Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXp Pro Slow startup (7 minutes) and Slow app start up (1 min 15 secs)


  • This topic is locked This topic is locked
23 replies to this topic

#1 Rob Groen

Rob Groen

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:27 AM

Posted 22 August 2012 - 02:02 AM

As requested by Noviciate on my earlier post here I started this post.

Problems

(Very) Slow start up of the system WinXP pro SP3
After power on it takes 2 minutes before I get the login window.
Then it takes 2,5 minutes (total 4,5 minutes)to get all the icons on the desktop
And than it takes a other 2,5 minutes (total 7 minutes) before all my icon (like the Windows security shield icon) in the task bar ar up and running.

Now when I start an application let's say Firefox, it takes 1 min 15 sec to launch. And a other 7 sec before any text I type in address window appears. Only the first character is printed and than 7 sec nothing is happening. Than the rest of the character are appears.

Chrome Plugin
Last week I had a Norman waring about a infected Chrome plugin while I launched the Chrome browser. This message is gone now. I did not install a new plug-in that could be the reason that warning.
I suppose that was the beginning of the problem (very slow)


GMER crashes the hole machine
As described in my earlier post the PC crashes with a blue screen of death (BSOD) while I was preparing to collect all the information for a perfect removal post.

Files attached
  • Attached the DDS log (dds.txt and attached.zip)
  • Combofix log


TNX for your help so far.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 23 August 2012 - 12:01 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do




Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 26 August 2012 - 01:35 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:27 AM

Posted 26 August 2012 - 04:35 AM

please don't close this post. I still need help.
I can access the machine with the probleem on monday, thusday and wendsday.
I planned to respons tomorrow first thijn in the morning (GTM +1)

TNX

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 26 August 2012 - 06:00 AM

no problem and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:27 AM

Posted 27 August 2012 - 03:24 AM

===================================================================
= Security Check log =
===================================================================
Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Norman Security Suite
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (14.0.)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````



===================================================================
= I want you to reset the DMA =
===================================================================
Done!
After running resetdma.vbs the systems asked to reboot. I did.


===================================================================
= The Combofix Log =
===================================================================


ComboFix 12-08-25.04 - Algemeen 27-08-2012 9:18.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2814.2219 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Algemeen\Bureaublad\ComboFix.exe
AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-27 to 2012-08-27 ))))))))))))))))))))))))))))))
.
.
2012-08-13 10:41 . 2012-08-13 10:41 -------- d-----w- c:\documents and settings\Algemeen\Application Data\Malwarebytes
2012-08-13 10:41 . 2012-08-13 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-13 09:42 . 2012-08-13 09:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 09:55 . 2012-07-31 09:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-31 09:55 . 2012-07-31 09:55 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 06:54 . 2012-04-10 06:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 06:54 . 2011-07-05 12:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 09:55 . 2011-06-27 13:34 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-06-24 11:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:23 . 2006-03-02 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-27 12:42 . 2009-06-24 12:21 46816 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:49 . 2008-04-14 17:02 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-06-24 11:32 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-06-24 11:32 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-06-24 11:32 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-06-24 11:32 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-06-24 11:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-06-24 11:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-06-24 11:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-10-16 12:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-10-19 09:13 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-10-19 09:13 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-06 17:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-07-19 09:22 . 2011-05-03 06:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_07.26.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-27 07:29 . 2012-08-27 07:29 16384 c:\windows\Temp\Perflib_Perfdata_d10.dat
+ 2012-08-27 07:30 . 2012-08-27 07:30 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
+ 2011-04-22 12:26 . 2011-04-22 12:26 688128 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B7449A0500000010\9.5.0\JP2KLib.dll
+ 2009-01-18 15:00 . 2009-01-18 15:00 598016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B7449A0500000010\9.5.0\AXSLE.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B7449A0500000010\9.5.0\adobearmhelper.exe
+ 2012-01-02 09:07 . 2012-01-02 09:07 843712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B7449A0500000010\9.5.0\adobearm.exe
+ 2012-07-31 16:18 . 2012-07-31 16:18 5018624 c:\windows\Installer\158b76d.msp
+ 2011-01-30 20:16 . 2011-01-30 20:16 5713408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B7449A0500000010\9.5.0\AGM.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Workrave"="c:\program files\Workrave\lib\workrave.exe" [2011-03-24 3871246]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-23 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-23 13881448]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Algemeen^Menu Start^Programma's^Opstarten^OpenOffice.org 3.3 .lnk]
path=c:\documents and settings\Algemeen\Menu Start\Programma's\Opstarten\OpenOffice.org 3.3 .lnk
backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Algemeen^Menu Start^Programma's^Opstarten^OpenOffice.org 3.4.lnk]
path=c:\documents and settings\Algemeen\Menu Start\Programma's\Opstarten\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SnelStart\\V900\\SnelStart.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Temp\\HIW\\stInstall.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FTP server
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [24-6-2009 14:21 46816]
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [27-8-2010 8:17 26744]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [27-8-2010 8:17 91136]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [17-1-2012 10:45 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [17-1-2012 10:43 91440]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\ndiskio.sys [16-10-2009 10:31 22880]
R2 NHS;Norman Hash Server;c:\program files\Norman\nvc\bin\nhs.exe [12-6-2012 8:46 793520]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [4-2-2011 15:03 196912]
R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [27-8-2010 8:17 231216]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [27-8-2010 8:17 90144]
R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [27-8-2010 8:17 61496]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [24-6-2009 14:53 100936]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\nsesvc.exe [27-8-2012 8:46 288104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [13-6-2012 12:04 119272]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [24-6-2009 14:53 99312]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19-12-2011 15:12 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [19-12-2011 15:11 116016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10-4-2012 8:47 250056]
S3 FXDrv32;FXDrv32;c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [24-6-2009 13:42 23872]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2-5-2012 8:52 113120]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\nvcoas.exe [4-7-2012 14:24 287312]
S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE --> c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [?]
S3 xre3.sys;xre3.sys;\??\c:\windows\system32\drivers\xre3.sys --> c:\windows\system32\drivers\xre3.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 06:54]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-227704595-3746286980-2994666782-1153Core.job
- c:\documents and settings\Algemeen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 06:47]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-227704595-3746286980-2994666782-1153UA.job
- c:\documents and settings\Algemeen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 06:47]
.
2012-08-27 c:\windows\Tasks\User_Feed_Synchronization-{4E37B250-C34F-40FC-8891-793056F2A2F2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.1
FF - ProfilePath - c:\documents and settings\Algemeen\Application Data\Mozilla\Firefox\Profiles\xrja780v.default\
FF - prefs.js: network.proxy.ftp - 109.238.238.242
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 109.238.238.242
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 109.238.238.242
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 109.238.238.242
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 109.238.238.242
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
------- Bestandsassociaties -------
.
.reg=Regedit.Document
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-27 09:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3164)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Norman\Npm\Bin\Elogsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-27 09:34:34 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-27 07:34
ComboFix2.txt 2012-08-20 07:32
ComboFix3.txt 2012-08-13 10:25
.
Pre-Run: 958.614.761.472 bytes beschikbaar
Post-Run: 958.675.988.480 bytes beschikbaar
.
- - End Of File - - E6BE787C91380FFF5BC7818E53F25550


===================================================================
= let me know of any problems you may have had =
===================================================================
No problems while following the steps in your advice.


===================================================================
= How is the computer doing now? =
===================================================================
Here are the startup times after a reboot:
  • Ctrl-Ald-Del window : 40 secs
  • Login window : 40,5 secs
  • Desktop Icons : 2:30
  • Taskbar Icons
  • -- Security Suite icon : 3:06 sec
  • -- Network icon : 3:30 sec
  • -- Norman icon : 4:25 sec

Application like Firefox and Chrome launches fast in just 1 or 2 secs.
There is still an issue while typing tekst in the FireFox Google search flied (richt top in the menu bar).
  • Immediately after lauche it takes 3 sec befor characters appear.
  • When Firefox is runnen a while everyting go's fast.
  • Sometimes input in Google search field stucks for a few secs (2-3 secs) before characters appear.

I looks like we (you) are getting somewhere. It's not perfect yet but it's a good start.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 27 August 2012 - 03:33 AM

Greetings

Lets run this now.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
c:\windows\ServicePackFiles\i386\atapi.sys c:\windows\system32\drivers\atapi.sys
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:27 AM

Posted 27 August 2012 - 03:56 AM

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\atapi.sys", destinationFile = "\??\c:\windows\system32\drivers\atapi.sys"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 27 August 2012 - 04:01 AM

please rerun combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:27 AM

Posted 27 August 2012 - 04:22 AM

ComboFix 12-08-25.04 - Algemeen 27-08-2012 11:07:43.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2814.2148 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Algemeen\Bureaublad\ComboFix.exe
AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-27 to 2012-08-27 ))))))))))))))))))))))))))))))
.
.
2012-08-27 08:49 . 2012-08-27 08:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-27 08:37 . 2012-08-27 08:37 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-13 10:41 . 2012-08-13 10:41 -------- d-----w- c:\documents and settings\Algemeen\Application Data\Malwarebytes
2012-08-13 10:41 . 2012-08-13 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-13 09:42 . 2012-08-13 09:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 09:55 . 2012-08-27 08:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-31 09:55 . 2012-07-31 09:55 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 08:54 . 2006-03-02 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2012-08-27 08:49 . 2011-06-27 13:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 06:54 . 2012-04-10 06:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 06:54 . 2011-07-05 12:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-06-24 11:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:23 . 2006-03-02 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-27 12:42 . 2009-06-24 12:21 46816 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:49 . 2008-04-14 17:02 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-06-24 11:32 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-06-24 11:32 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-06-24 11:32 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-06-24 11:32 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-06-24 11:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-06-24 11:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-06-24 11:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-10-16 12:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-10-19 09:13 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-10-19 09:13 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-06 17:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-07-19 09:22 . 2011-05-03 06:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-27 08:54 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_07.26.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-27 09:19 . 2012-08-27 09:19 16384 c:\windows\Temp\Perflib_Perfdata_f08.dat
+ 2012-08-27 09:19 . 2012-08-27 09:19 16384 c:\windows\Temp\Perflib_Perfdata_258.dat
+ 2012-08-27 08:49 . 2012-08-27 08:49 246760 c:\windows\system32\javaws.exe
+ 2012-07-31 09:55 . 2012-08-27 08:49 174056 c:\windows\system32\javaw.exe
+ 2012-07-31 09:55 . 2012-08-27 08:49 174056 c:\windows\system32\java.exe
+ 2012-08-27 08:50 . 2012-08-27 08:50 176128 c:\windows\Installer\2899d0.msi
+ 2012-08-27 08:49 . 2012-08-27 08:49 873984 c:\windows\Installer\2899c2.msi
+ 2012-08-27 08:37 . 2012-08-27 08:37 2309120 c:\windows\Installer\17c097.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Workrave"="c:\program files\Workrave\lib\workrave.exe" [2011-03-24 3871246]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-23 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-23 13881448]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Algemeen^Menu Start^Programma's^Opstarten^OpenOffice.org 3.3 .lnk]
path=c:\documents and settings\Algemeen\Menu Start\Programma's\Opstarten\OpenOffice.org 3.3 .lnk
backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Algemeen^Menu Start^Programma's^Opstarten^OpenOffice.org 3.4.lnk]
path=c:\documents and settings\Algemeen\Menu Start\Programma's\Opstarten\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SnelStart\\V900\\SnelStart.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Temp\\HIW\\stInstall.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FTP server
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [24-6-2009 14:21 46816]
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [27-8-2010 8:17 26744]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [27-8-2010 8:17 91136]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [17-1-2012 10:45 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [17-1-2012 10:43 91440]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\ndiskio.sys [16-10-2009 10:31 22880]
R2 NHS;Norman Hash Server;c:\program files\Norman\nvc\bin\nhs.exe [12-6-2012 8:46 793520]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [4-2-2011 15:03 196912]
R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [27-8-2010 8:17 231216]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [27-8-2010 8:17 90144]
R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [27-8-2010 8:17 61496]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [24-6-2009 14:53 100936]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\nsesvc.exe [27-8-2012 8:46 288104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [13-6-2012 12:04 119272]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [24-6-2009 14:53 99312]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19-12-2011 15:12 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [19-12-2011 15:11 116016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10-4-2012 8:47 250056]
S3 FXDrv32;FXDrv32;c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [24-6-2009 13:42 23872]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2-5-2012 8:52 113120]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\nvcoas.exe [4-7-2012 14:24 287312]
S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE --> c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [?]
S3 xre3.sys;xre3.sys;\??\c:\windows\system32\drivers\xre3.sys --> c:\windows\system32\drivers\xre3.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 06:54]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-227704595-3746286980-2994666782-1153Core.job
- c:\documents and settings\Algemeen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 06:47]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-227704595-3746286980-2994666782-1153UA.job
- c:\documents and settings\Algemeen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 06:47]
.
2012-08-27 c:\windows\Tasks\User_Feed_Synchronization-{4E37B250-C34F-40FC-8891-793056F2A2F2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.1
FF - ProfilePath - c:\documents and settings\Algemeen\Application Data\Mozilla\Firefox\Profiles\xrja780v.default\
FF - prefs.js: network.proxy.ftp - 109.238.238.242
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 109.238.238.242
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 109.238.238.242
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 109.238.238.242
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 109.238.238.242
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-27 11:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3468)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Norman\Npm\Bin\Elogsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-27 11:22:29 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-27 09:22
ComboFix2.txt 2012-08-27 07:34
ComboFix3.txt 2012-08-20 07:32
ComboFix4.txt 2012-08-13 10:25
.
Pre-Run: 958.205.992.960 bytes beschikbaar
Post-Run: 958.197.784.576 bytes beschikbaar
.
- - End Of File - - 9A632EC2F60E47B9284E37C48DEBD6DE

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 27 August 2012 - 04:23 AM

HelpAsst_mebroot_fix

  • Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
  • Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

    • helpasst -mbrt
  • Make sure you leave a space between helpasst and -mbrt !
  • When it completes, a log will open.
  • Please post the contents of that log.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:27 AM

Posted 27 August 2012 - 04:43 AM

While running HelpAsst_mebroot_fix.exe from the desktop I didn't get the question to run mbr -f HelpAsst_mebroot_fix.exe ended without an OK message.


C:\Documents and Settings\Algemeen\Bureaublad\HelpAsst_mebroot_fix.exe
ma 27-08-2012 at 11:28:19,82

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on ma 27-08-2012 at 11:41:45,14

Account actief Nee
Lidmaatschap lokale groep

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services


~~ EOF ~~

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 27 August 2012 - 07:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Rob Groen

Rob Groen
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Alphen a/d RIjn
  • Local time:04:27 AM

Posted 27 August 2012 - 08:39 AM

=======================================================================
= I got 3 TDSSkliier logs
= Here is nubmer 1
=======================================================================

14:54:34.0437 2364 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:54:34.0843 2364 ============================================================
14:54:34.0843 2364 Current date / time: 2012/08/27 14:54:34.0843
14:54:34.0843 2364 SystemInfo:
14:54:34.0843 2364
14:54:34.0843 2364 OS Version: 5.1.2600 ServicePack: 3.0
14:54:34.0843 2364 Product type: Workstation
14:54:34.0843 2364 ComputerName: PC3
14:54:34.0843 2364 UserName: Algemeen
14:54:34.0843 2364 Windows directory: C:\WINDOWS
14:54:34.0843 2364 System windows directory: C:\WINDOWS
14:54:34.0843 2364 Processor architecture: Intel x86
14:54:34.0843 2364 Number of processors: 4
14:54:34.0843 2364 Page size: 0x1000
14:54:34.0843 2364 Boot type: Normal boot
14:54:34.0843 2364 ============================================================
14:54:52.0864 2364 BG loaded
14:54:54.0299 2364 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:54:54.0311 2364 ============================================================
14:54:54.0311 2364 \Device\Harddisk0\DR0:
14:55:00.0965 2364 MBR partitions:
14:55:00.0965 2364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
14:55:00.0965 2364 ============================================================
14:55:01.0000 2364 C: <-> \Device\Harddisk0\DR0\Partition1
14:55:01.0000 2364 ============================================================
14:55:01.0000 2364 Initialize success
14:55:01.0000 2364 ============================================================
14:55:05.0142 3672 ============================================================
14:55:05.0142 3672 Scan started
14:55:05.0142 3672 Mode: Manual;
14:55:05.0142 3672 ============================================================
14:55:13.0035 3672 ================ Scan system memory ========================
14:55:21.0008 3672 System memory - ok
14:55:21.0019 3672 ================ Scan services =============================
14:55:36.0329 3672 Abiosdsk - ok
14:55:36.0329 3672 abp480n5 - ok
14:55:36.0364 3672 [ 02273A448BA21A7D447DAEB47810D40C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:55:36.0364 3672 ACPI - ok
14:55:36.0387 3672 [ 63F517B1A87DABF3F5ACB8A7952FC1D1 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:55:36.0387 3672 ACPIEC - ok
14:55:36.0434 3672 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:55:36.0445 3672 AdobeFlashPlayerUpdateSvc - ok
14:55:36.0445 3672 adpu160m - ok
14:55:36.0491 3672 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:55:36.0491 3672 aec - ok
14:55:36.0503 3672 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:55:36.0503 3672 AFD - ok
14:55:36.0503 3672 Aha154x - ok
14:55:36.0503 3672 aic78u2 - ok
14:55:36.0515 3672 aic78xx - ok
14:55:36.0619 3672 [ 8BED67D13DCB55B3E9FF6DAC4C6D3B49 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:55:36.0677 3672 Alerter - ok
14:55:36.0711 3672 [ DAB2A89FDE5CF791161200D90C1BCB12 ] ALG C:\WINDOWS\System32\alg.exe
14:55:36.0711 3672 ALG - ok
14:55:36.0723 3672 AliIde - ok
14:55:36.0723 3672 amsint - ok
14:55:36.0758 3672 [ 434A70FA278EB3C42140E3755C2FA4F8 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:55:36.0758 3672 AppMgmt - ok
14:55:36.0769 3672 asc - ok
14:55:36.0769 3672 asc3350p - ok
14:55:36.0769 3672 asc3550 - ok
14:55:36.0896 3672 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:55:36.0896 3672 aspnet_state - ok
14:55:36.0931 3672 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:55:36.0931 3672 AsyncMac - ok
14:55:36.0943 3672 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:55:36.0943 3672 atapi - ok
14:55:36.0954 3672 Atdisk - ok
14:55:37.0151 3672 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:55:37.0151 3672 Atmarpc - ok
14:55:37.0186 3672 [ F10745ED3195360E69AA4A6E7768C0E0 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:55:37.0186 3672 AudioSrv - ok
14:55:37.0197 3672 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:55:37.0197 3672 audstub - ok
14:55:37.0221 3672 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:55:37.0221 3672 Beep - ok
14:55:37.0244 3672 [ 5C0073A51C4873430FA8B262E92183FF ] BITS C:\WINDOWS\system32\qmgr.dll
14:55:37.0244 3672 BITS - ok
14:55:37.0371 3672 [ 139102D1865D3C1F152A25ABD16242DB ] Browser C:\WINDOWS\System32\browser.dll
14:55:37.0371 3672 Browser - ok
14:55:37.0371 3672 catchme - ok
14:55:37.0487 3672 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:55:37.0487 3672 cbidf2k - ok
14:55:37.0487 3672 cd20xrnt - ok
14:55:37.0521 3672 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:55:37.0521 3672 Cdaudio - ok
14:55:37.0521 3672 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:55:37.0521 3672 Cdfs - ok
14:55:37.0533 3672 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:55:37.0533 3672 Cdrom - ok
14:55:37.0533 3672 Changer - ok
14:55:37.0545 3672 [ BD85400700B80FBE3D4A3412BCE74861 ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:55:37.0545 3672 CiSvc - ok
14:55:37.0602 3672 [ 4FB6108130829666C8FE96B442FEAD94 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:55:37.0602 3672 ClipSrv - ok
14:55:37.0626 3672 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:55:37.0637 3672 clr_optimization_v2.0.50727_32 - ok
14:55:37.0637 3672 CmdIde - ok
14:55:37.0637 3672 COMSysApp - ok
14:55:37.0649 3672 Cpqarray - ok
14:55:37.0660 3672 [ 0A9CF5D3CF63A8699F28C814EF821C7E ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:55:37.0660 3672 CryptSvc - ok
14:55:37.0660 3672 dac2w2k - ok
14:55:37.0660 3672 dac960nt - ok
14:55:37.0695 3672 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:55:37.0707 3672 DcomLaunch - ok
14:55:37.0730 3672 [ 146AB038F5DBB366122D28444999AB2C ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:55:37.0730 3672 Dhcp - ok
14:55:37.0730 3672 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:55:37.0730 3672 Disk - ok
14:55:37.0730 3672 dmadmin - ok
14:55:37.0788 3672 [ DEC123E0C75971D0CC7A6C6A75E28429 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:55:37.0845 3672 dmboot - ok
14:55:37.0845 3672 [ 7268E66259722F6228C730685B201092 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:55:37.0857 3672 dmio - ok
14:55:37.0869 3672 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:55:37.0869 3672 dmload - ok
14:55:37.0903 3672 [ 127DB74184E2D3D31655DA525A5EFDE1 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:55:37.0903 3672 dmserver - ok
14:55:37.0926 3672 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:55:37.0926 3672 DMusic - ok
14:55:37.0950 3672 [ DE6CDB6CBC5C27B9085CFA6DFE8E5025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:55:37.0950 3672 Dnscache - ok
14:55:37.0973 3672 [ 90EE765E1A598B578852901F74F914F1 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:55:37.0996 3672 Dot3svc - ok
14:55:37.0996 3672 dpti2o - ok
14:55:38.0019 3672 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:55:38.0019 3672 drmkaud - ok
14:55:38.0123 3672 [ E6BBDEBF7081899D161C773E8D84D015 ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:55:38.0135 3672 EapHost - ok
14:55:38.0343 3672 [ 05CC05C83EFAE4E98EEAE223DC22234F ] eLoggerSvc6 C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
14:55:38.0343 3672 eLoggerSvc6 - ok
14:55:38.0355 3672 [ 2F5C7F650B7AF178988946EE4B0D9C01 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:55:38.0355 3672 ERSvc - ok
14:55:38.0389 3672 [ 657B69389B893F440B07590C9E963F23 ] Eventlog C:\WINDOWS\system32\services.exe
14:55:38.0389 3672 Eventlog - ok
14:55:38.0447 3672 [ 97912DC0679D2DA60CCE589BBC196D72 ] EventSystem C:\WINDOWS\system32\es.dll
14:55:38.0447 3672 EventSystem - ok
14:55:38.0482 3672 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:55:38.0540 3672 Fastfat - ok
14:55:38.0563 3672 [ 2D5D4156292150FE571872C1B88E9299 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:55:38.0563 3672 FastUserSwitchingCompatibility - ok
14:55:38.0598 3672 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:55:38.0609 3672 Fdc - ok
14:55:38.0621 3672 [ 8BFFFB5AC954E19DFDB96D56512AA518 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:55:38.0621 3672 Fips - ok
14:55:38.0644 3672 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:55:38.0644 3672 Flpydisk - ok
14:55:38.0679 3672 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:55:38.0702 3672 FltMgr - ok
14:55:38.0760 3672 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:55:38.0771 3672 FontCache3.0.0.0 - ok
14:55:38.0794 3672 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:55:38.0794 3672 Fs_Rec - ok
14:55:38.0806 3672 [ FA8CA22E70245C81FF29C36AF56292FC ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:55:38.0817 3672 Ftdisk - ok
14:55:38.0875 3672 [ 4A2AC19279FD593D30C7CA52CB450BCA ] FXDrv32 C:\PROGRA~1\FOXCONN\FOXLIV~1\FXDrv32.sys
14:55:38.0887 3672 FXDrv32 - ok
14:55:38.0898 3672 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:55:38.0898 3672 Gpc - ok
14:55:38.0910 3672 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:55:38.0910 3672 HDAudBus - ok
14:55:38.0945 3672 [ 5327BAD9B35C33D2A64B64E4CF282ECD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:55:38.0945 3672 helpsvc - ok
14:55:38.0956 3672 [ 10003105AAB8D5A7DB51A9CB3D9F55A3 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:55:38.0956 3672 HidServ - ok
14:55:38.0968 3672 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:55:38.0968 3672 hidusb - ok
14:55:39.0014 3672 [ 1FF903FFA2DA1704E5A5443D37D8E49E ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:55:39.0014 3672 hkmsvc - ok
14:55:39.0014 3672 hpn - ok
14:55:39.0037 3672 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:55:39.0037 3672 HTTP - ok
14:55:39.0049 3672 [ 2529C7BA05242BEED0027F554D0513BB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:55:39.0049 3672 HTTPFilter - ok
14:55:39.0049 3672 i2omgmt - ok
14:55:39.0049 3672 i2omp - ok
14:55:39.0049 3672 [ C43372D0682F8E32E4EC21117E089EC0 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:55:39.0060 3672 i8042prt - ok
14:55:39.0118 3672 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:55:39.0118 3672 IDriverT - ok
14:55:39.0141 3672 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:55:39.0165 3672 idsvc - ok
14:55:39.0176 3672 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:55:39.0176 3672 Imapi - ok
14:55:39.0246 3672 [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
14:55:39.0257 3672 Imapi Helper - ok
14:55:39.0292 3672 [ A117772F94C854DE5D1BBC1F1962B192 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:55:39.0292 3672 ImapiService - ok
14:55:39.0292 3672 ini910u - ok
14:55:39.0385 3672 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:55:39.0408 3672 IntcAzAudAddService - ok
14:55:39.0408 3672 IntelIde - ok
14:55:39.0431 3672 [ 2D2254FAC267E6B1C7865E8EBEF60C6D ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:55:39.0431 3672 intelppm - ok
14:55:39.0442 3672 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:55:39.0442 3672 Ip6Fw - ok
14:55:39.0466 3672 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:55:39.0466 3672 IpFilterDriver - ok
14:55:39.0489 3672 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:55:39.0489 3672 IpInIp - ok
14:55:39.0489 3672 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:55:39.0489 3672 IpNat - ok
14:55:39.0500 3672 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:55:39.0512 3672 IPSec - ok
14:55:39.0523 3672 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:55:39.0523 3672 irda - ok
14:55:39.0535 3672 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:55:39.0535 3672 IRENUM - ok
14:55:39.0535 3672 [ 44B0D4C4A7696B901EBCB50E67EC2489 ] Irmon C:\WINDOWS\System32\irmon.dll
14:55:39.0535 3672 Irmon - ok
14:55:39.0547 3672 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
14:55:39.0547 3672 irsir - ok
14:55:39.0558 3672 [ 0B78E1A31340E1FB1E389D5633F7C3A0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:55:39.0558 3672 isapnp - ok
14:55:39.0697 3672 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:55:39.0697 3672 JavaQuickStarterService - ok
14:55:39.0697 3672 [ 380397621E94B32C744E7B2CC1330390 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:55:39.0697 3672 Kbdclass - ok
14:55:39.0720 3672 [ B833B70FE639F01FB36CEDABE57EF031 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:55:39.0720 3672 kbdhid - ok
14:55:39.0732 3672 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:55:39.0732 3672 kmixer - ok
14:55:39.0743 3672 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:55:39.0743 3672 KSecDD - ok
14:55:39.0766 3672 [ C7955E7EDAEA462D04F1C4BE1D340372 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:55:39.0766 3672 lanmanserver - ok
14:55:39.0801 3672 [ A936A575EAF6DCE8DC08BC0C53972ADD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:55:39.0801 3672 lanmanworkstation - ok
14:55:39.0801 3672 lbrtfdc - ok
14:55:39.0824 3672 [ 91AE20C5C2776C511994AA1308C05283 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:55:39.0824 3672 LmHosts - ok
14:55:39.0836 3672 [ C56A45A03DCA11712DE9FDF98224230B ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:55:39.0836 3672 Messenger - ok
14:55:39.0859 3672 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:55:39.0859 3672 mnmdd - ok
14:55:39.0871 3672 [ 5B1D994DCF1895AFA27600E46A2F0FEA ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:55:39.0882 3672 mnmsrvc - ok
14:55:39.0894 3672 [ 8114EEAC353F549331AB73E9AF4219ED ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:55:39.0917 3672 Modem - ok
14:55:39.0917 3672 [ 1A4E2214DD63E4A876463D3427EE8261 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:55:39.0928 3672 Mouclass - ok
14:55:40.0009 3672 [ 18017899254E01371E1A39754D6BF98C ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:55:40.0009 3672 mouhid - ok
14:55:40.0009 3672 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:55:40.0009 3672 MountMgr - ok
14:55:40.0067 3672 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:55:40.0079 3672 MozillaMaintenance - ok
14:55:40.0079 3672 mraid35x - ok
14:55:40.0090 3672 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:55:40.0090 3672 MRxDAV - ok
14:55:40.0125 3672 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:55:40.0125 3672 MRxSmb - ok
14:55:40.0148 3672 [ 21EA21984D7D1AD50DB2E627020AB14C ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:55:40.0148 3672 MSDTC - ok
14:55:40.0160 3672 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:55:40.0160 3672 Msfs - ok
14:55:40.0160 3672 MSIServer - ok
14:55:40.0171 3672 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:55:40.0171 3672 MSKSSRV - ok
14:55:40.0206 3672 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:55:40.0218 3672 MSPCLOCK - ok
14:55:40.0241 3672 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:55:40.0241 3672 MSPQM - ok
14:55:40.0264 3672 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:55:40.0264 3672 mssmbios - ok
14:55:40.0276 3672 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:55:40.0299 3672 Mup - ok
14:55:40.0322 3672 MySQL - ok
14:55:40.0357 3672 [ 87E394C810794D3C70CF22E8316CB23E ] napagent C:\WINDOWS\System32\qagentrt.dll
14:55:40.0357 3672 napagent - ok
14:55:40.0380 3672 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:55:40.0380 3672 NDIS - ok
14:55:40.0449 3672 [ 725123F7AEBFEF717E3F26B25B149D7A ] Ndiskio C:\Program Files\Norman\Nse\bin\NDISKIO.SYS
14:55:40.0449 3672 Ndiskio - ok
14:55:40.0449 3672 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:55:40.0449 3672 NdisTapi - ok
14:55:40.0472 3672 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:55:40.0472 3672 Ndisuio - ok
14:55:40.0472 3672 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:55:40.0472 3672 NdisWan - ok
14:55:40.0484 3672 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:55:40.0484 3672 NDProxy - ok
14:55:40.0484 3672 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:55:40.0484 3672 NetBIOS - ok
14:55:40.0507 3672 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:55:40.0507 3672 NetBT - ok
14:55:40.0519 3672 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDE C:\WINDOWS\system32\netdde.exe
14:55:40.0530 3672 NetDDE - ok
14:55:40.0542 3672 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:55:40.0542 3672 NetDDEdsdm - ok
14:55:40.0553 3672 [ 8754210A3399D19610CE2D71E0C3E5D9 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:55:40.0553 3672 Netlogon - ok
14:55:40.0565 3672 [ 5431FB616ECAE0D587C5B97D0B86CBD8 ] Netman C:\WINDOWS\System32\netman.dll
14:55:40.0565 3672 Netman - ok
14:55:40.0623 3672 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:55:40.0623 3672 NetTcpPortSharing - ok
14:55:40.0657 3672 [ 0D439F6337ADC15B1393060D108CA8D8 ] NGS c:\program files\norman\ngs\bin\ngs.sys
14:55:40.0657 3672 NGS - ok
14:55:40.0750 3672 [ AF6AF4685FBA9EF80589B688C231CBAA ] NHS C:\Program Files\Norman\Nvc\bin\nhs.exe
14:55:40.0750 3672 NHS - ok
14:55:40.0808 3672 [ D3CC53C6E1189E914873775C5B8B56AF ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
14:55:40.0808 3672 NitroReaderDriverReadSpool - ok
14:55:40.0843 3672 [ 4522CBE00A9E9EEE36AA82ED4B319148 ] Nla C:\WINDOWS\System32\mswsock.dll
14:55:40.0843 3672 Nla - ok
14:55:40.0866 3672 [ EFB8638C018CD428B9DD78B7F89E2FAF ] NNFSVC C:\Program Files\Norman\Ngs\Bin\Nnf.exe
14:55:40.0866 3672 NNFSVC - ok
14:55:40.0877 3672 [ C4D2D678F08F11F0EDB3BB4E89CE2B7A ] Norman NJeeves C:\Program Files\Norman\Npm\Bin\Njeeves.exe
14:55:40.0889 3672 Norman NJeeves - ok
14:55:40.0912 3672 [ 88CA218696CF13B260DB003787AB65AE ] Norman ZANDA C:\Program Files\Norman\Npm\Bin\Zanda.exe
14:55:40.0912 3672 Norman ZANDA - ok
14:55:40.0924 3672 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:55:40.0924 3672 Npfs - ok
14:55:40.0958 3672 [ 0FDDFE0CF41B5EB87689E465E34DDD18 ] NPROSEC C:\Program Files\Norman\Ngs\Bin\nprosec.sys
14:55:40.0958 3672 NPROSEC - ok
14:55:40.0958 3672 [ A7C274DAB79D0F50BD4202A678684A71 ] NPROSECSVC C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
14:55:40.0958 3672 NPROSECSVC - ok
14:55:40.0981 3672 [ 82A058999D0CFB5C285FC22856E235C2 ] nregsec C:\Program Files\Norman\Ngs\Bin\nregsec.sys
14:55:40.0981 3672 nregsec - ok
14:55:41.0028 3672 [ 8634779EC283D55EEAFA9101733C6E93 ] nsesvc C:\Program Files\Norman\nse\bin\NSESVC.EXE
14:55:41.0028 3672 nsesvc - ok
14:55:41.0282 3672 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:55:41.0305 3672 Ntfs - ok
14:55:41.0305 3672 [ 8754210A3399D19610CE2D71E0C3E5D9 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:55:41.0317 3672 NtLmSsp - ok
14:55:41.0340 3672 [ AC1A78237B53044735693633F8235468 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:55:41.0352 3672 NtmsSvc - ok
14:55:41.0352 3672 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:55:41.0352 3672 Null - ok
14:55:41.0549 3672 [ 231E377E60A96B53C169C5E04AC0A67A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:55:41.0583 3672 nv - ok
14:55:41.0618 3672 [ 1E41D6EA5DD8799BA0D442B1D73F4060 ] NvcMFlt C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
14:55:41.0618 3672 NvcMFlt - ok
14:55:41.0676 3672 [ FF04B683F1260468789804C95077E1D4 ] nvcoas C:\Program Files\Norman\Nvc\bin\nvcoas.exe
14:55:41.0699 3672 nvcoas - ok
14:55:41.0699 3672 NVCScheduler - ok
14:55:41.0734 3672 [ E10AACC565E0A8B76AC4FB912343D38E ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
14:55:41.0745 3672 NVHDA - ok
14:55:41.0780 3672 [ 98CDB972FD946B904CD1C6D5ECF2E878 ] NVOY C:\Program Files\Norman\npm\bin\nvoy.exe
14:55:41.0780 3672 NVOY - ok
14:55:41.0954 3672 [ A1D291A173A68C332678DDF3FC38D85B ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
14:55:41.0965 3672 NVSvc - ok
14:55:42.0046 3672 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:55:42.0046 3672 NwlnkFlt - ok
14:55:42.0058 3672 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:55:42.0058 3672 NwlnkFwd - ok
14:55:42.0127 3672 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:55:42.0150 3672 odserv - ok
14:55:42.0185 3672 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:55:42.0208 3672 ose - ok
14:55:42.0231 3672 [ E3934CCC20A4D24F1924E13D36D2A5BD ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:55:42.0231 3672 Parport - ok
14:55:42.0231 3672 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:55:42.0243 3672 PartMgr - ok
14:55:42.0254 3672 [ 1EADE28746A64C21E0A808BB12A63326 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:55:42.0254 3672 ParVdm - ok
14:55:42.0266 3672 [ 3B166F9F753C21AEDAA9A6BD76B49655 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:55:42.0266 3672 PCI - ok
14:55:42.0266 3672 PCIDump - ok
14:55:42.0289 3672 [ B31EDEBA4DA28283F6B8DC4756FB9585 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:55:42.0289 3672 PCIIde - ok
14:55:42.0301 3672 [ 2137FFD65F8E609A3A5ACD487C56CCE0 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:55:42.0301 3672 Pcmcia - ok
14:55:42.0301 3672 PDCOMP - ok
14:55:42.0301 3672 PDFRAME - ok
14:55:42.0301 3672 PDRELI - ok
14:55:42.0312 3672 PDRFRAME - ok
14:55:42.0312 3672 perc2 - ok
14:55:42.0312 3672 perc2hib - ok
14:55:42.0335 3672 [ 657B69389B893F440B07590C9E963F23 ] PlugPlay C:\WINDOWS\system32\services.exe
14:55:42.0347 3672 PlugPlay - ok
14:55:42.0347 3672 [ 8754210A3399D19610CE2D71E0C3E5D9 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:55:42.0347 3672 PolicyAgent - ok
14:55:42.0370 3672 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:55:42.0370 3672 PptpMiniport - ok
14:55:42.0382 3672 [ 8754210A3399D19610CE2D71E0C3E5D9 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:55:42.0382 3672 ProtectedStorage - ok
14:55:42.0382 3672 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:55:42.0382 3672 Ptilink - ok
14:55:42.0405 3672 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:55:42.0405 3672 PxHelp20 - ok
14:55:42.0405 3672 ql1080 - ok
14:55:42.0405 3672 Ql10wnt - ok
14:55:42.0405 3672 ql12160 - ok
14:55:42.0416 3672 ql1240 - ok
14:55:42.0416 3672 ql1280 - ok
14:55:42.0428 3672 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:55:42.0428 3672 RasAcd - ok
14:55:42.0463 3672 [ 0575D034B1292CA3A9BB9F67A8EE289C ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:55:42.0463 3672 RasAuto - ok
14:55:42.0474 3672 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:55:42.0474 3672 Rasirda - ok
14:55:42.0497 3672 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:55:42.0497 3672 Rasl2tp - ok
14:55:42.0555 3672 [ 9E7E2DF6971A5F00102BE3F901CC3BDC ] RasMan C:\WINDOWS\System32\rasmans.dll
14:55:42.0555 3672 RasMan - ok
14:55:42.0636 3672 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:55:42.0636 3672 RasPppoe - ok
14:55:42.0648 3672 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:55:42.0648 3672 Raspti - ok
14:55:42.0659 3672 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:55:42.0659 3672 Rdbss - ok
14:55:42.0683 3672 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:55:42.0683 3672 RDPCDD - ok
14:55:42.0706 3672 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:55:42.0706 3672 rdpdr - ok
14:55:42.0798 3672 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:55:42.0798 3672 RDPWD - ok
14:55:42.0810 3672 [ EA9FDF71D696B532BDC44C8BFF03A737 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:55:42.0810 3672 RDSessMgr - ok
14:55:42.0821 3672 [ 4173BC66E485FD77A03C4819F60BD0DA ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:55:42.0821 3672 redbook - ok
14:55:42.0845 3672 [ 4007ABF5D9BF0E55451D775443D1F985 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:55:42.0856 3672 RemoteAccess - ok
14:55:42.0868 3672 [ 2FD5B89BF9289C774C5C730DEA96CD91 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:55:42.0868 3672 RemoteRegistry - ok
14:55:42.0879 3672 [ BE078F8F7EC2491EFDD79A53353A060F ] RpcLocator C:\WINDOWS\system32\locator.exe
14:55:42.0879 3672 RpcLocator - ok
14:55:42.0926 3672 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:55:42.0926 3672 RpcSs - ok
14:55:42.0949 3672 [ AD1B5F1B99FFF08C99F443D784711A81 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:55:42.0972 3672 RSVP - ok
14:55:42.0983 3672 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:55:42.0995 3672 RTLE8023xp - ok
14:55:42.0995 3672 [ 8754210A3399D19610CE2D71E0C3E5D9 ] SamSs C:\WINDOWS\system32\lsass.exe
14:55:42.0995 3672 SamSs - ok
14:55:43.0007 3672 [ 1B4CD62174E907C7EF8EC5D4D0A2A616 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:55:43.0018 3672 SCardSvr - ok
14:55:43.0053 3672 [ 7C288AE0F75CB18CFF1DF6179A67AD8F ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:55:43.0053 3672 Schedule - ok
14:55:43.0099 3672 [ 5FD85727E19476C24ACB8E7BFFBCE26C ] Scheduler C:\Program Files\Norman\Npm\Bin\scheduler.exe
14:55:43.0099 3672 Scheduler - ok
14:55:43.0134 3672 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:55:43.0145 3672 Secdrv - ok
14:55:43.0157 3672 [ 6983665BEA867125B1DA5757CD8B2F9D ] seclogon C:\WINDOWS\System32\seclogon.dll
14:55:43.0157 3672 seclogon - ok
14:55:43.0180 3672 [ F6EC8F1E50E40237BDDEE1CB7FE20B42 ] SENS C:\WINDOWS\system32\sens.dll
14:55:43.0180 3672 SENS - ok
14:55:43.0215 3672 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:55:43.0215 3672 serenum - ok
14:55:43.0215 3672 [ 92C21762653BB2CE51147EB8A9AA654F ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:55:43.0215 3672 Serial - ok
14:55:43.0261 3672 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:55:43.0261 3672 Sfloppy - ok
14:55:43.0296 3672 [ 7579C4BE909D47F10F3D8D801CB13ED9 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:55:43.0296 3672 SharedAccess - ok
14:55:43.0319 3672 [ 2D5D4156292150FE571872C1B88E9299 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:55:43.0331 3672 ShellHWDetection - ok
14:55:43.0331 3672 Simbad - ok
14:55:43.0331 3672 Sparrow - ok
14:55:43.0342 3672 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:55:43.0342 3672 splitter - ok
14:55:43.0365 3672 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:55:43.0377 3672 Spooler - ok
14:55:43.0377 3672 [ 64D2A7640E0767ECD3BCB38D3200E7CE ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:55:43.0388 3672 sr - ok
14:55:43.0423 3672 [ 81CBF363C414620CAA61BD6843D8FDB9 ] srservice C:\WINDOWS\system32\srsvc.dll
14:55:43.0435 3672 srservice - ok
14:55:43.0481 3672 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:55:43.0481 3672 Srv - ok
14:55:43.0504 3672 [ 5B9D0DE64BE96A806819516440FD211C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:55:43.0504 3672 SSDPSRV - ok
14:55:43.0585 3672 [ 5AE996186D2DC694FEF88F14A3FC9242 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:55:43.0597 3672 stisvc - ok
14:55:43.0608 3672 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:55:43.0608 3672 swenum - ok
14:55:43.0608 3672 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:55:43.0608 3672 swmidi - ok
14:55:43.0620 3672 SwPrv - ok
14:55:43.0620 3672 symc810 - ok
14:55:43.0620 3672 symc8xx - ok
14:55:43.0620 3672 sym_hi - ok
14:55:43.0632 3672 sym_u3 - ok
14:55:43.0632 3672 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:55:43.0632 3672 sysaudio - ok
14:55:43.0643 3672 [ 251EAE7C56C6AB9490311A3C9757E18D ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:55:43.0643 3672 SysmonLog - ok
14:55:43.0666 3672 [ 2BC9FB448F0C2394FF53C83A7BB04731 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:55:43.0666 3672 TapiSrv - ok
14:55:43.0701 3672 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:55:43.0701 3672 Tcpip - ok
14:55:43.0713 3672 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:55:43.0713 3672 TDPIPE - ok
14:55:43.0713 3672 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:55:43.0713 3672 TDTCP - ok
14:55:43.0736 3672 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:55:43.0736 3672 TermDD - ok
14:55:43.0759 3672 [ E0AEF86A594C9990D6321C5CA239C5B7 ] TermService C:\WINDOWS\System32\termsrv.dll
14:55:43.0759 3672 TermService - ok
14:55:43.0759 3672 [ 2D5D4156292150FE571872C1B88E9299 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:55:43.0770 3672 Themes - ok
14:55:43.0794 3672 [ 78A2FE13662A119875F10E9FFCB49A8F ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:55:43.0805 3672 TlntSvr - ok
14:55:43.0805 3672 TosIde - ok
14:55:43.0828 3672 [ 20655E8CA1C78BC7088B18E93806D21B ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:55:43.0828 3672 TrkWks - ok
14:55:43.0840 3672 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:55:43.0840 3672 Udfs - ok
14:55:43.0840 3672 ultra - ok
14:55:43.0863 3672 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:55:43.0875 3672 Update - ok
14:55:43.0886 3672 [ 01653D6C9604F1FB31A76EC94E08954F ] upnphost C:\WINDOWS\System32\upnphost.dll
14:55:43.0898 3672 upnphost - ok
14:55:43.0898 3672 [ A89796DD0DE24CF03B3A39407E1F46A3 ] UPS C:\WINDOWS\System32\ups.exe
14:55:43.0898 3672 UPS - ok
14:55:43.0909 3672 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:55:43.0909 3672 usbccgp - ok
14:55:43.0932 3672 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:55:43.0932 3672 usbehci - ok
14:55:43.0956 3672 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:55:43.0956 3672 usbhub - ok
14:55:43.0979 3672 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:55:43.0990 3672 usbscan - ok
14:55:44.0013 3672 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:55:44.0013 3672 usbstor - ok
14:55:44.0037 3672 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:55:44.0037 3672 usbuhci - ok
14:55:44.0037 3672 [ 103B23EC82C08FC4BDBC369552FFAB2A ] VBoxDrv C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
14:55:44.0048 3672 VBoxDrv - ok
14:55:44.0060 3672 [ 226CD9E42BE28A84EC56430FBB57224F ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
14:55:44.0060 3672 VBoxNetAdp - ok
14:55:44.0060 3672 [ 0A5D6512DCB14135A388D0E7E69E01BB ] VBoxNetFlt C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
14:55:44.0060 3672 VBoxNetFlt - ok
14:55:44.0071 3672 [ 96A478EDFB1FBF1FC663BEB09B4175A8 ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
14:55:44.0071 3672 VBoxUSBMon - ok
14:55:44.0071 3672 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:55:44.0071 3672 VgaSave - ok
14:55:44.0071 3672 ViaIde - ok
14:55:44.0071 3672 [ 8AB662B3C4691E6DDF61C96BB5B7D103 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:55:44.0083 3672 VolSnap - ok
14:55:44.0129 3672 [ A585EDD6965B301DE8A45C6768C7C215 ] VSS C:\WINDOWS\System32\vssvc.exe
14:55:44.0141 3672 VSS - ok
14:55:44.0164 3672 [ 390D8E65F362327AD510B08971478301 ] W32Time C:\WINDOWS\system32\w32time.dll
14:55:44.0164 3672 W32Time - ok
14:55:44.0187 3672 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:55:44.0187 3672 Wanarp - ok
14:55:44.0187 3672 WDICA - ok
14:55:44.0222 3672 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:55:44.0222 3672 wdmaud - ok
14:55:44.0245 3672 [ 33D8E2812054D97A0AEC9B8F04277927 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:55:44.0245 3672 WebClient - ok
14:55:44.0326 3672 [ F9E105F369C18E4001E0C05AAF600D73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:55:44.0326 3672 winmgmt - ok
14:55:44.0349 3672 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:55:44.0349 3672 WmdmPmSN - ok
14:55:44.0372 3672 [ 93F8EB8C7CD4E325EC92EDBFC545103D ] Wmi C:\WINDOWS\System32\advapi32.dll
14:55:44.0372 3672 Wmi - ok
14:55:44.0476 3672 [ 87F11D161207C7063EDABAC0AADC33C3 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:55:44.0488 3672 WmiApSrv - ok
14:55:44.0569 3672 [ 79A01ACD485687EE602411A06B63A9A5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:55:44.0604 3672 WMPNetworkSvc - ok
14:55:44.0638 3672 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:55:44.0638 3672 WpdUsb - ok
14:55:44.0650 3672 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:55:44.0661 3672 WS2IFSL - ok
14:55:44.0696 3672 [ 843F7FA8EA38E6A4262976DCC994C81A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:55:44.0696 3672 wscsvc - ok
14:55:44.0696 3672 WSearch - ok
14:55:44.0719 3672 [ 1E8FDDDEF3FE260BADAB06DAE10D753A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:55:44.0719 3672 wuauserv - ok
14:55:44.0754 3672 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:55:44.0754 3672 WudfPf - ok
14:55:44.0766 3672 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:55:44.0766 3672 WudfRd - ok
14:55:44.0777 3672 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:55:44.0777 3672 WudfSvc - ok
14:55:44.0812 3672 [ E99782DBB8FFA2AEE72B31DAC8D8D887 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:55:44.0812 3672 WZCSVC - ok
14:55:44.0812 3672 xcpip - ok
14:55:44.0835 3672 [ FD3C38635808920F8235BF2FED642F54 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:55:44.0835 3672 xmlprov - ok
14:55:44.0847 3672 xpsec - ok
14:55:44.0847 3672 xre3.sys - ok
14:55:44.0847 3672 ================ Scan global ===============================
14:55:44.0870 3672 [ 953AD498333B03F7CE547151F96EF241 ] C:\WINDOWS\system32\basesrv.dll
14:55:44.0916 3672 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll
14:55:44.0916 3672 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll
14:55:44.0939 3672 [ 657B69389B893F440B07590C9E963F23 ] C:\WINDOWS\system32\services.exe
14:55:44.0939 3672 [Global] - ok
14:55:44.0939 3672 ================ Scan MBR ==================================
14:55:44.0951 3672 [ 3051207086651214E435112E51817DC5 ] \Device\Harddisk0\DR0
14:55:45.0471 3672 \Device\Harddisk0\DR0 - ok
14:55:45.0471 3672 ================ Scan VBR ==================================
14:55:45.0471 3672 [ DF41199E146B38C8AED3728646BABBE0 ] \Device\Harddisk0\DR0\Partition1
14:55:45.0483 3672 \Device\Harddisk0\DR0\Partition1 - ok
14:55:45.0483 3672 ============================================================
14:55:45.0483 3672 Scan finished
14:55:45.0483 3672 ============================================================
14:55:45.0483 3664 Detected object count: 0
14:55:45.0483 3664 Actual detected object count: 0
14:55:50.0540 2072 Deinitialize success

=======================================================================
= I got 3 TDSSkliier logs
= Here is number 2
=======================================================================

14:50:23.0078 2352 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:50:23.0359 2352 ============================================================
14:50:23.0359 2352 Current date / time: 2012/08/27 14:50:23.0359
14:50:23.0359 2352 SystemInfo:
14:50:23.0359 2352
14:50:23.0359 2352 OS Version: 5.1.2600 ServicePack: 3.0
14:50:23.0359 2352 Product type: Workstation
14:50:23.0359 2352 ComputerName: PC3
14:50:23.0359 2352 UserName: Algemeen
14:50:23.0359 2352 Windows directory: C:\WINDOWS
14:50:23.0359 2352 System windows directory: C:\WINDOWS
14:50:23.0359 2352 Processor architecture: Intel x86
14:50:23.0359 2352 Number of processors: 4
14:50:23.0359 2352 Page size: 0x1000
14:50:23.0359 2352 Boot type: Normal boot
14:50:23.0359 2352 ============================================================
14:50:28.0031 2352 BG loaded
14:50:30.0216 2352 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
14:50:30.0216 2352 ============================================================
14:50:30.0216 2352 \Device\Harddisk0\DR0:
14:50:30.0402 2352 MBR partitions:
14:50:30.0402 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
14:50:30.0402 2352 ============================================================
14:50:40.0091 2352 C: <-> \Device\Harddisk0\DR0\Partition1
14:50:40.0091 2352 ============================================================
14:50:40.0091 2352 Initialize success
14:50:40.0091 2352 ============================================================
14:50:45.0035 2856 ============================================================
14:50:45.0035 2856 Scan started
14:50:45.0035 2856 Mode: Manual;
14:50:45.0035 2856 ============================================================
14:51:09.0080 2856 ================ Scan system memory ========================
14:51:28.0390 2856 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
14:51:28.0390 2856 System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
14:51:28.0390 2856 ================ Scan services =============================
14:51:29.0513 2856 Abiosdsk - ok
14:51:29.0513 2856 abp480n5 - ok
14:51:29.0791 2856 [ 02273A448BA21A7D447DAEB47810D40C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:51:29.0791 2856 ACPI - ok
14:51:29.0814 2856 [ 63F517B1A87DABF3F5ACB8A7952FC1D1 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:51:29.0814 2856 ACPIEC - ok
14:51:29.0872 2856 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:51:29.0884 2856 AdobeFlashPlayerUpdateSvc - ok
14:51:29.0884 2856 adpu160m - ok
14:51:29.0918 2856 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:51:29.0918 2856 aec - ok
14:51:29.0942 2856 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:51:29.0942 2856 AFD - ok
14:51:29.0942 2856 Aha154x - ok
14:51:29.0953 2856 aic78u2 - ok
14:51:29.0953 2856 aic78xx - ok
14:51:29.0976 2856 [ 8BED67D13DCB55B3E9FF6DAC4C6D3B49 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:51:29.0988 2856 Alerter - ok
14:51:29.0999 2856 [ DAB2A89FDE5CF791161200D90C1BCB12 ] ALG C:\WINDOWS\System32\alg.exe
14:51:29.0999 2856 ALG - ok
14:51:29.0999 2856 AliIde - ok
14:51:30.0011 2856 amsint - ok
14:51:30.0023 2856 [ 434A70FA278EB3C42140E3755C2FA4F8 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:51:30.0034 2856 AppMgmt - ok
14:51:30.0034 2856 asc - ok
14:51:30.0046 2856 asc3350p - ok
14:51:30.0046 2856 asc3550 - ok
14:51:30.0196 2856 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:51:30.0196 2856 aspnet_state - ok
14:51:30.0219 2856 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:51:30.0219 2856 AsyncMac - ok
14:51:30.0231 2856 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:51:30.0243 2856 atapi - ok
14:51:30.0243 2856 Atdisk - ok
14:51:30.0266 2856 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:51:30.0266 2856 Atmarpc - ok
14:51:30.0277 2856 [ F10745ED3195360E69AA4A6E7768C0E0 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:51:30.0277 2856 AudioSrv - ok
14:51:30.0300 2856 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:51:30.0300 2856 audstub - ok
14:51:30.0324 2856 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:51:30.0324 2856 Beep - ok
14:51:30.0382 2856 [ 5C0073A51C4873430FA8B262E92183FF ] BITS C:\WINDOWS\system32\qmgr.dll
14:51:30.0382 2856 BITS - ok
14:51:30.0428 2856 [ 139102D1865D3C1F152A25ABD16242DB ] Browser C:\WINDOWS\System32\browser.dll
14:51:30.0428 2856 Browser - ok
14:51:30.0428 2856 catchme - ok
14:51:30.0439 2856 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:51:30.0451 2856 cbidf2k - ok
14:51:30.0451 2856 cd20xrnt - ok
14:51:30.0474 2856 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:51:30.0474 2856 Cdaudio - ok
14:51:30.0567 2856 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:51:30.0567 2856 Cdfs - ok
14:51:30.0601 2856 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:51:30.0601 2856 Cdrom - ok
14:51:30.0601 2856 Changer - ok
14:51:30.0601 2856 [ BD85400700B80FBE3D4A3412BCE74861 ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:51:30.0601 2856 CiSvc - ok
14:51:30.0717 2856 [ 4FB6108130829666C8FE96B442FEAD94 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:51:30.0717 2856 ClipSrv - ok
14:51:30.0764 2856 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:30.0949 2856 clr_optimization_v2.0.50727_32 - ok
14:51:30.0949 2856 CmdIde - ok
14:51:30.0949 2856 COMSysApp - ok
14:51:30.0960 2856 Cpqarray - ok
14:51:31.0134 2856 [ 0A9CF5D3CF63A8699F28C814EF821C7E ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:51:31.0134 2856 CryptSvc - ok
14:51:31.0134 2856 dac2w2k - ok
14:51:31.0134 2856 dac960nt - ok
14:51:31.0840 2856 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:51:31.0840 2856 DcomLaunch - ok
14:51:32.0350 2856 [ 146AB038F5DBB366122D28444999AB2C ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:51:32.0350 2856 Dhcp - ok
14:51:32.0465 2856 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:51:32.0465 2856 Disk - ok
14:51:32.0465 2856 dmadmin - ok
14:51:32.0500 2856 [ DEC123E0C75971D0CC7A6C6A75E28429 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:51:32.0581 2856 dmboot - ok
14:51:32.0616 2856 [ 7268E66259722F6228C730685B201092 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:51:32.0639 2856 dmio - ok
14:51:32.0662 2856 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:51:32.0674 2856 dmload - ok
14:51:32.0743 2856 [ 127DB74184E2D3D31655DA525A5EFDE1 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:51:32.0743 2856 dmserver - ok
14:51:32.0790 2856 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:51:32.0790 2856 DMusic - ok
14:51:33.0067 2856 [ DE6CDB6CBC5C27B9085CFA6DFE8E5025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:51:33.0067 2856 Dnscache - ok
14:51:33.0102 2856 [ 90EE765E1A598B578852901F74F914F1 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:51:33.0137 2856 Dot3svc - ok
14:51:33.0137 2856 dpti2o - ok
14:51:33.0160 2856 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:51:33.0160 2856 drmkaud - ok
14:51:33.0172 2856 [ E6BBDEBF7081899D161C773E8D84D015 ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:51:33.0172 2856 EapHost - ok
14:51:33.0241 2856 [ 05CC05C83EFAE4E98EEAE223DC22234F ] eLoggerSvc6 C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
14:51:33.0241 2856 eLoggerSvc6 - ok
14:51:33.0253 2856 [ 2F5C7F650B7AF178988946EE4B0D9C01 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:51:33.0253 2856 ERSvc - ok
14:51:33.0287 2856 [ 657B69389B893F440B07590C9E963F23 ] Eventlog C:\WINDOWS\system32\services.exe
14:51:33.0287 2856 Eventlog - ok
14:51:33.0310 2856 [ 97912DC0679D2DA60CCE589BBC196D72 ] EventSystem C:\WINDOWS\system32\es.dll
14:51:33.0310 2856 EventSystem - ok
14:51:33.0322 2856 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:51:33.0322 2856 Fastfat - ok
14:51:33.0345 2856 [ 2D5D4156292150FE571872C1B88E9299 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:51:33.0357 2856 FastUserSwitchingCompatibility - ok
14:51:33.0357 2856 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:51:33.0357 2856 Fdc - ok
14:51:33.0368 2856 [ 8BFFFB5AC954E19DFDB96D56512AA518 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:51:33.0368 2856 Fips - ok
14:51:33.0368 2856 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:51:33.0368 2856 Flpydisk - ok
14:51:33.0380 2856 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:51:33.0380 2856 FltMgr - ok
14:51:33.0426 2856 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:51:33.0426 2856 FontCache3.0.0.0 - ok
14:51:33.0438 2856 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:51:33.0438 2856 Fs_Rec - ok
14:51:33.0438 2856 [ FA8CA22E70245C81FF29C36AF56292FC ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:51:33.0438 2856 Ftdisk - ok
14:51:33.0473 2856 [ 4A2AC19279FD593D30C7CA52CB450BCA ] FXDrv32 C:\PROGRA~1\FOXCONN\FOXLIV~1\FXDrv32.sys
14:51:33.0484 2856 FXDrv32 - ok
14:51:33.0496 2856 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:51:33.0496 2856 Gpc - ok
14:51:33.0507 2856 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:51:33.0507 2856 HDAudBus - ok
14:51:33.0530 2856 [ 5327BAD9B35C33D2A64B64E4CF282ECD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:51:33.0530 2856 helpsvc - ok
14:51:33.0542 2856 [ 10003105AAB8D5A7DB51A9CB3D9F55A3 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:51:33.0542 2856 HidServ - ok
14:51:33.0554 2856 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:51:33.0554 2856 hidusb - ok
14:51:33.0554 2856 [ 1FF903FFA2DA1704E5A5443D37D8E49E ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:51:33.0565 2856 hkmsvc - ok
14:51:33.0565 2856 hpn - ok
14:51:33.0588 2856 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:51:33.0600 2856 HTTP - ok
14:51:33.0611 2856 [ 2529C7BA05242BEED0027F554D0513BB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:51:33.0611 2856 HTTPFilter - ok
14:51:33.0611 2856 i2omgmt - ok
14:51:33.0611 2856 i2omp - ok
14:51:33.0611 2856 [ C43372D0682F8E32E4EC21117E089EC0 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:51:33.0611 2856 i8042prt - ok
14:51:33.0658 2856 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:51:33.0658 2856 IDriverT - ok
14:51:33.0681 2856 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:51:33.0693 2856 idsvc - ok
14:51:33.0704 2856 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:51:33.0704 2856 Imapi - ok
14:51:33.0739 2856 [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
14:51:33.0739 2856 Imapi Helper - ok
14:51:33.0774 2856 [ A117772F94C854DE5D1BBC1F1962B192 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:51:33.0774 2856 ImapiService - ok
14:51:33.0774 2856 ini910u - ok
14:51:33.0866 2856 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:51:33.0889 2856 IntcAzAudAddService - ok
14:51:33.0889 2856 IntelIde - ok
14:51:33.0912 2856 [ 2D2254FAC267E6B1C7865E8EBEF60C6D ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:51:33.0912 2856 intelppm - ok
14:51:33.0924 2856 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:51:33.0924 2856 Ip6Fw - ok
14:51:33.0936 2856 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:51:33.0936 2856 IpFilterDriver - ok
14:51:33.0947 2856 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:51:33.0947 2856 IpInIp - ok
14:51:33.0947 2856 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:51:33.0947 2856 IpNat - ok
14:51:33.0959 2856 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:51:33.0959 2856 IPSec - ok
14:51:33.0970 2856 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:51:33.0970 2856 irda - ok
14:51:33.0970 2856 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:51:33.0970 2856 IRENUM - ok
14:51:33.0982 2856 [ 44B0D4C4A7696B901EBCB50E67EC2489 ] Irmon C:\WINDOWS\System32\irmon.dll
14:51:33.0982 2856 Irmon - ok
14:51:33.0994 2856 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
14:51:33.0994 2856 irsir - ok
14:51:33.0994 2856 [ 0B78E1A31340E1FB1E389D5633F7C3A0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:51:33.0994 2856 isapnp - ok
14:51:34.0098 2856 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:51:34.0098 2856 JavaQuickStarterService - ok
14:51:34.0098 2856 [ 380397621E94B32C744E7B2CC1330390 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:51:34.0098 2856 Kbdclass - ok
14:51:34.0098 2856 [ B833B70FE639F01FB36CEDABE57EF031 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:51:34.0098 2856 kbdhid - ok
14:51:34.0109 2856 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:51:34.0121 2856 kmixer - ok
14:51:34.0132 2856 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:51:34.0132 2856 KSecDD - ok
14:51:34.0156 2856 [ C7955E7EDAEA462D04F1C4BE1D340372 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:51:34.0156 2856 lanmanserver - ok
14:51:34.0167 2856 [ A936A575EAF6DCE8DC08BC0C53972ADD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:51:34.0167 2856 lanmanworkstation - ok
14:51:34.0167 2856 lbrtfdc - ok
14:51:34.0167 2856 [ 91AE20C5C2776C511994AA1308C05283 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:51:34.0179 2856 LmHosts - ok
14:51:34.0179 2856 [ C56A45A03DCA11712DE9FDF98224230B ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:51:34.0179 2856 Messenger - ok
14:51:34.0190 2856 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:51:34.0202 2856 mnmdd - ok
14:51:34.0225 2856 [ 5B1D994DCF1895AFA27600E46A2F0FEA ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:51:34.0225 2856 mnmsrvc - ok
14:51:34.0237 2856 [ 8114EEAC353F549331AB73E9AF4219ED ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:51:34.0237 2856 Modem - ok
14:51:34.0237 2856 [ 1A4E2214DD63E4A876463D3427EE8261 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:51:34.0248 2856 Mouclass - ok
14:51:34.0248 2856 [ 18017899254E01371E1A39754D6BF98C ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:51:34.0260 2856 mouhid - ok
14:51:34.0260 2856 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:51:34.0260 2856 MountMgr - ok
14:51:34.0295 2856 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:51:34.0306 2856 MozillaMaintenance - ok
14:51:34.0306 2856 mraid35x - ok
14:51:34.0306 2856 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:51:34.0306 2856 MRxDAV - ok
14:51:34.0387 2856 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:51:34.0387 2856 MRxSmb - ok
14:51:34.0387 2856 [ 21EA21984D7D1AD50DB2E627020AB14C ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:51:34.0387 2856 MSDTC - ok
14:51:34.0387 2856 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:51:34.0399 2856 Msfs - ok
14:51:34.0399 2856 MSIServer - ok
14:51:34.0410 2856 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:51:34.0410 2856 MSKSSRV - ok
14:51:34.0422 2856 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:51:34.0422 2856 MSPCLOCK - ok
14:51:34.0422 2856 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:51:34.0422 2856 MSPQM - ok
14:51:34.0433 2856 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:51:34.0433 2856 mssmbios - ok
14:51:34.0445 2856 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:51:34.0445 2856 Mup - ok
14:51:34.0468 2856 MySQL - ok
14:51:34.0480 2856 [ 87E394C810794D3C70CF22E8316CB23E ] napagent C:\WINDOWS\System32\qagentrt.dll
14:51:34.0480 2856 napagent - ok
14:51:34.0491 2856 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:51:34.0491 2856 NDIS - ok
14:51:34.0538 2856 [ 725123F7AEBFEF717E3F26B25B149D7A ] Ndiskio C:\Program Files\Norman\Nse\bin\NDISKIO.SYS
14:51:34.0538 2856 Ndiskio - ok
14:51:34.0538 2856 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:51:34.0538 2856 NdisTapi - ok
14:51:34.0549 2856 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:51:34.0549 2856 Ndisuio - ok
14:51:34.0561 2856 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:51:34.0561 2856 NdisWan - ok
14:51:34.0572 2856 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:51:34.0572 2856 NDProxy - ok
14:51:34.0572 2856 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:51:34.0572 2856 NetBIOS - ok
14:51:34.0584 2856 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:51:34.0584 2856 NetBT - ok
14:51:34.0607 2856 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDE C:\WINDOWS\system32\netdde.exe
14:51:34.0607 2856 NetDDE - ok
14:51:34.0619 2856 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:51:34.0619 2856 NetDDEdsdm - ok
14:51:34.0630 2856 [ 8754210A3399D19610CE2D71E0C3E5D9 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:51:34.0630 2856 Netlogon - ok
14:51:34.0642 2856 [ 5431FB616ECAE0D587C5B97D0B86CBD8 ] Netman C:\WINDOWS\System32\netman.dll
14:51:34.0642 2856 Netman - ok
14:51:34.0653 2856 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:51:34.0653 2856 NetTcpPortSharing - ok
14:51:34.0677 2856 [ 0D439F6337ADC15B1393060D108CA8D8 ] NGS c:\program files\norman\ngs\bin\ngs.sys
14:51:34.0677 2856 NGS - ok
14:51:34.0734 2856 [ AF6AF4685FBA9EF80589B688C231CBAA ] NHS C:\Program Files\Norman\Nvc\bin\nhs.exe
14:51:34.0734 2856 NHS - ok
14:51:34.0792 2856 [ D3CC53C6E1189E914873775C5B8B56AF ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
14:51:34.0792 2856 NitroReaderDriverReadSpool - ok
14:51:34.0804 2856 [ 4522CBE00A9E9EEE36AA82ED4B319148 ] Nla C:\WINDOWS\System32\mswsock.dll
14:51:34.0804 2856 Nla - ok
14:51:34.0827 2856 [ EFB8638C018CD428B9DD78B7F89E2FAF ] NNFSVC C:\Program Files\Norman\Ngs\Bin\Nnf.exe
14:51:34.0827 2856 NNFSVC - ok
14:51:34.0839 2856 [ C4D2D678F08F11F0EDB3BB4E89CE2B7A ] Norman NJeeves C:\Program Files\Norman\Npm\Bin\Njeeves.exe
14:51:34.0839 2856 Norman NJeeves - ok
14:51:34.0862 2856 [ 88CA218696CF13B260DB003787AB65AE ] Norman ZANDA C:\Program Files\Norman\Npm\Bin\Zanda.exe
14:51:34.0873 2856 Norman ZANDA - ok
14:51:34.0873 2856 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:51:34.0873 2856 Npfs - ok
14:51:34.0873 2856 [ 0FDDFE0CF41B5EB87689E465E34DDD18 ] NPROSEC C:\Program Files\Norman\Ngs\Bin\nprosec.sys
14:51:34.0873 2856 NPROSEC - ok
14:51:34.0897 2856 [ A7C274DAB79D0F50BD4202A678684A71 ] NPROSECSVC C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
14:51:34.0897 2856 NPROSECSVC - ok
14:51:34.0920 2856 [ 82A058999D0CFB5C285FC22856E235C2 ] nregsec C:\Program Files\Norman\Ngs\Bin\nregsec.sys
14:51:34.0920 2856 nregsec - ok
14:51:34.0943 2856 [ 8634779EC283D55EEAFA9101733C6E93 ] nsesvc C:\Program Files\Norman\nse\bin\NSESVC.EXE
14:51:34.0943 2856 nsesvc - ok
14:51:34.0943 2856 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:51:34.0954 2856 Ntfs - ok
14:51:34.0954 2856 [ 8754210A3399D19610CE2D71E0C3E5D9 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:51:34.0954 2856 NtLmSsp - ok
14:51:34.0978 2856 [ AC1A78237B53044735693633F8235468 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:51:34.0978 2856 NtmsSvc - ok
14:51:35.0001 2856 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:51:35.0001 2856 Null - ok
14:51:35.0140 2856 [ 231E377E60A96B53C169C5E04AC0A67A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:51:35.0174 2856 nv - ok
14:51:35.0198 2856 [ 1E41D6EA5DD8799BA0D442B1D73F4060 ] NvcMFlt C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
14:51:35.0198 2856 NvcMFlt - ok
14:51:35.0221 2856 [ FF04B683F1260468789804C95077E1D4 ] nvcoas C:\Program Files\Norman\Nvc\bin\nvcoas.exe
14:51:35.0232 2856 nvcoas - ok
14:51:35.0232 2856 NVCScheduler - ok
14:51:35.0255 2856 [ E10AACC565E0A8B76AC4FB912343D38E ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
14:51:35.0255 2856 NVHDA - ok
14:51:35.0279 2856 [ 98CDB972FD946B904CD1C6D5ECF2E878 ] NVOY C:\Program Files\Norman\npm\bin\nvoy.exe
14:51:35.0279 2856 NVOY - ok
14:51:35.0302 2856 [ A1D291A173A68C332678DDF3FC38D85B ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
14:51:35.0302 2856 NVSvc - ok
14:51:35.0325 2856 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:51:35.0325 2856 NwlnkFlt - ok
14:51:35.0325 2856 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:51:35.0325 2856 NwlnkFwd - ok
14:51:35.0406 2856 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:51:35.0406 2856 odserv - ok
14:51:35.0441 2856 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:51:35.0452 2856 ose - ok
14:51:35.0452 2856 [ E3934CCC20A4D24F1924E13D36D2A5BD ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:51:35.0452 2856 Parport - ok
14:51:35.0452 2856 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:51:35.0452 2856 PartMgr - ok
14:51:35.0475 2856 [ 1EADE28746A64C21E0A808BB12A63326 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:51:35.0475 2856 ParVdm - ok
14:51:35.0475 2856 [ 3B166F9F753C21AEDAA9A6BD76B49655 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:51:35.0475 2856 PCI - ok
14:51:35.0475 2856 PCIDump - ok
14:51:35.0499 2856 [ B31EDEBA4DA28283F6B8DC4756FB9585 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:51:35.0499 2856 PCIIde - ok
14:51:35.0510 2856 [ 2137FFD65F8E609A3A5ACD487C56CCE0 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:51:35.0522 2856 Pcmcia - ok
14:51:35.0522 2856 PDCOMP - ok
14:51:35.0533 2856 PDFRAME - ok
14:51:35.0533 2856 PDRELI - ok
14:51:35.0533 2856 PDRFRAME - ok
14:51:35.0533 2856 perc2 - ok
14:51:35.0533 2856 perc2hib - ok
14:51:35.0545 2856 [ 657B69389B893F440B07590C9E963F23 ] PlugPlay C:\WINDOWS\system32\services.exe
14:51:35.0556 2856 PlugPlay - ok
14:51:35.0568 2856 [ 8754210A3399D19610CE2D71E0C3E5D9 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:51:35.0568 2856 PolicyAgent - ok
14:51:35.0603 2856 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:51:35.0603 2856 PptpMiniport - ok
14:51:35.0614 2856 [ 8754210A3399D19610CE2D71E0C3E5D9 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:51:35.0614 2856 ProtectedStorage - ok
14:51:35.0626 2856 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:51:35.0626 2856 Ptilink - ok
14:51:35.0637 2856 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:51:35.0637 2856 PxHelp20 - ok
14:51:35.0637 2856 ql1080 - ok
14:51:35.0637 2856 Ql10wnt - ok
14:51:35.0637 2856 ql12160 - ok
14:51:35.0649 2856 ql1240 - ok
14:51:35.0649 2856 ql1280 - ok
14:51:35.0695 2856 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:51:35.0695 2856 RasAcd - ok
14:51:35.0938 2856 [ 0575D034B1292CA3A9BB9F67A8EE289C ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:51:35.0938 2856 RasAuto - ok
14:51:36.0008 2856 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:51:36.0008 2856 Rasirda - ok
14:51:36.0066 2856 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:51:36.0066 2856 Rasl2tp - ok
14:51:36.0170 2856 [ 9E7E2DF6971A5F00102BE3F901CC3BDC ] RasMan C:\WINDOWS\System32\rasmans.dll
14:51:36.0170 2856 RasMan - ok
14:51:36.0170 2856 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:51:36.0170 2856 RasPppoe - ok
14:51:36.0182 2856 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:51:36.0182 2856 Raspti - ok
14:51:36.0193 2856 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:51:36.0193 2856 Rdbss - ok
14:51:36.0205 2856 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:51:36.0205 2856 RDPCDD - ok
14:51:36.0216 2856 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:51:36.0216 2856 rdpdr - ok
14:51:36.0274 2856 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:51:36.0274 2856 RDPWD - ok
14:51:36.0286 2856 [ EA9FDF71D696B532BDC44C8BFF03A737 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:51:36.0286 2856 RDSessMgr - ok
14:51:36.0297 2856 [ 4173BC66E485FD77A03C4819F60BD0DA ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:51:36.0297 2856 redbook - ok
14:51:36.0320 2856 [ 4007ABF5D9BF0E55451D775443D1F985 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:51:36.0320 2856 RemoteAccess - ok
14:51:36.0355 2856 [ 2FD5B89BF9289C774C5C730DEA96CD91 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:51:36.0355 2856 RemoteRegistry - ok
14:51:36.0367 2856 [ BE078F8F7EC2491EFDD79A53353A060F ] RpcLocator C:\WINDOWS\system32\locator.exe
14:51:36.0367 2856 RpcLocator - ok
14:51:36.0378 2856 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:51:36.0378 2856 RpcSs - ok
14:51:36.0401 2856 [ AD1B5F1B99FFF08C99F443D784711A81 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:51:36.0401 2856 RSVP - ok
14:51:36.0459 2856 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:51:36.0459 2856 RTLE8023xp - ok
14:51:36.0610 2856 [ 8754210A3399D19610CE2D71E0C3E5D9 ] SamSs C:\WINDOWS\system32\lsass.exe
14:51:36.0610 2856 SamSs - ok
14:51:36.0645 2856 [ 1B4CD62174E907C7EF8EC5D4D0A2A616 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:51:36.0645 2856 SCardSvr - ok
14:51:36.0853 2856 [ 7C288AE0F75CB18CFF1DF6179A67AD8F ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:51:36.0853 2856 Schedule - ok
14:51:36.0888 2856 [ 5FD85727E19476C24ACB8E7BFFBCE26C ] Scheduler C:\Program Files\Norman\Npm\Bin\scheduler.exe
14:51:36.0888 2856 Scheduler - ok
14:51:36.0911 2856 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:51:36.0911 2856 Secdrv - ok
14:51:36.0946 2856 [ 6983665BEA867125B1DA5757CD8B2F9D ] seclogon C:\WINDOWS\System32\seclogon.dll
14:51:36.0946 2856 seclogon - ok
14:51:36.0980 2856 [ F6EC8F1E50E40237BDDEE1CB7FE20B42 ] SENS C:\WINDOWS\system32\sens.dll
14:51:36.0980 2856 SENS - ok
14:51:36.0992 2856 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:51:36.0992 2856 serenum - ok
14:51:36.0992 2856 [ 92C21762653BB2CE51147EB8A9AA654F ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:51:36.0992 2856 Serial - ok
14:51:37.0015 2856 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:51:37.0015 2856 Sfloppy - ok
14:51:37.0061 2856 [ 7579C4BE909D47F10F3D8D801CB13ED9 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:51:37.0061 2856 SharedAccess - ok
14:51:37.0085 2856 [ 2D5D4156292150FE571872C1B88E9299 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:51:37.0085 2856 ShellHWDetection - ok
14:51:37.0096 2856 Simbad - ok
14:51:37.0096 2856 Sparrow - ok
14:51:37.0096 2856 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:51:37.0096 2856 splitter - ok
14:51:37.0131 2856 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:51:37.0131 2856 Spooler - ok
14:51:37.0142 2856 [ 64D2A7640E0767ECD3BCB38D3200E7CE ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:51:37.0142 2856 sr - ok
14:51:37.0247 2856 [ 81CBF363C414620CAA61BD6843D8FDB9 ] srservice C:\WINDOWS\system32\srsvc.dll
14:51:37.0247 2856 srservice - ok
14:51:37.0316 2856 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:51:37.0316 2856 Srv - ok
14:51:37.0374 2856 [ 5B9D0DE64BE96A806819516440FD211C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:51:37.0374 2856 SSDPSRV - ok
14:51:37.0698 2856 [ 5AE996186D2DC694FEF88F14A3FC9242 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:51:37.0698 2856 stisvc - ok
14:51:37.0744 2856 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:51:37.0744 2856 swenum - ok
14:51:37.0744 2856 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:51:37.0744 2856 swmidi - ok
14:51:37.0756 2856 SwPrv - ok
14:51:37.0756 2856 symc810 - ok
14:51:37.0756 2856 symc8xx - ok
14:51:37.0756 2856 sym_hi - ok
14:51:37.0756 2856 sym_u3 - ok
14:51:37.0779 2856 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:51:37.0779 2856 sysaudio - ok
14:51:37.0802 2856 [ 251EAE7C56C6AB9490311A3C9757E18D ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:51:37.0802 2856 SysmonLog - ok
14:51:37.0825 2856 [ 2BC9FB448F0C2394FF53C83A7BB04731 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:51:37.0825 2856 TapiSrv - ok
14:51:37.0849 2856 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:51:37.0849 2856 Tcpip - ok
14:51:37.0860 2856 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:51:37.0860 2856 TDPIPE - ok
14:51:37.0872 2856 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:51:37.0872 2856 TDTCP - ok
14:51:37.0883 2856 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:51:37.0883 2856 TermDD - ok
14:51:37.0883 2856 [ E0AEF86A594C9990D6321C5CA239C5B7 ] TermService C:\WINDOWS\System32\termsrv.dll
14:51:37.0895 2856 TermService - ok
14:51:37.0895 2856 [ 2D5D4156292150FE571872C1B88E9299 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:51:37.0895 2856 Themes - ok
14:51:37.0930 2856 [ 78A2FE13662A119875F10E9FFCB49A8F ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:51:37.0930 2856 TlntSvr - ok
14:51:37.0930 2856 TosIde - ok
14:51:37.0930 2856 [ 20655E8CA1C78BC7088B18E93806D21B ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:51:37.0941 2856 TrkWks - ok
14:51:37.0953 2856 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:51:37.0964 2856 Udfs - ok
14:51:37.0964 2856 ultra - ok
14:51:37.0988 2856 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:51:37.0988 2856 Update - ok
14:51:38.0080 2856 [ 01653D6C9604F1FB31A76EC94E08954F ] upnphost C:\WINDOWS\System32\upnphost.dll
14:51:38.0080 2856 upnphost - ok
14:51:38.0092 2856 [ A89796DD0DE24CF03B3A39407E1F46A3 ] UPS C:\WINDOWS\System32\ups.exe
14:51:38.0092 2856 UPS - ok
14:51:38.0115 2856 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:51:38.0115 2856 usbccgp - ok
14:51:38.0150 2856 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:51:38.0150 2856 usbehci - ok
14:51:38.0184 2856 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:51:38.0184 2856 usbhub - ok
14:51:38.0207 2856 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:51:38.0207 2856 usbscan - ok
14:51:38.0207 2856 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:51:38.0207 2856 usbstor - ok
14:51:38.0219 2856 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:51:38.0219 2856 usbuhci - ok
14:51:38.0242 2856 [ 103B23EC82C08FC4BDBC369552FFAB2A ] VBoxDrv C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
14:51:38.0242 2856 VBoxDrv - ok
14:51:38.0277 2856 [ 226CD9E42BE28A84EC56430FBB57224F ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
14:51:38.0277 2856 VBoxNetAdp - ok
14:51:38.0289 2856 [ 0A5D6512DCB14135A388D0E7E69E01BB ] VBoxNetFlt C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
14:51:38.0289 2856 VBoxNetFlt - ok
14:51:38.0289 2856 [ 96A478EDFB1FBF1FC663BEB09B4175A8 ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
14:51:38.0289 2856 VBoxUSBMon - ok
14:51:38.0289 2856 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:51:38.0289 2856 VgaSave - ok
14:51:38.0289 2856 ViaIde - ok
14:51:38.0300 2856 [ 8AB662B3C4691E6DDF61C96BB5B7D103 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:51:38.0300 2856 VolSnap - ok
14:51:38.0312 2856 [ A585EDD6965B301DE8A45C6768C7C215 ] VSS C:\WINDOWS\System32\vssvc.exe
14:51:38.0312 2856 VSS - ok
14:51:38.0335 2856 [ 390D8E65F362327AD510B08971478301 ] W32Time C:\WINDOWS\system32\w32time.dll
14:51:38.0346 2856 W32Time - ok
14:51:38.0346 2856 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:51:38.0346 2856 Wanarp - ok
14:51:38.0346 2856 WDICA - ok
14:51:38.0370 2856 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:51:38.0370 2856 wdmaud - ok
14:51:38.0381 2856 [ 33D8E2812054D97A0AEC9B8F04277927 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:51:38.0381 2856 WebClient - ok
14:51:38.0416 2856 [ F9E105F369C18E4001E0C05AAF600D73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:51:38.0416 2856 winmgmt - ok
14:51:38.0439 2856 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:51:38.0439 2856 WmdmPmSN - ok
14:51:38.0451 2856 [ 93F8EB8C7CD4E325EC92EDBFC545103D ] Wmi C:\WINDOWS\System32\advapi32.dll
14:51:38.0451 2856 Wmi - ok
14:51:38.0462 2856 [ 87F11D161207C7063EDABAC0AADC33C3 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:51:38.0462 2856 WmiApSrv - ok
14:51:38.0520 2856 [ 79A01ACD485687EE602411A06B63A9A5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:51:38.0520 2856 WMPNetworkSvc - ok
14:51:38.0532 2856 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:51:38.0532 2856 WpdUsb - ok
14:51:38.0543 2856 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:51:38.0543 2856 WS2IFSL - ok
14:51:38.0566 2856 [ 843F7FA8EA38E6A4262976DCC994C81A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:51:38.0578 2856 wscsvc - ok
14:51:38.0578 2856 WSearch - ok
14:51:38.0590 2856 [ 1E8FDDDEF3FE260BADAB06DAE10D753A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:51:38.0590 2856 wuauserv - ok
14:51:38.0601 2856 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:51:38.0601 2856 WudfPf - ok
14:51:38.0601 2856 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:51:38.0613 2856 WudfRd - ok
14:51:38.0636 2856 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:51:38.0636 2856 WudfSvc - ok
14:51:38.0682 2856 [ E99782DBB8FFA2AEE72B31DAC8D8D887 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:51:38.0682 2856 WZCSVC - ok
14:51:38.0682 2856 xcpip - ok
14:51:38.0705 2856 [ FD3C38635808920F8235BF2FED642F54 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:51:38.0705 2856 xmlprov - ok
14:51:38.0705 2856 xpsec - ok
14:51:38.0705 2856 xre3.sys - ok
14:51:38.0705 2856 ================ Scan global ===============================
14:51:38.0717 2856 [ 953AD498333B03F7CE547151F96EF241 ] C:\WINDOWS\system32\basesrv.dll
14:51:38.0763 2856 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll
14:51:38.0775 2856 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll
14:51:38.0786 2856 [ 657B69389B893F440B07590C9E963F23 ] C:\WINDOWS\system32\services.exe
14:51:38.0786 2856 [Global] - ok
14:51:38.0786 2856 ================ Scan MBR ==================================
14:51:38.0798 2856 [ 0CDF603E10AAB7AAC897B11E00C1D75B ] \Device\Harddisk0\DR0
14:51:38.0798 2856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
14:51:38.0798 2856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
14:51:38.0798 2856 ================ Scan VBR ==================================
14:51:38.0798 2856 [ DF41199E146B38C8AED3728646BABBE0 ] \Device\Harddisk0\DR0\Partition1
14:51:38.0798 2856 \Device\Harddisk0\DR0\Partition1 - ok
14:51:38.0798 2856 ============================================================
14:51:38.0798 2856 Scan finished
14:51:38.0798 2856 ============================================================
14:51:38.0809 2852 Detected object count: 2
14:51:38.0809 2852 Actual detected object count: 2
14:51:54.0913 2852 System memory - cured
14:51:54.0913 2852 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - User select action: Cure
14:51:55.0260 2852 \Device\Harddisk0\DR0\# - copied to quarantine
14:51:55.0260 2852 \Device\Harddisk0\DR0 - copied to quarantine
14:51:55.0283 2852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
14:51:55.0307 2852 \Device\Harddisk0\DR0 - ok
14:51:55.0307 2852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
14:51:59.0162 2308 Deinitialize success


=======================================================================
= I got 3 TDSSkliier logs
= Here is number 3
=======================================================================

14:43:57.0745 2884 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:43:58.0104 2884 ============================================================
14:43:58.0104 2884 Current date / time: 2012/08/27 14:43:58.0104
14:43:58.0104 2884 SystemInfo:
14:43:58.0104 2884
14:43:58.0104 2884 OS Version: 5.1.2600 ServicePack: 3.0
14:43:58.0104 2884 Product type: Workstation
14:43:58.0104 2884 ComputerName: PC3
14:43:58.0120 2884 UserName: Algemeen
14:43:58.0120 2884 Windows directory: C:\WINDOWS
14:43:58.0120 2884 System windows directory: C:\WINDOWS
14:43:58.0120 2884 Processor architecture: Intel x86
14:43:58.0120 2884 Number of processors: 4
14:43:58.0120 2884 Page size: 0x1000
14:43:58.0120 2884 Boot type: Normal boot
14:43:58.0120 2884 ============================================================
14:43:59.0133 2884 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
14:43:59.0133 2884 ============================================================
14:43:59.0133 2884 \Device\Harddisk0\DR0:
14:43:59.0133 2884 MBR partitions:
14:43:59.0133 2884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
14:43:59.0133 2884 ============================================================
14:43:59.0149 2884 C: <-> \Device\Harddisk0\DR0\Partition1
14:43:59.0149 2884 ============================================================
14:44:12.0683 4088 Deinitialize success





=======================================================================
= Here is the AsWMBR log
=======================================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 15:00:37
-----------------------------
15:00:37.091 OS Version: Windows 5.1.2600 Service Pack 3
15:00:37.091 Number of processors: 4 586 0x1707
15:00:37.091 ComputerName: PC3 UserName:
15:00:38.366 Initialize success
15:06:55.110 AVAST engine defs: 12082700
15:07:10.723 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6
15:07:10.723 Disk 0 Vendor: MAXTOR_STM31000340AS MX1A Size: 953869MB BusType: 3
15:07:10.738 Disk 0 MBR read successfully
15:07:10.738 Disk 0 MBR scan
15:07:10.769 Disk 0 Windows XP default MBR code
15:07:10.784 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
15:07:10.784 Disk 0 scanning sectors +1953504000
15:07:10.814 Disk 0 malicious Win32:MBRoot code @ sector 1953504003 !
15:07:10.859 Disk 0 scanning C:\WINDOWS\system32\drivers
15:07:17.246 Service scanning
15:07:25.959 Modules scanning
15:07:28.994 Disk 0 trace - called modules:
15:07:29.009 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:07:29.009 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac1eab8]
15:07:29.009 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8ac34f18]
15:07:29.009 5 ACPI.sys[b7f50620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-6[0x8ac12940]
15:07:30.142 AVAST engine scan C:\WINDOWS
15:07:51.432 AVAST engine scan C:\WINDOWS\system32
15:10:39.697 AVAST engine scan C:\WINDOWS\system32\drivers
15:11:21.388 AVAST engine scan C:\Documents and Settings\Algemeen
15:33:06.701 AVAST engine scan C:\Documents and Settings\All Users
15:34:59.233 Scan finished successfully
15:37:59.251 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Algemeen\Bureaublad\MBR.dat"
15:37:59.251 The log file has been saved successfully to "C:\Documents and Settings\Algemeen\Bureaublad\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 PM

Posted 27 August 2012 - 01:21 PM

Print out these instructions to use while in the Recovery Console:

1.Restart your computer.
2.Before Windows loads, you will be prompted to choose which Operating System to start.
3.Use the up and down arrow key to select Microsoft Windows Recovery Console
4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter'

fixmbr
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users