156 4520 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32

\shsvcs.dll
09:49:28.0156 4520 FastUserSwitchingCompatibility - ok
09:49:28.0187 4520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:49:28.0187 4520 Fdc - ok
09:49:28.0203 4520 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
09:49:28.0203 4520 FilterService - ok
09:49:28.0234 4520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:49:28.0234 4520 Fips - ok
09:49:28.0296 4520 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:49:28.0296 4520 FLEXnet Licensing Service - ok
09:49:28.0312 4520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:49:28.0328 4520 Flpydisk - ok
09:49:28.0328 4520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:49:28.0328 4520 FltMgr - ok
09:49:28.0421 4520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0

\WPF\PresentationFontCache.exe
09:49:28.0421 4520 FontCache3.0.0.0 - ok
09:49:28.0609 4520 Freemake Improver (8ac0c46bc52f652143582610561d2ea2) C:\Documents and Settings\All

Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
09:49:28.0609 4520 Freemake Improver - ok
09:49:28.0656 4520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:49:28.0656 4520 Fs_Rec - ok
09:49:28.0671 4520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:49:28.0671 4520 Ftdisk - ok
09:49:28.0718 4520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32

\DRIVERS\GEARAspiWDM.sys
09:49:28.0734 4520 GEARAspiWDM - ok
09:49:28.0781 4520 GoToMyPC (5dc8bd56381285ebf778724983e05b33) C:\Program

Files\Citrix\GoToMyPC\g2svc.exe
09:49:28.0781 4520 GoToMyPC - ok
09:49:28.0796 4520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:49:28.0796 4520 Gpc - ok
09:49:28.0859 4520 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program

Files\Google\Update\GoogleUpdate.exe
09:49:28.0859 4520 gupdate - ok
09:49:28.0890 4520 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
09:49:28.0906 4520 gusvc - ok
09:49:28.0937 4520 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
09:49:28.0937 4520 HBtnKey - ok
09:49:28.0968 4520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:49:28.0968 4520 HDAudBus - ok
09:49:29.0015 4520 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd)

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:49:29.0015 4520 helpsvc - ok
09:49:29.0046 4520 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:49:29.0046 4520 HidServ - ok
09:49:29.0062 4520 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:49:29.0062 4520 HidUsb - ok
09:49:29.0109 4520 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:49:29.0109 4520 hkmsvc - ok
09:49:29.0140 4520 hpdskflt (4f586a990238ab147099bc76c07c566e) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
09:49:29.0140 4520 hpdskflt - ok
09:49:29.0234 4520 HpFkCryptService (fac83c27d09da59e9687b33bc100cf67) c:\Program Files\Hewlett-Packard\Drive

Encryption\HpFkCrypt.exe
09:49:29.0250 4520 HpFkCryptService - ok
09:49:29.0265 4520 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\WINDOWS\system32\drivers\hpfxbulk.sys
09:49:29.0265 4520 HPFXBULK - ok
09:49:29.0265 4520 hpn - ok
09:49:29.0343 4520 hpqcxs08 (390920e11d7729a7b98799ebe20e38fb) C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpqcxs08.dll
09:49:29.0343 4520 hpqcxs08 - ok
09:49:29.0375 4520 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32

\DRIVERS\HpqKbFiltr.sys
09:49:29.0375 4520 HpqKbFiltr - ok
09:49:29.0421 4520 hpqwmiex (f8968c9778f25a90a35755c3c97c7f62) C:\Program Files\Hewlett-

Packard\Shared\hpqWmiEx.exe
09:49:29.0421 4520 hpqwmiex - ok
09:49:29.0468 4520 HPSLPSVC (107a4d4e76beba6219a88b09a801e843) C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\HPSLPSVC32.DLL
09:49:29.0484 4520 HPSLPSVC - ok
09:49:29.0500 4520 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:49:29.0500 4520 HPZid412 - ok
09:49:29.0515 4520 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:49:29.0515 4520 HPZipr12 - ok
09:49:29.0531 4520 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:49:29.0531 4520 HPZius12 - ok
09:49:29.0593 4520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:49:29.0593 4520 HTTP - ok
09:49:29.0625 4520 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:49:29.0625 4520 HTTPFilter - ok
09:49:29.0625 4520 i2omgmt - ok
09:49:29.0640 4520 i2omp - ok
09:49:29.0671 4520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:49:29.0671 4520 i8042prt - ok
09:49:30.0062 4520 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:49:30.0171 4520 ialm - ok
09:49:30.0359 4520 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:49:30.0359 4520 iaStor - ok
09:49:30.0437 4520 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:49:30.0437 4520 IDriverT - ok
09:49:30.0578 4520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0

\Windows Communication Foundation\infocard.exe
09:49:30.0609 4520 idsvc - ok
09:49:30.0671 4520 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
09:49:30.0671 4520 IFXTPM - ok
09:49:30.0687 4520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:49:30.0703 4520 Imapi - ok
09:49:30.0734 4520 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:49:30.0734 4520 ImapiService - ok
09:49:30.0734 4520 ini910u - ok
09:49:30.0765 4520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:49:30.0765 4520 IntelIde - ok
09:49:30.0812 4520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:49:30.0828 4520 intelppm - ok
09:49:30.0843 4520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:49:30.0859 4520 Ip6Fw - ok
09:49:30.0875 4520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:49:30.0890 4520 IpFilterDriver - ok
09:49:30.0906 4520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:49:30.0906 4520 IpInIp - ok
09:49:30.0921 4520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:49:30.0937 4520 IpNat - ok
09:49:31.0109 4520 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
09:49:31.0125 4520 iPod Service - ok
09:49:31.0156 4520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:49:31.0171 4520 IPSec - ok
09:49:31.0171 4520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:49:31.0171 4520 IRENUM - ok
09:49:31.0203 4520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:49:31.0203 4520 isapnp - ok
09:49:31.0265 4520 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common

Files\InterVideo\RegMgr\iviRegMgr.exe
09:49:31.0265 4520 IviRegMgr - ok
09:49:31.0421 4520 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6

\bin\jqs.exe
09:49:31.0421 4520 JavaQuickStarterService - ok
09:49:31.0453 4520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:49:31.0453 4520 Kbdclass - ok
09:49:31.0468 4520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:49:31.0468 4520 kbdhid - ok
09:49:31.0515 4520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:49:31.0515 4520 kmixer - ok
09:49:31.0546 4520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:49:31.0546 4520 KSecDD - ok
09:49:31.0578 4520 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:49:31.0578 4520 lanmanserver - ok
09:49:31.0593 4520 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:49:31.0593 4520 lanmanworkstation - ok
09:49:31.0609 4520 lbrtfdc - ok
09:49:31.0656 4520 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
09:49:31.0656 4520 LightScribeService - ok
09:49:31.0921 4520 LiveUpdate (e553c4b4b7b4b86cd71a2dfee1b58131) C:\PROGRA~1\Symantec\LIVEUP~1

\LUCOMS~1.EXE
09:49:31.0968 4520 LiveUpdate - ok
09:49:32.0078 4520 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:49:32.0078 4520 LmHosts - ok
09:49:32.0203 4520 LMIGuardianSvc (850cc3ee0507654c40e1971982f4b698) C:\Program Files\LogMeIn\x86

\LMIGuardianSvc.exe
09:49:32.0218 4520 LMIGuardianSvc - ok
09:49:32.0234 4520 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
09:49:32.0234 4520 LMIInfo - ok
09:49:32.0265 4520 LMIMaint (47dc389d96a34debdf9c2c2555da2f01) C:\Program Files\LogMeIn\x86\RaMaint.exe
09:49:32.0265 4520 LMIMaint - ok
09:49:32.0281 4520 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
09:49:32.0281 4520 lmimirr - ok
09:49:32.0281 4520 LMIRfsClientNP - ok
09:49:32.0312 4520 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32

\drivers\LMIRfsDriver.sys
09:49:32.0312 4520 LMIRfsDriver - ok
09:49:32.0375 4520 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
09:49:32.0375 4520 LogMeIn - ok
09:49:32.0437 4520 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
09:49:32.0453 4520 LVRS - ok
09:49:32.0859 4520 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:49:32.0968 4520 LVUVC - ok
09:49:33.0125 4520 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:49:33.0125 4520 Messenger - ok
09:49:33.0171 4520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:49:33.0171 4520 mnmdd - ok
09:49:33.0203 4520 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:49:33.0203 4520 mnmsrvc - ok
09:49:33.0234 4520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:49:33.0234 4520 Modem - ok
09:49:33.0250 4520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:49:33.0250 4520 Mouclass - ok
09:49:33.0265 4520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:49:33.0281 4520 mouhid - ok
09:49:33.0312 4520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:49:33.0312 4520 MountMgr - ok
09:49:33.0359 4520 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
09:49:33.0359 4520 MQAC - ok
09:49:33.0359 4520 mraid35x - ok
09:49:33.0406 4520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:49:33.0406 4520 MRxDAV - ok
09:49:33.0468 4520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:49:33.0484 4520 MRxSmb - ok
09:49:33.0500 4520 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:49:33.0500 4520 MSDTC - ok
09:49:33.0531 4520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:49:33.0531 4520 Msfs - ok
09:49:33.0531 4520 MSIServer - ok
09:49:33.0562 4520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:33.0562 4520 MSKSSRV - ok
09:49:33.0578 4520 MSMQ (afb909b537aae1beae7bbdb6a36d40b0) C:\WINDOWS\system32\mqsvc.exe
09:49:33.0578 4520 MSMQ - ok
09:49:33.0593 4520 MSMQTriggers (7f955ff3b1bb93376ebe75d5accdc6db) C:\WINDOWS\system32\mqtgsvc.exe
09:49:33.0593 4520 MSMQTriggers - ok
09:49:33.0609 4520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:33.0609 4520 MSPCLOCK - ok
09:49:33.0625 4520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:49:33.0640 4520 MSPQM - ok
09:49:33.0671 4520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:33.0671 4520 mssmbios - ok
09:49:33.0703 4520 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
09:49:33.0703 4520 MSTEE - ok
09:49:33.0750 4520 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
09:49:33.0750 4520 msvad_simple - ok
09:49:33.0765 4520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:49:33.0765 4520 Mup - ok
09:49:33.0796 4520 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:49:33.0796 4520 NABTSFEC - ok
09:49:33.0843 4520 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:49:33.0859 4520 napagent - ok
09:49:34.0000 4520 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1

\20120509.032\NAVENG.SYS
09:49:34.0000 4520 NAVENG - ok
09:49:34.0171 4520 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1

\20120509.032\NAVEX15.SYS
09:49:34.0187 4520 NAVEX15 - ok
09:49:34.0375 4520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:49:34.0375 4520 NDIS - ok
09:49:34.0421 4520 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:49:34.0421 4520 NdisIP - ok
09:49:34.0453 4520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:34.0453 4520 NdisTapi - ok
09:49:34.0453 4520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:34.0453 4520 Ndisuio - ok
09:49:34.0484 4520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:34.0484 4520 NdisWan - ok
09:49:34.0515 4520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:49:34.0515 4520 NDProxy - ok
09:49:34.0546 4520 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
09:49:34.0546 4520 Net Driver HPZ12 - ok
09:49:34.0562 4520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:49:34.0578 4520 NetBIOS - ok
09:49:34.0593 4520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:34.0609 4520 NetBT - ok
09:49:34.0640 4520 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:49:34.0671 4520 NetDDE - ok
09:49:34.0671 4520 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:49:34.0671 4520 NetDDEdsdm - ok
09:49:34.0687 4520 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:34.0687 4520 Netlogon - ok
09:49:34.0718 4520 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:49:34.0718 4520 Netman - ok
09:49:34.0812 4520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae)

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:49:34.0812 4520 NetTcpPortSharing - ok
09:49:35.0000 4520 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:49:35.0031 4520 NETw4x32 - ok
09:49:35.0406 4520 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
09:49:35.0453 4520 NETw5x32 - ok
09:49:35.0546 4520 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:49:35.0546 4520 NIC1394 - ok
09:49:35.0609 4520 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:49:35.0609 4520 Nla - ok
09:49:35.0625 4520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:49:35.0625 4520 Npfs - ok
09:49:35.0671 4520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:49:35.0687 4520 Ntfs - ok
09:49:35.0718 4520 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:35.0718 4520 NtLmSsp - ok
09:49:35.0781 4520 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:49:35.0781 4520 NtmsSvc - ok
09:49:35.0796 4520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:49:35.0796 4520 Null - ok
09:49:35.0812 4520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:35.0828 4520 NwlnkFlt - ok
09:49:35.0843 4520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:35.0843 4520 NwlnkFwd - ok
09:49:36.0015 4520 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft

Shared\OFFICE12\ODSERV.EXE
09:49:36.0015 4520 odserv - ok
09:49:36.0046 4520 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:49:36.0046 4520 ohci1394 - ok
09:49:36.0125 4520 OKI OPHD DCS Loader (e9b4cfe9436308e579804819665ad1ab) C:\WINDOWS\System32

\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
09:49:36.0125 4520 OKI OPHD DCS Loader - ok
09:49:36.0171 4520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft

Shared\Source Engine\OSE.EXE
09:49:36.0171 4520 ose - ok
09:49:36.0203 4520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:49:36.0203 4520 Parport - ok
09:49:36.0203 4520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:49:36.0203 4520 PartMgr - ok
09:49:36.0234 4520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:49:36.0234 4520 ParVdm - ok
09:49:36.0296 4520 PCA (5eeb45f500e3e97153cb75723f8ca185) C:\WINDOWS\SMINST\PCAngel.exe
09:49:36.0296 4520 PCA - ok
09:49:36.0328 4520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:49:36.0328 4520 PCI - ok
09:49:36.0343 4520 PCIDump - ok
09:49:36.0375 4520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:49:36.0390 4520 PCIIde - ok
09:49:36.0390 4520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:49:36.0406 4520 Pcmcia - ok
09:49:36.0406 4520 PDCOMP - ok
09:49:36.0406 4520 PDFRAME - ok
09:49:36.0421 4520 PDRELI - ok
09:49:36.0421 4520 PDRFRAME - ok
09:49:36.0437 4520 perc2 - ok
09:49:36.0437 4520 perc2hib - ok
09:49:36.0484 4520 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:49:36.0484 4520 PlugPlay - ok
09:49:36.0531 4520 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
09:49:36.0531 4520 Pml Driver HPZ12 - ok
09:49:36.0562 4520 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:36.0562 4520 PolicyAgent - ok
09:49:36.0578 4520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:36.0593 4520 PptpMiniport - ok
09:49:36.0593 4520 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:36.0593 4520 ProtectedStorage - ok
09:49:36.0609 4520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:49:36.0609 4520 PSched - ok
09:49:36.0640 4520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:36.0640 4520 Ptilink - ok
09:49:36.0671 4520 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:49:36.0687 4520 PxHelp20 - ok
09:49:36.0687 4520 ql1080 - ok
09:49:36.0687 4520 Ql10wnt - ok
09:49:36.0703 4520 ql12160 - ok
09:49:36.0703 4520 ql1240 - ok
09:49:36.0718 4520 ql1280 - ok
09:49:36.0718 4520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:36.0718 4520 RasAcd - ok
09:49:36.0765 4520 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:49:36.0765 4520 RasAuto - ok
09:49:36.0781 4520 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:49:36.0781 4520 Rasirda - ok
09:49:36.0796 4520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:36.0796 4520 Rasl2tp - ok
09:49:36.0843 4520 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:49:36.0859 4520 RasMan - ok
09:49:36.0875 4520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:36.0875 4520 RasPppoe - ok
09:49:36.0906 4520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:36.0906 4520 Raspti - ok
09:49:36.0968 4520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:49:36.0968 4520 Rdbss - ok
09:49:37.0000 4520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:37.0000 4520 RDPCDD - ok
09:49:37.0031 4520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:49:37.0031 4520 rdpdr - ok
09:49:37.0078 4520 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:49:37.0078 4520 RDPWD - ok
09:49:37.0109 4520 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:49:37.0109 4520 RDSessMgr - ok
09:49:37.0125 4520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:37.0140 4520 redbook - ok
09:49:37.0171 4520 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:49:37.0171 4520 RemoteAccess - ok
09:49:37.0203 4520 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:49:37.0203 4520 RemoteRegistry - ok
09:49:37.0250 4520 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
09:49:37.0250 4520 RMCAST - ok
09:49:37.0296 4520 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:49:37.0296 4520 RpcLocator - ok
09:49:37.0343 4520 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:49:37.0343 4520 RpcSs - ok
09:49:37.0390 4520 RsvLock (0de27c94a562d0360fb520c42068cca0) C:\WINDOWS\system32\drivers\RsvLock.sys
09:49:37.0390 4520 RsvLock - ok
09:49:37.0437 4520 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:49:37.0437 4520 RSVP - ok
09:49:37.0468 4520 SafeBoot (4ccee8fcfe54262443bb348adb1f7f52) C:\WINDOWS\system32\drivers\SafeBoot.sys
09:49:37.0468 4520 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5:

4ccee8fcfe54262443bb348adb1f7f52
09:49:37.0468 4520 SafeBoot ( LockedFile.Multi.Generic ) - warning
09:49:37.0468 4520 SafeBoot - detected LockedFile.Multi.Generic (1)
09:49:37.0484 4520 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:37.0500 4520 SamSs - ok
09:49:37.0562 4520 SASDIFSV (39763504067962108505bff25f024345) C:\Program

Files\SUPERAntiSpyware\SASDIFSV.SYS
09:49:37.0562 4520 SASDIFSV - ok
09:49:37.0578 4520 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program

Files\SUPERAntiSpyware\SASKUTIL.SYS
09:49:37.0578 4520 SASKUTIL - ok
09:49:37.0609 4520 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys
09:49:37.0609 4520 SbAlg - ok
09:49:37.0640 4520 SbFsLock (df4a90b29b878e8cd95a1ac8f94ca954) C:\WINDOWS\system32\drivers\SbFsLock.sys
09:49:37.0640 4520 SbFsLock - ok
09:49:37.0671 4520 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:49:37.0703 4520 SCardSvr - ok
09:49:37.0734 4520 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:49:37.0750 4520 Schedule - ok
09:49:37.0843 4520 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search

Enhancement Pack\SeaPort\SeaPort.exe
09:49:37.0843 4520 SeaPort - ok
09:49:37.0875 4520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:37.0875 4520 Secdrv - ok
09:49:37.0890 4520 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:49:37.0890 4520 seclogon - ok
09:49:37.0906 4520 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:49:37.0906 4520 SENS - ok
09:49:37.0937 4520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:49:37.0937 4520 serenum - ok
09:49:37.0953 4520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:49:37.0953 4520 Serial - ok
09:49:38.0000 4520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:49:38.0000 4520 Sfloppy - ok
09:49:38.0062 4520 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:49:38.0062 4520 SharedAccess - ok
09:49:38.0093 4520 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:49:38.0093 4520 ShellHWDetection - ok
09:49:38.0109 4520 Simbad - ok
09:49:38.0140 4520 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:49:38.0140 4520 SLIP - ok
09:49:38.0171 4520 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
09:49:38.0171 4520 SMCIRDA - ok
09:49:38.0343 4520 SmcService (d0375ca98569065a51504187d22c1949) C:\Program Files\Symantec\Symantec

Endpoint Protection\Smc.exe
09:49:38.0359 4520 SmcService - ok
09:49:38.0406 4520 SNAC (612d1ecbf4f7351a29b9eb0fa6e5f56a) C:\Program Files\Symantec\Symantec

Endpoint Protection\SNAC.EXE
09:49:38.0406 4520 SNAC - ok
09:49:38.0546 4520 Sparrow - ok
09:49:38.0687 4520 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCDrv.sys
09:49:38.0687 4520 SPBBCDrv - ok
09:49:38.0718 4520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:49:38.0718 4520 splitter - ok
09:49:38.0765 4520 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:49:38.0765 4520 Spooler - ok
09:49:38.0781 4520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:49:38.0781 4520 sr - ok
09:49:38.0828 4520 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:49:38.0828 4520 srservice - ok
09:49:38.0875 4520 SRTSP (e217480cc878061d7603a8cdca06c188) C:\WINDOWS\system32\Drivers\SRTSP.SYS
09:49:38.0875 4520 SRTSP - ok
09:49:38.0921 4520 SRTSPL (cae71704badde6b0d5818acce20673ca) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
09:49:38.0921 4520 SRTSPL - ok
09:49:38.0953 4520 SRTSPX (be6f1ddde2ddab75225d83e6b03a2348) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
09:49:38.0953 4520 SRTSPX - ok
09:49:39.0000 4520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:49:39.0000 4520 Srv - ok
09:49:39.0031 4520 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:49:39.0031 4520 SSDPSRV - ok
09:49:39.0046 4520 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:49:39.0062 4520 StillCam - ok
09:49:39.0093 4520 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:49:39.0109 4520 stisvc - ok
09:49:39.0187 4520 stllssvr (b254b1434208f280edf3785613dcc41b) c:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
09:49:39.0203 4520 stllssvr - ok
09:49:39.0218 4520 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:49:39.0218 4520 streamip - ok
09:49:39.0234 4520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:39.0234 4520 swenum - ok
09:49:39.0265 4520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:49:39.0265 4520 swmidi - ok
09:49:39.0265 4520 SwPrv - ok
09:49:39.0531 4520 Symantec AntiVirus (ab135c5739d0ab8cbaaf1d4b23e3c259) C:\Program Files\Symantec\Symantec

Endpoint Protection\Rtvscan.exe
09:49:39.0546 4520 Symantec AntiVirus - ok
09:49:39.0687 4520 symc810 - ok
09:49:39.0687 4520 symc8xx - ok
09:49:39.0718 4520 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:49:39.0718 4520 SymEvent - ok
09:49:39.0750 4520 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:49:39.0750 4520 SYMREDRV - ok
09:49:39.0781 4520 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:49:39.0781 4520 SYMTDI - ok
09:49:39.0781 4520 sym_hi - ok
09:49:39.0796 4520 sym_u3 - ok
09:49:39.0843 4520 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:49:39.0843 4520 SynTP - ok
09:49:39.0890 4520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:49:39.0890 4520 sysaudio - ok
09:49:39.0937 4520 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:49:39.0937 4520 SysmonLog - ok
09:49:39.0984 4520 SysPlant (835ac2478eda93c43a3066a246251eda) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
09:49:39.0984 4520 SysPlant - ok
09:49:40.0031 4520 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:49:40.0031 4520 TapiSrv - ok
09:49:40.0078 4520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:40.0093 4520 Tcpip - ok
09:49:40.0109 4520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:40.0109 4520 TDPIPE - ok
09:49:40.0125 4520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:49:40.0140 4520 TDTCP - ok
09:49:40.0156 4520 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
09:49:40.0156 4520 Teefer2 - ok
09:49:40.0171 4520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:40.0171 4520 TermDD - ok
09:49:40.0218 4520 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:49:40.0218 4520 TermService - ok
09:49:40.0250 4520 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:49:40.0250 4520 Themes - ok
09:49:40.0281 4520 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:49:40.0281 4520 TlntSvr - ok
09:49:40.0296 4520 TosIde - ok
09:49:40.0312 4520 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:49:40.0312 4520 TrkWks - ok
09:49:40.0343 4520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:49:40.0343 4520 Udfs - ok
09:49:40.0359 4520 ultra - ok
09:49:40.0421 4520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:49:40.0421 4520 Update - ok
09:49:40.0437 4520 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:49:40.0453 4520 upnphost - ok
09:49:40.0468 4520 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:49:40.0468 4520 UPS - ok
09:49:40.0500 4520 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:49:40.0500 4520 USBAAPL - ok
09:49:40.0531 4520 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:49:40.0531 4520 usbaudio - ok
09:49:40.0562 4520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:49:40.0562 4520 usbccgp - ok
09:49:40.0578 4520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:40.0578 4520 usbehci - ok
09:49:40.0625 4520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:40.0625 4520 usbhub - ok
09:49:40.0656 4520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:49:40.0656 4520 usbprint - ok
09:49:40.0671 4520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:49:40.0671 4520 usbscan - ok
09:49:40.0703 4520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:40.0718 4520 USBSTOR - ok
09:49:40.0718 4520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:40.0718 4520 usbuhci - ok
09:49:40.0750 4520 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:49:40.0750 4520 usbvideo - ok
09:49:40.0765 4520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:49:40.0765 4520 VgaSave - ok
09:49:40.0781 4520 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:49:40.0781 4520 ViaIde - ok
09:49:40.0796 4520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:49:40.0796 4520 VolSnap - ok
09:49:40.0843 4520 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
09:49:40.0859 4520 vsdatant - ok
09:49:40.0906 4520 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:49:40.0906 4520 VSS - ok
09:49:40.0937 4520 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:49:40.0937 4520 W32Time - ok
09:49:40.0953 4520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:40.0953 4520 Wanarp - ok
09:49:41.0015 4520 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:49:41.0031 4520 Wdf01000 - ok
09:49:41.0031 4520 WDICA - ok
09:49:41.0062 4520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:49:41.0078 4520 wdmaud - ok
09:49:41.0093 4520 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:49:41.0093 4520 WebClient - ok
09:49:41.0203 4520 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:49:41.0203 4520 winmgmt - ok
09:49:41.0359 4520 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
09:49:41.0359 4520 WinVNC4 - ok
09:49:41.0671 4520 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLIDSVC.EXE
09:49:41.0687 4520 wlidsvc - ok
09:49:41.0828 4520 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:49:41.0843 4520 WmdmPmSN - ok
09:49:41.0906 4520 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:49:41.0921 4520 Wmi - ok
09:49:41.0968 4520 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:49:41.0968 4520 WmiAcpi - ok
09:49:42.0046 4520 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:49:42.0062 4520 WmiApSrv - ok
09:49:42.0156 4520 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media

Player\WMPNetwk.exe
09:49:42.0171 4520 WMPNetworkSvc - ok
09:49:42.0328 4520 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795)

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:49:42.0343 4520 WPFFontCache_v0400 - ok
09:49:42.0453 4520 WPS (4017e55ea0c71aff4f0f90fa97eb199f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
09:49:42.0453 4520 WPS - ok
09:49:42.0484 4520 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
09:49:42.0484 4520 WpsHelper - ok
09:49:42.0484 4520 wrmgu - ok
09:49:42.0531 4520 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:49:42.0531 4520 wscsvc - ok
09:49:42.0531 4520 WSearch - ok
09:49:42.0562 4520 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:49:42.0562 4520 WSTCODEC - ok
09:49:42.0578 4520 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:49:42.0578 4520 wuauserv - ok
09:49:42.0593 4520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:49:42.0609 4520 WudfPf - ok
09:49:42.0625 4520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:49:42.0625 4520 WudfRd - ok
09:49:42.0656 4520 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:49:42.0656 4520 WudfSvc - ok
09:49:42.0718 4520 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:49:42.0718 4520 WZCSVC - ok
09:49:42.0750 4520 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:49:42.0750 4520 xmlprov - ok
09:49:42.0781 4520 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
09:49:42.0968 4520 \Device\Harddisk0\DR0 - ok
09:49:42.0968 4520 Boot (0x1200) (2344cb0e84231330961575581046505a) \Device\Harddisk0\DR0\Partition0
09:49:42.0968 4520 \Device\Harddisk0\DR0\Partition0 - ok
09:49:42.0984 4520 Boot (0x1200) (2e11c834a4ade816dbc4239e6c727f84) \Device\Harddisk0\DR0\Partition1
09:49:42.0984 4520 \Device\Harddisk0\DR0\Partition1 - ok
09:49:42.0984 4520 ============================================================
09:49:42.0984 4520 Scan finished
09:49:42.0984 4520 ============================================================
09:49:43.0000 5592 Detected object count: 1
09:49:43.0000 5592 Actual detected object count: 1
09:50:17.0125 5592 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
09:50:17.0125 5592 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
09:50:57.0406 4148 Deinitialize success

ESETSCAN RESULTS
C:\Documents and Settings\rmurphy\Application Data\OpenCandy\OpenCandy_7DCB138F074D48B68E5097F8EBD98644\DLMgr_3_1.6.87.exe Win32/OpenCandy application deleted - quarantined

#4 Pizza and Pepsi

Pizza and Pepsi

  • Members
  • 277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CA
  • Local time:09:17 PM

Posted 10 May 2012 - 04:51 PM

There appears to be no infection, so I think that Norton AV may be causing the problem.

I want you to boot your computer into safe mode.

See this link for instructions :

Getting into Safe Mode



Tell me if the problem persists in safe mode.
Malware shall not pass!

#5 rxmurphy

rxmurphy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 10 May 2012 - 08:18 PM

Hi Pizza and Pepsi

Unfortunately I am unable to start my computer is safe mode. Its a work machine, perhaps they disabled that? I can get to the logon screen but my credentials do not work. I will see if I can get creds tomorrow.

Thanks

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 AM

Posted 10 May 2012 - 10:26 PM

Hello, this is not a malware issue and should be in the XP forum..

Try running SFC

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 rxmurphy

rxmurphy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 11 May 2012 - 05:31 AM

Hello Boopme

I appreciate all the help. I do not have the operating system CD to run SFC. This machine is so old I may be eligible for a new one. I will check at work, and if so that should hopefully solve the delays I experience.

Thanks again for everything so far!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users