Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezing


  • This topic is locked This topic is locked
32 replies to this topic

#1 crunchyblack1

crunchyblack1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 November 2012 - 02:12 AM

Computer working fine till I downloaded something from Youtube. It's now just freezing randomly. Don't know what it is in processes.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 08 November 2012 - 02:19 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 crunchyblack1

crunchyblack1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 November 2012 - 04:13 PM

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by The Junks at 13:10:51 on 2012-11-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.908 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
d:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\PrivacyKeyboard\akl_svc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
D:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\The Junks\Application Data\Hyperdesktop\hyperdesktop.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = :80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - d:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.2.3\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Hyperdesktop] c:\documents and settings\the junks\application data\hyperdesktop\hyperdesktop.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\thejun~1\startm~1\programs\startup\rainme~1.lnk - d:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\openvp~1.lnk - d:\program files\openvpn technologies\openvpn client\core\uiboot.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - d:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - d:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{801AA6A6-59D4-4A0A-BE9A-A099283EF8AE} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GIDLogonXP - GIDLogonXP.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\the junks\application data\mozilla\firefox\profiles\ok95auwn.default\
FF - plugin: c:\documents and settings\the junks\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\the junks\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\the junks\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: !HIDDEN! 2011-08-06 14:41; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
.
============= SERVICES / DRIVERS ===============
.
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-10-28 4736]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20121030.002\BHDrvx86.sys [2012-11-5 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-8-21 25232]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 akl_svc";PrivacyKeyboard Service;d:\program files\privacykeyboard\akl_svc.exe [2011-11-4 66768]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 OpenVPNAccessClient;OpenVPN Access Client;d:\program files\openvpn technologies\openvpn client\core\capiws.exe [2010-8-12 24064]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2011-9-14 18864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121107.001\IDSXpx86.sys [2012-11-7 373728]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-13 22856]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121108.002\NAVENG.SYS [2012-11-8 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121108.002\NAVEX15.SYS [2012-11-8 1601184]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2011-8-27 129808]
S0 cecp;cecp;c:\windows\system32\drivers\gukn.sys --> c:\windows\system32\drivers\gukn.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-2-2 238952]
S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-5 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\fsusbexdisk.sys --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys --> c:\windows\system32\drivers\idmtdi.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctndis.sys --> c:\windows\system32\drivers\pctNdis.sys [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2012-2-2 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2012-2-2 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2012-2-2 123648]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-8-3 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2012-3-12 25088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Program.exe: Open=d:\program files\freecorder\flvplayer.exe "%1"
.
=============== Created Last 30 ================
.
2012-11-05 10:41:45 293376 ------w- c:\windows\system32\browserchoice.exe
2012-10-19 23:53:20 -------- d-----w- c:\documents and settings\the junks\application data\DDMSettings
2012-10-18 10:05:47 -------- dc-h--w- c:\windows\ie8
2012-10-17 20:41:47 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
.
==================== Find3M ====================
.
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 08:41:35 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-24 08:41:31 821736 -c--a-w- c:\windows\system32\npDeployJava1.dll
2012-09-24 08:41:31 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-09-24 08:41:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-20 21:19:24 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 07:57:00 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-21 13:33:26 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2003-07-30 12:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 12:42:08 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 -csh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:42:02 57344 -csh--w- c:\windows\system32\msvcirt.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:42:34 11776 -csh--w- c:\windows\system32\regsvr32.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A8F5AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000080[0x8A8E6EB0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A8FAD98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 13:11:30.10 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2011 7:29:14 PM
System Uptime: 11/8/2012 8:44:20 AM (5 hours ago)
.
Motherboard: ASUSTek Computer Inc. | | P4SD-VX
Processor: Intel® Pentium® 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 1.359 GiB free.
D: is FIXED (NTFS) - 169 GiB total, 24.975 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 6 GiB total, 0.953 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5961&SUBSYS_50001043&REV_01\4&38B71F77&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5961&SUBSYS_50001043&REV_01\4&38B71F77&0&0008
Service:
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: USB Audio Device
Device ID: USB\VID_046D&PID_08C1&MI_02\6&3A7B221&0&0002
Manufacturer: (Generic USB Audio)
Name: USB Audio Device
PNP Device ID: USB\VID_046D&PID_08C1&MI_02\6&3A7B221&0&0002
Service: usbaudio
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter OAS
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider OAS
Name: TAP-Win32 Adapter OAS
PNP Device ID: ROOT\NET\0000
Service: tapoas
.
==== System Restore Points ===================
.
RP534: 11/7/2012 11:39:16 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6500_E709_eDocs
AC3File 0.6b
AC3Filter 1.62b
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Photoshop CS6
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.4)
Adobe Widget Browser
Apple Application Support
Application Profiles
ATI - Software Uninstall Utility
ATI Catalyst Install Manager
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
BitTorrent
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
calibre
CCleaner
Click to DVD 1.3.01
Creative EAX Settings
Creative Speaker Settings
DarkComet RAT Remover version 1.0
Destination Component
Device Control
DeviceDiscovery
DivX Setup
DocMgr
DocProc
Easy Crypter 2012
eLicenser Control
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Fax
FireballFTP Video Cutter Max 1.0.0.6
Folder Size for Windows
Freecorder 5
Google Chrome
Google Talk Plugin
GPBaseService2
GuardedID
Gyazo 1.0
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Photo Imaging Software
HP Photo Printing Software
hp photosmart printer series (Remove only)
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPProductAssistant
ImgBurn
Intel® PRO Network Adapters and Drivers
Internet Download Manager
Invision
Java 7 Update 7
Java Auto Updater
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.65.1.1000
Managed DirectX (0901)
ManyCam 2.6.60 (remove only)
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Music Visualizer Library 1.4.00
MyDefrag v4.3.1
MyImgur 3.1
Network
Nmap 5.51
Norton Security Suite
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S. 12.0
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 3.3.01
OpenVPN 2.2.2
OpenVPN Client
PakkISO 0.4
PDF Settings CS5
PDF Settings CS6
PictureGear Studio 2.0
Portal
PowerISO
PrivacyKeyboard
PSP Video 9 6
QuickTime
Rainmeter
Realtek AC'97 Audio
Realtek High Definition Audio Driver
SAMSUNG CDMA Modem Driver Set
Samsung New PC Studio
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
Sandboxie 3.58 (32-bit)
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SoftV92 Data Fax Modem
SolutionCenter
SonicStage 1.6.00
SonicStage Mastering Studio 1.1
SonicStage Mastering Studio Plugins 1.0
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony TV Tuner Library 1.0
Sony Video Shared Library
Status
Steam
SUPERAntiSpyware
SureThing CD Labeler - Stomper Edition 32 bit
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinPcap 4.1.2
WinX HD Video Converter Deluxe 3.12.2
Wireshark 1.6.1
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 8:41:01 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000C6E11DF83 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/5/2012 7:25:11 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 000C6E11DF83 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/5/2012 3:52:31 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 000C6E11DF83 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/4/2012 9:30:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
11/4/2012 9:30:55 AM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/4/2012 7:43:55 PM, error: Dhcp [1002] - The IP address lease 10.121.238.151 for the Network Card with network address 00FF546489E9 has been denied by the DHCP server 10.96.0.0 (The DHCP Server sent a DHCPNACK message).
11/4/2012 1:28:25 AM, error: Service Control Manager [7000] - The FsUsbExDisk service failed to start due to the following error: The system cannot find the file specified.
11/3/2012 12:02:35 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 000C6E11DF83 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/2/2012 5:01:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe. Reference error message: Error Message is unavailable .
11/2/2012 11:42:58 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121101.002\IDSxpx86.dll. Reference error message: The operation completed successfully. .
.
==== End Of File ===========================


Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 08 November 2012 - 04:19 PM

Hello crunchyblack1


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 crunchyblack1

crunchyblack1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 November 2012 - 08:34 PM

# AdwCleaner v2.007 - Logfile created 11/08/2012 at 17:17:00
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : The Junks - LENNIE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\The Junks\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\The Junks\Application Data\Mozilla\Firefox\Profiles\ok95auwn.default\extensions\toolbar-tbplatform@alexa.com.xpi
File Deleted : C:\Documents and Settings\The Junks\Application Data\Mozilla\Firefox\Profiles\ok95auwn.default\searchplugins\bProtect.xml

***** [Registry] *****

Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Leonard Totten\Application Data\Mozilla\Firefox\Profiles\hzwird9e.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\The Junks\Application Data\Mozilla\Firefox\Profiles\ok95auwn.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18675 octets] - [19/09/2012 19:35:29]
AdwCleaner[R2].txt - [18736 octets] - [20/09/2012 13:15:09]
AdwCleaner[R3].txt - [2256 octets] - [08/11/2012 17:13:27]
AdwCleaner[R4].txt - [2316 octets] - [08/11/2012 17:14:04]
AdwCleaner[S1].txt - [19585 octets] - [20/09/2012 13:15:51]
AdwCleaner[S2].txt - [2114 octets] - [08/11/2012 17:17:00]

########## EOF - C:\AdwCleaner[S2].txt - [2174 octets] ##########


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : The Junks [Admin rights]
Mode : Remove -- Date : 11/08/2012 17:27:00

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] hyperdesktop.exe -- C:\Documents and Settings\The Junks\Application Data\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Documents and Settings\The Junks\Application Data\Hyperdesktop\hyperdesktop.exe) -> DELETED
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-301282423-1725907993-349042747-1005UA.job : C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> DELETED
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-301282423-1725907993-349042747-1005Core.job : C:\Documents and Settings\The Junks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:80) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x89855CC0)
SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x89855EF0)
SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8982F938)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E0F71 -> HOOKED (Unknown @ 0x89732750)
SSDT[31] : NtConnectPort @ 0x80590E5B -> HOOKED (Unknown @ 0x898D0600)
SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x89855A10)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFACA -> HOOKED (Unknown @ 0x89732570)
SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x89730BD8)
SSDT[57] : NtDebugActiveProcess @ 0x80663261 -> HOOKED (Unknown @ 0x89732830)
SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0x89E65EF0)
SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8984FED0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x89855B00)
SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x89855BE0)
SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (Unknown @ 0x89DF4180)
SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x8984FDD0)
SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x89855930)
SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0x89E65AF0)
SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x898E9410)
SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (Unknown @ 0x89732A58)
SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0x89E65F58)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F573 -> HOOKED (Unknown @ 0x89732660)
SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x89855FD0)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x898916C8)
SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8984FC38)
SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (Unknown @ 0x89732910)
SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x89732B18)
SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8984F9D0)
SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8985CBF0)
SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8984FAB0)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x89895650)
SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x8984FFC0)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8980A210)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8912F3F8)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x890C97A0)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89887238)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8987D260)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x890C9540)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89732528)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8982B668)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8972E4B0)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x890CD9F8)
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xB9DBCCA0)
_INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0xB9DBCD40)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xB9DBCC00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y200P0 +++++
--- User ---
[MBR] 8084429f3834adbf71a354a88c228e93
[BSP] db3ae55a39bf096cbc7b99ef44bdd320 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12594960 | Size: 15366 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 44066295 | Size: 172957 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11082012_02d1727.txt >>
RKreport[1]_S_11082012_02d1725.txt ; RKreport[2]_D_11082012_02d1727.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 08 November 2012 - 08:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 crunchyblack1

crunchyblack1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 09 November 2012 - 02:56 AM

ComboFix 12-11-09.01 - The Junks 11/08/2012 23:46:22.19.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1305 [GMT -8:00]
Running from: c:\documents and settings\The Junks\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\sqlite3.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-05 10:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-10-19 23:53 . 2012-10-19 23:53 -------- d-----w- c:\documents and settings\The Junks\Application Data\DDMSettings
2012-10-18 10:05 . 2012-10-18 10:06 -------- dc-h--w- c:\windows\ie8
2012-10-17 20:41 . 2011-04-30 03:01 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 02:54 . 2011-06-14 07:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 08:41 . 2012-09-24 08:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-24 08:41 . 2012-09-24 08:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-24 08:41 . 2012-06-09 08:08 821736 -c--a-w- c:\windows\system32\npDeployJava1.dll
2012-09-24 08:41 . 2011-08-04 00:43 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2003-10-28 20:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-10-28 20:42 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-10-28 20:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2011-06-14 02:24 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2003-10-28 20:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 07:57 . 2012-08-24 07:57 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-21 13:33 . 2002-08-29 01:04 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2003-07-30 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 12:42 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 -csh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:42 57344 -csh--w- c:\windows\system32\msvcirt.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:42 11776 -csh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- d:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Aimersoft Helper Compact.exe"="c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\The Junks\Start Menu\Programs\Startup\
Rainmeter.lnk - d:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OpenVPN Client.lnk - d:\program files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe [2010-8-12 19968]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuNetworkPlaces"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 17:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 13:09 446392 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2003-08-25 17:49 53248 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
2001-09-19 17:18 45056 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2008-04-14 12:42 50176 -c--a-w- c:\windows\eHome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIDDesktop]
2011-07-05 17:24 395528 -c--a-w- c:\program files\SFT\GuardedID\GIDD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-10-25 14:55 196608 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2006-01-13 06:46 311296 -c--a-w- c:\windows\system32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 02:54 766536 ----a-w- d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-08-19 02:56 4841472 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-08-19 02:56 323584 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 02:38 64512 -c--a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-08-27 19:16 434960 ----a-w- d:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
2003-05-16 03:36 446464 -c--a-w- c:\program files\ScreenPrint32 v3\ScreenPrint32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sHotKey]
2003-08-22 17:22 45056 -c--a-w- c:\program files\Sony\sHotKey\SHOTKEY.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-19 23:57 1242448 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 -c--a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-03-17 19:52 1056768 -c--a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2003-06-24 00:32 1409024 -c--a-w- c:\program files\support.com\client\bin\tgcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"d:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\The Junks\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [10/28/2003 12:42 PM 4736]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 12:30 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 12:30 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys [11/5/2012 9:45 AM 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [8/21/2011 4:15 PM 25232]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 12:30 PM 136312]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 10:54 AM 116608]
R2 akl_svc";PrivacyKeyboard Service;d:\program files\PrivacyKeyboard\akl_svc.exe [11/4/2011 11:59 AM 66768]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 12:30 PM 130008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [9/14/2011 9:40 AM 18864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2012 7:57 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121108.001\IDSXpx86.sys [11/8/2012 3:56 PM 373728]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 2:06 AM 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 11:48 PM 22856]
S0 cecp;cecp;c:\windows\system32\drivers\gukn.sys --> c:\windows\system32\drivers\gukn.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2/2/2012 12:23 AM 238952]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/5/2010 2:37 AM 676936]
S2 OpenVPNAccessClient;OpenVPN Access Client;d:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [8/12/2010 4:45 PM 24064]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/2/2012 11:13 AM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:14 PM 160944]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 1:23 PM 35088]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys --> c:\windows\system32\DRIVERS\pctNdis.sys [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/2/2012 12:25 AM 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/2/2012 12:25 AM 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/2/2012 12:25 AM 123648]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/3/2010 3:25 PM 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/12/2012 12:29 PM 25088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 17:26 435976 -c--a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-08 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- d:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-11-27 19:03]
.
2012-11-01 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- d:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-11-27 19:03]
.
2011-06-14 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-10-28 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\The Junks\Application Data\Mozilla\Firefox\Profiles\ok95auwn.default\
FF - ExtSQL: !HIDDEN! 2011-08-06 14:41; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe
MSConfigStartUp-UnlockerAssistant - d:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-08 23:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1fab6ff5-f54d-4008-9464-006a9e13b955}]
@Denied: (Full) (Everyone)
"Model"=dword:00000097
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):60,c1,48,ee,e0,54,f8,83,87,91,63,21,d9,e5,23,86,95,3e,2b,3d,89,
82,be,02,e3,c7,50,38,75,2e,58,58,d9,1b,59,10,fd,e5,5d,73,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
.
Completion time: 2012-11-08 23:54:29
ComboFix-quarantined-files.txt 2012-11-09 07:54
.
Pre-Run: 1,428,426,752 bytes free
Post-Run: 1,389,731,840 bytes free
.
- - End Of File - - E047B41A268C485AF9638E7CCBD1A16B

#8 crunchyblack1

crunchyblack1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 09 November 2012 - 02:57 AM

I can't really tell a difference as right as I first posted on this thread I compressed my old files in C drive which stopped the random freezing.

Thing is before this I noticed my mouse moves by itself at times so that's not good.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 09 November 2012 - 03:24 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 crunchyblack1

crunchyblack1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 09 November 2012 - 01:04 PM

00:30:09.0781 2680 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:30:11.0406 2680 ============================================================
00:30:11.0406 2680 Current date / time: 2012/11/09 00:30:11.0406
00:30:11.0406 2680 SystemInfo:
00:30:11.0406 2680
00:30:11.0406 2680 OS Version: 5.1.2600 ServicePack: 3.0
00:30:11.0406 2680 Product type: Workstation
00:30:11.0406 2680 ComputerName: LENNIE
00:30:11.0406 2680 UserName: The Junks
00:30:11.0406 2680 Windows directory: C:\WINDOWS
00:30:11.0406 2680 System windows directory: C:\WINDOWS
00:30:11.0406 2680 Processor architecture: Intel x86
00:30:11.0406 2680 Number of processors: 2
00:30:11.0406 2680 Page size: 0x1000
00:30:11.0406 2680 Boot type: Normal boot
00:30:11.0406 2680 ============================================================
00:30:16.0109 2680 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:30:16.0250 2680 ============================================================
00:30:16.0250 2680 \Device\Harddisk0\DR0:
00:30:16.0265 2680 MBR partitions:
00:30:16.0265 2680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC02ED1
00:30:16.0265 2680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x1E036E7
00:30:16.0281 2680 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2A06636, BlocksNum 0x151CECA2
00:30:16.0281 2680 ============================================================
00:30:16.0390 2680 C: <-> \Device\Harddisk0\DR0\Partition2
00:30:16.0468 2680 D: <-> \Device\Harddisk0\DR0\Partition3
00:30:16.0484 2680 G: <-> \Device\Harddisk0\DR0\Partition1
00:30:16.0484 2680 ============================================================
00:30:16.0484 2680 Initialize success
00:30:16.0484 2680 ============================================================
00:31:46.0281 3428 ============================================================
00:31:46.0281 3428 Scan started
00:31:46.0281 3428 Mode: Manual;
00:31:46.0281 3428 ============================================================
00:31:47.0187 3428 ================ Scan system memory ========================
00:31:47.0187 3428 System memory - ok
00:31:47.0187 3428 ================ Scan services =============================
00:31:47.0250 3428 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:31:47.0281 3428 !SASCORE - ok
00:31:47.0484 3428 Abiosdsk - ok
00:31:47.0500 3428 abp480n5 - ok
00:31:47.0546 3428 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:31:47.0546 3428 ACPI - ok
00:31:47.0593 3428 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:31:47.0609 3428 ACPIEC - ok
00:31:47.0625 3428 adpu160m - ok
00:31:47.0671 3428 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:31:47.0671 3428 aec - ok
00:31:47.0718 3428 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:31:47.0734 3428 AFD - ok
00:31:47.0781 3428 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:31:47.0796 3428 agp440 - ok
00:31:47.0812 3428 Aha154x - ok
00:31:47.0843 3428 aic78u2 - ok
00:31:47.0890 3428 aic78xx - ok
00:31:47.0968 3428 [ 9B80DAA8C20112BF8A7827BC797BDC2A ] akl_svc" D:\Program Files\PrivacyKeyboard\akl_svc.exe
00:31:48.0000 3428 akl_svc" - ok
00:31:48.0046 3428 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:31:48.0062 3428 Alerter - ok
00:31:48.0093 3428 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:31:48.0093 3428 ALG - ok
00:31:48.0109 3428 AliIde - ok
00:31:48.0156 3428 amsint - ok
00:31:48.0203 3428 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:31:48.0218 3428 AppMgmt - ok
00:31:48.0250 3428 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:31:48.0250 3428 Arp1394 - ok
00:31:48.0281 3428 asc - ok
00:31:48.0312 3428 asc3350p - ok
00:31:48.0343 3428 asc3550 - ok
00:31:48.0484 3428 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:31:48.0484 3428 aspnet_state - ok
00:31:48.0515 3428 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:31:48.0515 3428 AsyncMac - ok
00:31:48.0546 3428 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:31:48.0562 3428 atapi - ok
00:31:48.0578 3428 Atdisk - ok
00:31:48.0640 3428 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:31:48.0656 3428 Atmarpc - ok
00:31:48.0687 3428 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:31:48.0687 3428 AudioSrv - ok
00:31:48.0734 3428 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:31:48.0734 3428 audstub - ok
00:31:48.0796 3428 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:31:48.0812 3428 Beep - ok
00:31:48.0968 3428 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
00:31:48.0984 3428 BHDrvx86 - ok
00:31:49.0015 3428 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
00:31:49.0031 3428 BITS - ok
00:31:49.0062 3428 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
00:31:49.0078 3428 Browser - ok
00:31:49.0109 3428 catchme - ok
00:31:49.0156 3428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:31:49.0171 3428 cbidf2k - ok
00:31:49.0218 3428 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:31:49.0218 3428 CCDECODE - ok
00:31:49.0250 3428 cd20xrnt - ok
00:31:49.0296 3428 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:31:49.0312 3428 Cdaudio - ok
00:31:49.0343 3428 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:31:49.0343 3428 Cdfs - ok
00:31:49.0375 3428 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:31:49.0375 3428 Cdrom - ok
00:31:49.0390 3428 cecp - ok
00:31:49.0421 3428 Changer - ok
00:31:49.0484 3428 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:31:49.0500 3428 CiSvc - ok
00:31:49.0531 3428 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:31:49.0546 3428 ClipSrv - ok
00:31:49.0625 3428 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:31:49.0640 3428 clr_optimization_v2.0.50727_32 - ok
00:31:49.0687 3428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:31:49.0703 3428 clr_optimization_v4.0.30319_32 - ok
00:31:49.0718 3428 CmdIde - ok
00:31:49.0750 3428 COMSysApp - ok
00:31:49.0812 3428 Cpqarray - ok
00:31:49.0875 3428 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:31:49.0875 3428 CryptSvc - ok
00:31:49.0937 3428 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
00:31:49.0937 3428 ctsfm2k - ok
00:31:49.0953 3428 dac2w2k - ok
00:31:49.0984 3428 dac960nt - ok
00:31:50.0062 3428 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:31:50.0062 3428 DcomLaunch - ok
00:31:50.0109 3428 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:31:50.0109 3428 Dhcp - ok
00:31:50.0156 3428 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:31:50.0156 3428 Disk - ok
00:31:50.0171 3428 dmadmin - ok
00:31:50.0218 3428 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:31:50.0234 3428 dmboot - ok
00:31:50.0281 3428 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys
00:31:50.0281 3428 DMICall - ok
00:31:50.0312 3428 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:31:50.0328 3428 dmio - ok
00:31:50.0343 3428 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:31:50.0359 3428 dmload - ok
00:31:50.0390 3428 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:31:50.0406 3428 dmserver - ok
00:31:50.0421 3428 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:31:50.0437 3428 DMusic - ok
00:31:50.0468 3428 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:31:50.0468 3428 Dnscache - ok
00:31:50.0531 3428 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:31:50.0562 3428 Dot3svc - ok
00:31:50.0609 3428 [ 577DC4C5F7102BA9957F302942EB2DA4 ] Dot4 HPH09 C:\WINDOWS\system32\DRIVERS\hphid409.sys
00:31:50.0609 3428 Dot4 HPH09 - ok
00:31:50.0640 3428 [ D559E03B3168BC00011DD2B6F443AC71 ] Dot4Print HPH09 C:\WINDOWS\system32\DRIVERS\hphipr09.sys
00:31:50.0656 3428 Dot4Print HPH09 - ok
00:31:50.0687 3428 [ 7E90E0199786C4BDA3CF675B93544939 ] Dot4Storage HPH09 C:\WINDOWS\system32\Drivers\hphs2k09.sys
00:31:50.0703 3428 Dot4Storage HPH09 - ok
00:31:50.0734 3428 [ AFCAA5B28BD1A3F9645E7EBEE217C365 ] Dot4Usb HPH09 C:\WINDOWS\system32\drivers\hphius09.sys
00:31:50.0750 3428 Dot4Usb HPH09 - ok
00:31:50.0765 3428 dpti2o - ok
00:31:50.0812 3428 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:31:50.0828 3428 drmkaud - ok
00:31:50.0906 3428 [ 2476936F4994E9084CCFE75ED4F6226A ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
00:31:50.0906 3428 E1000 - ok
00:31:50.0968 3428 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:31:50.0968 3428 EapHost - ok
00:31:51.0062 3428 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:31:51.0078 3428 eeCtrl - ok
00:31:51.0171 3428 [ F6D494D609D52A0E9596756C5540A978 ] ehSched C:\WINDOWS\ehome\ehSched.exe
00:31:51.0171 3428 ehSched - ok
00:31:51.0234 3428 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:31:51.0250 3428 EraserUtilRebootDrv - ok
00:31:51.0281 3428 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:31:51.0328 3428 ERSvc - ok
00:31:51.0390 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:31:51.0390 3428 Eventlog - ok
00:31:51.0437 3428 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
00:31:51.0453 3428 EventSystem - ok
00:31:51.0500 3428 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:31:51.0500 3428 Fastfat - ok
00:31:51.0609 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:31:51.0640 3428 FastUserSwitchingCompatibility - ok
00:31:51.0718 3428 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:31:52.0312 3428 Fdc - ok
00:31:52.0500 3428 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:31:52.0687 3428 Fips - ok
00:31:52.0734 3428 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:31:52.0890 3428 Flpydisk - ok
00:31:52.0968 3428 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:31:53.0406 3428 FltMgr - ok
00:31:53.0468 3428 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
00:31:53.0546 3428 FolderSize - ok
00:31:53.0656 3428 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:31:53.0656 3428 FontCache3.0.0.0 - ok
00:31:53.0671 3428 FsUsbExDisk - ok
00:31:53.0718 3428 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
00:31:53.0781 3428 FsUsbExService - ok
00:31:53.0796 3428 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:31:53.0812 3428 Fs_Rec - ok
00:31:53.0843 3428 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:31:53.0843 3428 Ftdisk - ok
00:31:53.0890 3428 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:31:53.0906 3428 gameenum - ok
00:31:53.0968 3428 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:31:54.0093 3428 GEARAspiWDM - ok
00:31:54.0125 3428 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\WINDOWS\system32\drivers\GIDv2.sys
00:31:54.0171 3428 GIDv2 - ok
00:31:54.0203 3428 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:31:54.0218 3428 Gpc - ok
00:31:54.0265 3428 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:31:54.0281 3428 helpsvc - ok
00:31:54.0296 3428 [ BB1A6FB7D35A91E599973FA74A619056 ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys
00:31:54.0437 3428 HidIr - ok
00:31:54.0515 3428 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:31:54.0531 3428 HidServ - ok
00:31:54.0578 3428 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:31:54.0656 3428 HidUsb - ok
00:31:54.0687 3428 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:31:54.0718 3428 hkmsvc - ok
00:31:54.0734 3428 hpn - ok
00:31:54.0875 3428 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:31:54.0968 3428 hpqcxs08 - ok
00:31:55.0000 3428 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:31:55.0015 3428 hpqddsvc - ok
00:31:55.0140 3428 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
00:31:55.0203 3428 HPSLPSVC - ok
00:31:55.0218 3428 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:31:55.0250 3428 HPZid412 - ok
00:31:55.0281 3428 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:31:55.0312 3428 HPZipr12 - ok
00:31:55.0328 3428 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:31:55.0343 3428 HPZius12 - ok
00:31:55.0375 3428 [ 68329F53EBFD34ABF268C42D98C830F3 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
00:31:55.0390 3428 HSFHWICH - ok
00:31:55.0437 3428 [ 7BBC0D5900A1FC9F69FA0950A149A1C6 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
00:31:55.0500 3428 HSF_DP - ok
00:31:55.0546 3428 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:31:55.0546 3428 HTTP - ok
00:31:55.0578 3428 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:31:55.0593 3428 HTTPFilter - ok
00:31:55.0593 3428 i2omgmt - ok
00:31:55.0625 3428 i2omp - ok
00:31:55.0734 3428 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:31:55.0734 3428 i8042prt - ok
00:31:55.0750 3428 IDMTDI - ok
00:31:55.0937 3428 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:31:56.0062 3428 idsvc - ok
00:31:56.0140 3428 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121108.001\IDSxpx86.sys
00:31:56.0203 3428 IDSxpx86 - ok
00:31:56.0234 3428 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:31:56.0250 3428 Imapi - ok
00:31:56.0281 3428 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:31:56.0296 3428 ImapiService - ok
00:31:56.0312 3428 ini910u - ok
00:31:56.0328 3428 IntelIde - ok
00:31:56.0375 3428 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:31:56.0375 3428 intelppm - ok
00:31:56.0390 3428 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:31:56.0406 3428 ip6fw - ok
00:31:56.0421 3428 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:31:56.0437 3428 IpFilterDriver - ok
00:31:56.0453 3428 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:31:56.0468 3428 IpInIp - ok
00:31:56.0484 3428 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:31:56.0500 3428 IpNat - ok
00:31:56.0531 3428 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:31:56.0546 3428 IPSec - ok
00:31:56.0578 3428 [ B43B36B382AEA10861F7C7A37F9D4AE2 ] IrBus C:\WINDOWS\system32\DRIVERS\IrBus.sys
00:31:56.0578 3428 IrBus - ok
00:31:56.0609 3428 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:31:56.0609 3428 IRENUM - ok
00:31:56.0640 3428 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:31:56.0656 3428 isapnp - ok
00:31:56.0765 3428 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
00:31:56.0781 3428 JavaQuickStarterService - ok
00:31:56.0796 3428 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:31:56.0796 3428 Kbdclass - ok
00:31:56.0843 3428 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:31:56.0843 3428 kbdhid - ok
00:31:56.0890 3428 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:31:56.0890 3428 kmixer - ok
00:31:56.0984 3428 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:31:57.0015 3428 KSecDD - ok
00:31:57.0046 3428 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:31:57.0062 3428 lanmanserver - ok
00:31:57.0093 3428 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:31:57.0109 3428 lanmanworkstation - ok
00:31:57.0125 3428 lbrtfdc - ok
00:31:57.0187 3428 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:31:57.0234 3428 LmHosts - ok
00:31:57.0265 3428 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
00:31:57.0281 3428 LVPr2Mon - ok
00:31:57.0312 3428 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
00:31:57.0328 3428 LVPrcSrv - ok
00:31:57.0359 3428 [ F7E15F2FE7790733DF86E95A76556389 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
00:31:57.0375 3428 LVUSBSta - ok
00:31:57.0531 3428 [ 92D03DC19EAE9D0A86735705E374FDAD ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
00:31:57.0828 3428 LVUVC - ok
00:31:57.0859 3428 [ C6D085C7045200143528136A43A65FDE ] ManyCam C:\WINDOWS\system32\DRIVERS\ManyCam.sys
00:31:57.0875 3428 ManyCam - ok
00:31:57.0906 3428 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
00:31:57.0921 3428 MBAMProtector - ok
00:31:58.0000 3428 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:31:58.0093 3428 MBAMService - ok
00:31:58.0125 3428 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:31:58.0125 3428 mdmxsdk - ok
00:31:58.0156 3428 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:31:58.0156 3428 Messenger - ok
00:31:58.0187 3428 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:31:58.0203 3428 mnmdd - ok
00:31:58.0234 3428 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
00:31:58.0343 3428 mnmsrvc - ok
00:31:58.0390 3428 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:31:58.0453 3428 Modem - ok
00:31:58.0500 3428 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:31:58.0515 3428 Mouclass - ok
00:31:58.0578 3428 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:31:58.0593 3428 mouhid - ok
00:31:58.0640 3428 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:31:58.0734 3428 MountMgr - ok
00:31:58.0828 3428 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:31:58.0937 3428 MozillaMaintenance - ok
00:31:58.0937 3428 mraid35x - ok
00:31:59.0093 3428 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:31:59.0187 3428 MRxDAV - ok
00:31:59.0234 3428 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:31:59.0281 3428 MRxSmb - ok
00:31:59.0328 3428 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
00:31:59.0406 3428 MSDTC - ok
00:31:59.0437 3428 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:31:59.0453 3428 Msfs - ok
00:31:59.0453 3428 MSIServer - ok
00:31:59.0484 3428 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:31:59.0500 3428 MSKSSRV - ok
00:31:59.0531 3428 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:31:59.0531 3428 MSPCLOCK - ok
00:31:59.0562 3428 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:31:59.0578 3428 MSPQM - ok
00:31:59.0609 3428 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:31:59.0625 3428 mssmbios - ok
00:31:59.0640 3428 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:31:59.0656 3428 MSTEE - ok
00:31:59.0687 3428 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:31:59.0703 3428 Mup - ok
00:31:59.0765 3428 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
00:31:59.0781 3428 N360 - ok
00:31:59.0796 3428 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:31:59.0812 3428 NABTSFEC - ok
00:31:59.0875 3428 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:31:59.0906 3428 napagent - ok
00:31:59.0984 3428 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\NAVENG.SYS
00:32:00.0000 3428 NAVENG - ok
00:32:00.0156 3428 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\NAVEX15.SYS
00:32:00.0203 3428 NAVEX15 - ok
00:32:00.0250 3428 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:32:00.0250 3428 NDIS - ok
00:32:00.0265 3428 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:32:00.0281 3428 NdisIP - ok
00:32:00.0312 3428 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:32:00.0312 3428 NdisTapi - ok
00:32:00.0328 3428 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:32:00.0343 3428 Ndisuio - ok
00:32:00.0359 3428 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:32:00.0406 3428 NdisWan - ok
00:32:00.0437 3428 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:32:00.0468 3428 NDProxy - ok
00:32:00.0500 3428 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:32:00.0515 3428 Net Driver HPZ12 - ok
00:32:00.0531 3428 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:32:00.0828 3428 NetBIOS - ok
00:32:01.0140 3428 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:32:01.0406 3428 NetBT - ok
00:32:01.0796 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:32:01.0843 3428 NetDDE - ok
00:32:01.0890 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:32:01.0890 3428 NetDDEdsdm - ok
00:32:01.0968 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:32:02.0000 3428 Netlogon - ok
00:32:02.0093 3428 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:32:02.0156 3428 Netman - ok
00:32:02.0187 3428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:02.0218 3428 NetTcpPortSharing - ok
00:32:02.0750 3428 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:32:02.0765 3428 NIC1394 - ok
00:32:02.0812 3428 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:32:02.0843 3428 Nla - ok
00:32:03.0328 3428 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\WINDOWS\system32\drivers\npf.sys
00:32:03.0343 3428 npf - ok
00:32:03.0828 3428 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:32:03.0828 3428 Npfs - ok
00:32:03.0875 3428 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:32:03.0906 3428 Ntfs - ok
00:32:03.0906 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
00:32:03.0921 3428 NtLmSsp - ok
00:32:03.0953 3428 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:32:03.0953 3428 NtmsSvc - ok
00:32:03.0984 3428 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:32:03.0984 3428 Null - ok
00:32:04.0062 3428 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:32:04.0125 3428 nv - ok
00:32:04.0171 3428 [ 88A8CFCD2BC3FF1484901CE985782E6E ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
00:32:04.0171 3428 NVSvc - ok
00:32:04.0203 3428 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:32:04.0203 3428 NwlnkFlt - ok
00:32:04.0203 3428 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:32:04.0218 3428 NwlnkFwd - ok
00:32:04.0234 3428 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:32:04.0250 3428 ohci1394 - ok
00:32:04.0296 3428 [ 8C02B0CC65BEE71124A565062BA77B39 ] OpenVPNAccessClient D:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
00:32:04.0359 3428 OpenVPNAccessClient - ok
00:32:04.0421 3428 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService d:\Program Files\OpenVPN\bin\openvpnserv.exe
00:32:04.0453 3428 OpenVPNService - ok
00:32:04.0484 3428 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:32:04.0546 3428 ose - ok
00:32:04.0625 3428 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
00:32:04.0656 3428 ossrv - ok
00:32:04.0843 3428 [ DF886FFED69AEAD0CF608B89B18C3F6F ] P17 C:\WINDOWS\system32\drivers\P17.sys
00:32:04.0859 3428 P17 - ok
00:32:04.0906 3428 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:32:04.0906 3428 Parport - ok
00:32:04.0937 3428 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:32:04.0937 3428 PartMgr - ok
00:32:04.0968 3428 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:32:04.0968 3428 ParVdm - ok
00:32:05.0000 3428 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:32:05.0000 3428 PCI - ok
00:32:05.0015 3428 PCIDump - ok
00:32:05.0046 3428 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:32:05.0046 3428 PCIIde - ok
00:32:05.0062 3428 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:32:05.0078 3428 Pcmcia - ok
00:32:05.0078 3428 pctNdisMP - ok
00:32:05.0093 3428 PDCOMP - ok
00:32:05.0109 3428 PDFRAME - ok
00:32:05.0109 3428 PDRELI - ok
00:32:05.0125 3428 PDRFRAME - ok
00:32:05.0125 3428 perc2 - ok
00:32:05.0140 3428 perc2hib - ok
00:32:05.0171 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:32:05.0187 3428 PlugPlay - ok
00:32:05.0218 3428 [ 7C13A95C456D4B61FBA3E1FD2924A2E8 ] Pml Driver C:\WINDOWS\system32\HPHipm09.exe
00:32:05.0218 3428 Pml Driver - ok
00:32:05.0234 3428 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:32:05.0234 3428 Pml Driver HPZ12 - ok
00:32:05.0250 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:32:05.0265 3428 PolicyAgent - ok
00:32:05.0296 3428 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:32:05.0296 3428 PptpMiniport - ok
00:32:05.0312 3428 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:32:05.0312 3428 Processor - ok
00:32:05.0328 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:32:05.0328 3428 ProtectedStorage - ok
00:32:05.0359 3428 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:32:05.0375 3428 PSched - ok
00:32:05.0390 3428 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:32:05.0390 3428 Ptilink - ok
00:32:05.0406 3428 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
00:32:05.0406 3428 PxHelp20 - ok
00:32:05.0406 3428 ql1080 - ok
00:32:05.0421 3428 Ql10wnt - ok
00:32:05.0437 3428 ql12160 - ok
00:32:05.0437 3428 ql1240 - ok
00:32:05.0453 3428 ql1280 - ok
00:32:05.0484 3428 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:32:05.0500 3428 RasAcd - ok
00:32:05.0531 3428 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:32:05.0531 3428 RasAuto - ok
00:32:05.0562 3428 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:32:05.0562 3428 Rasl2tp - ok
00:32:05.0593 3428 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:32:05.0609 3428 RasMan - ok
00:32:05.0625 3428 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:32:05.0625 3428 RasPppoe - ok
00:32:05.0640 3428 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:32:05.0656 3428 Raspti - ok
00:32:05.0687 3428 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:32:05.0687 3428 Rdbss - ok
00:32:05.0718 3428 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:32:05.0718 3428 RDPCDD - ok
00:32:05.0734 3428 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:32:05.0750 3428 rdpdr - ok
00:32:05.0781 3428 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:32:05.0796 3428 RDPWD - ok
00:32:05.0828 3428 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:32:05.0859 3428 RDSessMgr - ok
00:32:05.0890 3428 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:32:05.0890 3428 redbook - ok
00:32:05.0921 3428 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:32:05.0921 3428 RemoteAccess - ok
00:32:05.0953 3428 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:32:05.0953 3428 RemoteRegistry - ok
00:32:05.0968 3428 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
00:32:05.0984 3428 RpcLocator - ok
00:32:06.0015 3428 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
00:32:06.0015 3428 RpcSs - ok
00:32:06.0046 3428 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
00:32:06.0062 3428 RSVP - ok
00:32:06.0093 3428 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:32:06.0093 3428 rtl8139 - ok
00:32:06.0125 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:32:06.0125 3428 SamSs - ok
00:32:06.0156 3428 [ 39763504067962108505BFF25F024345 ] SASDIFSV D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:32:06.0171 3428 SASDIFSV - ok
00:32:06.0203 3428 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:32:06.0218 3428 SASKUTIL - ok
00:32:06.0250 3428 [ A4AAC62E6C1A5A56AE41B6C0570AB68B ] SbieDrv d:\Program Files\Sandboxie\SbieDrv.sys
00:32:06.0296 3428 SbieDrv - ok
00:32:06.0312 3428 [ 9581517EF4B3E6F84B6CFD503A0178C4 ] SbieSvc d:\Program Files\Sandboxie\SbieSvc.exe
00:32:06.0375 3428 SbieSvc - ok
00:32:06.0390 3428 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:32:06.0390 3428 SCardSvr - ok
00:32:06.0421 3428 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
00:32:06.0437 3428 SCDEmu - ok
00:32:06.0468 3428 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:32:06.0484 3428 Schedule - ok
00:32:06.0500 3428 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:32:06.0500 3428 Secdrv - ok
00:32:06.0531 3428 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:32:06.0531 3428 seclogon - ok
00:32:06.0562 3428 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:32:06.0562 3428 SENS - ok
00:32:06.0593 3428 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
00:32:06.0593 3428 Serial - ok
00:32:06.0640 3428 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:32:06.0640 3428 Sfloppy - ok
00:32:06.0671 3428 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:32:06.0687 3428 SharedAccess - ok
00:32:06.0703 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:32:06.0718 3428 ShellHWDetection - ok
00:32:06.0718 3428 Simbad - ok
00:32:06.0921 3428 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:32:07.0000 3428 Skype C2C Service - ok
00:32:07.0046 3428 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:32:07.0062 3428 SkypeUpdate - ok
00:32:07.0062 3428 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:32:07.0078 3428 SLIP - ok
00:32:07.0109 3428 [ 27D6BE8E961AB9DF26EC5CE823B68B7F ] smrt C:\WINDOWS\system32\DRIVERS\smrt.sys
00:32:07.0140 3428 smrt - ok
00:32:07.0187 3428 [ 89CB81394D58F450BDDBF4AE3483CA72 ] SonicStageMonitoring C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
00:32:07.0218 3428 SonicStageMonitoring - ok
00:32:07.0281 3428 [ CD1BEA0CB0E96B828D225B106CBFB968 ] Sony TV Tuner Controller C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
00:32:07.0312 3428 Sony TV Tuner Controller - ok
00:32:07.0328 3428 [ AF35291F72F6CF0915765E44F1045305 ] Sony TV Tuner Manager C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
00:32:07.0328 3428 Sony TV Tuner Manager - ok
00:32:07.0343 3428 [ EFAAEED11AAF285435A0DCFE15047983 ] Sony TVTA Manager C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
00:32:07.0343 3428 Sony TVTA Manager - ok
00:32:07.0390 3428 [ ED9A10456E25DE7A3350F896B962F60A ] SonyLSM C:\WINDOWS\system32\Drivers\SonyLSM.sys
00:32:07.0406 3428 SonyLSM - ok
00:32:07.0437 3428 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
00:32:07.0437 3428 SONYPVU1 - ok
00:32:07.0437 3428 Sparrow - ok
00:32:07.0468 3428 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:32:07.0468 3428 splitter - ok
00:32:07.0500 3428 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:32:07.0500 3428 Spooler - ok
00:32:07.0562 3428 [ FB3E6325A5B3B63CDABB7C0BF4125B2C ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
00:32:07.0593 3428 SPTISRV - ok
00:32:07.0625 3428 [ 03D7AD16AC204C48640CBE6ED8281A65 ] spupdsvc C:\WINDOWS\system32\spupdsvc.exe
00:32:07.0640 3428 spupdsvc - ok
00:32:07.0687 3428 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:32:07.0687 3428 sr - ok
00:32:07.0734 3428 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:32:07.0734 3428 srservice - ok
00:32:07.0812 3428 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
00:32:07.0828 3428 SRTSP - ok
00:32:07.0859 3428 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
00:32:07.0859 3428 SRTSPX - ok
00:32:07.0890 3428 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:32:07.0921 3428 Srv - ok
00:32:07.0937 3428 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
00:32:07.0937 3428 sscebus - ok
00:32:07.0953 3428 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
00:32:07.0968 3428 sscemdfl - ok
00:32:07.0984 3428 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
00:32:08.0000 3428 sscemdm - ok
00:32:08.0062 3428 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:32:08.0062 3428 SSDPSRV - ok
00:32:08.0078 3428 Steam Client Service - ok
00:32:08.0109 3428 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:32:08.0125 3428 stisvc - ok
00:32:08.0140 3428 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:32:08.0140 3428 streamip - ok
00:32:08.0171 3428 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:32:08.0171 3428 swenum - ok
00:32:08.0234 3428 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:32:08.0265 3428 SwitchBoard - ok
00:32:08.0281 3428 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:32:08.0281 3428 swmidi - ok
00:32:08.0296 3428 SwPrv - ok
00:32:08.0312 3428 symc810 - ok
00:32:08.0328 3428 symc8xx - ok
00:32:08.0359 3428 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
00:32:08.0406 3428 SymDS - ok
00:32:08.0437 3428 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
00:32:08.0453 3428 SymEFA - ok
00:32:08.0484 3428 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:32:08.0500 3428 SymEvent - ok
00:32:08.0531 3428 [ 94A2459242A6DD0DAF3BAA99E96784FF ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
00:32:08.0531 3428 SymIM - ok
00:32:08.0531 3428 [ 94A2459242A6DD0DAF3BAA99E96784FF ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
00:32:08.0531 3428 SymIMMP - ok
00:32:08.0562 3428 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
00:32:08.0562 3428 SymIRON - ok
00:32:08.0578 3428 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
00:32:08.0609 3428 SYMTDI - ok
00:32:08.0625 3428 sym_hi - ok
00:32:08.0625 3428 sym_u3 - ok
00:32:08.0640 3428 SynasUSB - ok
00:32:08.0656 3428 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:32:08.0656 3428 sysaudio - ok
00:32:08.0687 3428 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:32:08.0703 3428 SysmonLog - ok
00:32:08.0718 3428 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
00:32:08.0734 3428 tap0901 - ok
00:32:08.0765 3428 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:32:08.0781 3428 TapiSrv - ok
00:32:08.0796 3428 [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas C:\WINDOWS\system32\DRIVERS\tapoas.sys
00:32:08.0812 3428 tapoas - ok
00:32:08.0843 3428 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:32:08.0859 3428 Tcpip - ok
00:32:08.0890 3428 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:32:08.0890 3428 TDPIPE - ok
00:32:08.0906 3428 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:32:08.0906 3428 TDTCP - ok
00:32:08.0921 3428 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
00:32:08.0937 3428 teamviewervpn - ok
00:32:08.0953 3428 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:32:08.0953 3428 TermDD - ok
00:32:08.0984 3428 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:32:08.0984 3428 TermService - ok
00:32:09.0000 3428 TfFsMon - ok
00:32:09.0000 3428 TfNetMon - ok
00:32:09.0015 3428 TFSysMon - ok
00:32:09.0031 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:32:09.0031 3428 Themes - ok
00:32:09.0078 3428 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
00:32:09.0093 3428 TlntSvr - ok
00:32:09.0093 3428 TMPassthruMP - ok
00:32:09.0109 3428 TosIde - ok
00:32:09.0156 3428 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:32:09.0156 3428 TrkWks - ok
00:32:09.0187 3428 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:32:09.0187 3428 Udfs - ok
00:32:09.0187 3428 ultra - ok
00:32:09.0234 3428 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
00:32:09.0234 3428 UMWdf - ok
00:32:09.0250 3428 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:32:09.0281 3428 Update - ok
00:32:09.0312 3428 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:32:09.0312 3428 upnphost - ok
00:32:09.0328 3428 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:32:09.0328 3428 UPS - ok
00:32:09.0359 3428 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:32:09.0375 3428 usbccgp - ok
00:32:09.0390 3428 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:32:09.0390 3428 usbehci - ok
00:32:09.0421 3428 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:32:09.0421 3428 usbhub - ok
00:32:09.0453 3428 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:32:09.0453 3428 usbprint - ok
00:32:09.0468 3428 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:32:09.0484 3428 usbscan - ok
00:32:09.0500 3428 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:32:09.0500 3428 USBSTOR - ok
00:32:09.0531 3428 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:32:09.0531 3428 usbuhci - ok
00:32:09.0546 3428 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:32:09.0546 3428 usb_rndisx - ok
00:32:09.0609 3428 [ 5A173C23810AC6935227C617893A63AA ] VAIOMediaPlatform-MusicServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
00:32:09.0671 3428 VAIOMediaPlatform-MusicServer-AppServer - ok
00:32:09.0703 3428 [ 6341C4E00A6F2474E59D1331B3CE9C0D ] VAIOMediaPlatform-MusicServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
00:32:09.0734 3428 VAIOMediaPlatform-MusicServer-HTTP - ok
00:32:09.0765 3428 [ F27789E13CA6A94D1420572D9E1A8344 ] VAIOMediaPlatform-MusicServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
00:32:09.0812 3428 VAIOMediaPlatform-MusicServer-UPnP - ok
00:32:09.0843 3428 [ 48036BCFB49346F33389AD9FB035522F ] VAIOMediaPlatform-PhotoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
00:32:09.0921 3428 VAIOMediaPlatform-PhotoServer-AppServer - ok
00:32:09.0921 3428 [ 6341C4E00A6F2474E59D1331B3CE9C0D ] VAIOMediaPlatform-PhotoServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
00:32:09.0921 3428 VAIOMediaPlatform-PhotoServer-HTTP - ok
00:32:09.0953 3428 [ F27789E13CA6A94D1420572D9E1A8344 ] VAIOMediaPlatform-PhotoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
00:32:09.0953 3428 VAIOMediaPlatform-PhotoServer-UPnP - ok
00:32:10.0015 3428 [ 095265E6F1C668709A4944F8DAB7EAA9 ] VAIOMediaPlatform-VideoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
00:32:10.0093 3428 VAIOMediaPlatform-VideoServer-AppServer - ok
00:32:10.0093 3428 [ 6341C4E00A6F2474E59D1331B3CE9C0D ] VAIOMediaPlatform-VideoServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
00:32:10.0093 3428 VAIOMediaPlatform-VideoServer-HTTP - ok
00:32:10.0125 3428 [ F27789E13CA6A94D1420572D9E1A8344 ] VAIOMediaPlatform-VideoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
00:32:10.0125 3428 VAIOMediaPlatform-VideoServer-UPnP - ok
00:32:10.0156 3428 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:32:10.0156 3428 VgaSave - ok
00:32:10.0156 3428 ViaIde - ok
00:32:10.0187 3428 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:32:10.0187 3428 VolSnap - ok
00:32:10.0218 3428 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:32:10.0218 3428 VSS - ok
00:32:10.0250 3428 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:32:10.0265 3428 W32Time - ok
00:32:10.0281 3428 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:32:10.0296 3428 Wanarp - ok
00:32:10.0296 3428 WDICA - ok
00:32:10.0328 3428 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:32:10.0343 3428 wdmaud - ok
00:32:10.0390 3428 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:32:10.0390 3428 WebClient - ok
00:32:10.0453 3428 [ E010C2588ED1C0AD0E8188EC0F46CED6 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:32:10.0468 3428 winachsf - ok
00:32:10.0531 3428 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:32:10.0531 3428 winmgmt - ok
00:32:10.0578 3428 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:32:10.0593 3428 WmdmPmSN - ok
00:32:10.0625 3428 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:32:10.0656 3428 Wmi - ok
00:32:10.0671 3428 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:32:10.0687 3428 WmiApSrv - ok
00:32:10.0703 3428 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
00:32:10.0718 3428 WpdUsb - ok
00:32:10.0765 3428 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:32:10.0812 3428 WPFFontCache_v0400 - ok
00:32:10.0843 3428 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:32:10.0859 3428 WS2IFSL - ok
00:32:10.0921 3428 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:32:10.0921 3428 wscsvc - ok
00:32:10.0921 3428 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:32:10.0937 3428 WSTCODEC - ok
00:32:10.0953 3428 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:32:10.0968 3428 wuauserv - ok
00:32:11.0000 3428 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:32:11.0015 3428 WZCSVC - ok
00:32:11.0046 3428 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:32:11.0062 3428 xmlprov - ok
00:32:11.0109 3428 ================ Scan global ===============================
00:32:11.0125 3428 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:32:11.0156 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:32:11.0171 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:32:11.0187 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:32:11.0187 3428 [Global] - ok
00:32:11.0187 3428 ================ Scan MBR ==================================
00:32:11.0203 3428 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:32:11.0343 3428 \Device\Harddisk0\DR0 - ok
00:32:11.0343 3428 ================ Scan VBR ==================================
00:32:11.0359 3428 [ C0FE20D114CB07D343022C1B28312099 ] \Device\Harddisk0\DR0\Partition1
00:32:11.0359 3428 \Device\Harddisk0\DR0\Partition1 - ok
00:32:11.0375 3428 [ F1444DB58CA0E158D5DAEF1C462C7BA3 ] \Device\Harddisk0\DR0\Partition2
00:32:11.0375 3428 \Device\Harddisk0\DR0\Partition2 - ok
00:32:11.0390 3428 [ 49E8C76A61414CB061907B761185B448 ] \Device\Harddisk0\DR0\Partition3
00:32:11.0390 3428 \Device\Harddisk0\DR0\Partition3 - ok
00:32:11.0390 3428 ============================================================
00:32:11.0390 3428 Scan finished
00:32:11.0390 3428 ============================================================
00:32:11.0406 3760 Detected object count: 0
00:32:11.0406 3760 Actual detected object count: 0
00:32:37.0656 2856 ============================================================
00:32:37.0656 2856 Scan started
00:32:37.0656 2856 Mode: Manual;
00:32:37.0656 2856 ============================================================
00:32:38.0062 2856 ================ Scan system memory ========================
00:32:38.0062 2856 System memory - ok
00:32:38.0062 2856 ================ Scan services =============================
00:32:38.0125 2856 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:32:38.0140 2856 !SASCORE - ok
00:32:38.0312 2856 Abiosdsk - ok
00:32:38.0343 2856 abp480n5 - ok
00:32:38.0390 2856 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:32:38.0406 2856 ACPI - ok
00:32:38.0437 2856 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:32:38.0437 2856 ACPIEC - ok
00:32:38.0468 2856 adpu160m - ok
00:32:38.0515 2856 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:32:38.0515 2856 aec - ok
00:32:38.0546 2856 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:32:38.0562 2856 AFD - ok
00:32:38.0578 2856 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:32:38.0593 2856 agp440 - ok
00:32:38.0609 2856 Aha154x - ok
00:32:38.0640 2856 aic78u2 - ok
00:32:38.0671 2856 aic78xx - ok
00:32:38.0750 2856 [ 9B80DAA8C20112BF8A7827BC797BDC2A ] akl_svc" D:\Program Files\PrivacyKeyboard\akl_svc.exe
00:32:38.0750 2856 akl_svc" - ok
00:32:38.0796 2856 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:32:38.0796 2856 Alerter - ok
00:32:38.0828 2856 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:32:38.0828 2856 ALG - ok
00:32:38.0843 2856 AliIde - ok
00:32:38.0875 2856 amsint - ok
00:32:38.0937 2856 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:32:38.0937 2856 AppMgmt - ok
00:32:38.0968 2856 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:32:38.0984 2856 Arp1394 - ok
00:32:39.0000 2856 asc - ok
00:32:39.0031 2856 asc3350p - ok
00:32:39.0062 2856 asc3550 - ok
00:32:39.0203 2856 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:32:39.0203 2856 aspnet_state - ok
00:32:39.0234 2856 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:32:39.0234 2856 AsyncMac - ok
00:32:39.0265 2856 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:32:39.0265 2856 atapi - ok
00:32:39.0296 2856 Atdisk - ok
00:32:39.0359 2856 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:32:39.0359 2856 Atmarpc - ok
00:32:39.0406 2856 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:32:39.0406 2856 AudioSrv - ok
00:32:39.0453 2856 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:32:39.0453 2856 audstub - ok
00:32:39.0515 2856 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:32:39.0515 2856 Beep - ok
00:32:39.0640 2856 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
00:32:39.0656 2856 BHDrvx86 - ok
00:32:39.0703 2856 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
00:32:39.0718 2856 BITS - ok
00:32:39.0750 2856 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
00:32:39.0750 2856 Browser - ok
00:32:39.0781 2856 catchme - ok
00:32:39.0828 2856 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:32:39.0828 2856 cbidf2k - ok
00:32:39.0875 2856 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:32:39.0875 2856 CCDECODE - ok
00:32:39.0890 2856 cd20xrnt - ok
00:32:39.0953 2856 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:32:39.0953 2856 Cdaudio - ok
00:32:39.0984 2856 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:32:39.0984 2856 Cdfs - ok
00:32:40.0015 2856 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:32:40.0015 2856 Cdrom - ok
00:32:40.0031 2856 cecp - ok
00:32:40.0062 2856 Changer - ok
00:32:40.0109 2856 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:32:40.0109 2856 CiSvc - ok
00:32:40.0140 2856 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:32:40.0140 2856 ClipSrv - ok
00:32:40.0203 2856 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:32:40.0203 2856 clr_optimization_v2.0.50727_32 - ok
00:32:40.0250 2856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:32:40.0250 2856 clr_optimization_v4.0.30319_32 - ok
00:32:40.0265 2856 CmdIde - ok
00:32:40.0296 2856 COMSysApp - ok
00:32:40.0359 2856 Cpqarray - ok
00:32:40.0406 2856 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:32:40.0421 2856 CryptSvc - ok
00:32:40.0468 2856 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
00:32:40.0468 2856 ctsfm2k - ok
00:32:40.0484 2856 dac2w2k - ok
00:32:40.0515 2856 dac960nt - ok
00:32:40.0593 2856 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:32:40.0593 2856 DcomLaunch - ok
00:32:40.0640 2856 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:32:40.0640 2856 Dhcp - ok
00:32:40.0671 2856 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:32:40.0671 2856 Disk - ok
00:32:40.0687 2856 dmadmin - ok
00:32:40.0734 2856 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:32:40.0750 2856 dmboot - ok
00:32:40.0796 2856 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys
00:32:40.0796 2856 DMICall - ok
00:32:40.0828 2856 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:32:40.0843 2856 dmio - ok
00:32:40.0875 2856 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:32:40.0875 2856 dmload - ok
00:32:40.0906 2856 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:32:40.0906 2856 dmserver - ok
00:32:40.0953 2856 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:32:40.0953 2856 DMusic - ok
00:32:41.0000 2856 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:32:41.0000 2856 Dnscache - ok
00:32:41.0031 2856 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:32:41.0031 2856 Dot3svc - ok
00:32:41.0078 2856 [ 577DC4C5F7102BA9957F302942EB2DA4 ] Dot4 HPH09 C:\WINDOWS\system32\DRIVERS\hphid409.sys
00:32:41.0078 2856 Dot4 HPH09 - ok
00:32:41.0109 2856 [ D559E03B3168BC00011DD2B6F443AC71 ] Dot4Print HPH09 C:\WINDOWS\system32\DRIVERS\hphipr09.sys
00:32:41.0109 2856 Dot4Print HPH09 - ok
00:32:41.0156 2856 [ 7E90E0199786C4BDA3CF675B93544939 ] Dot4Storage HPH09 C:\WINDOWS\system32\Drivers\hphs2k09.sys
00:32:41.0156 2856 Dot4Storage HPH09 - ok
00:32:41.0187 2856 [ AFCAA5B28BD1A3F9645E7EBEE217C365 ] Dot4Usb HPH09 C:\WINDOWS\system32\drivers\hphius09.sys
00:32:41.0187 2856 Dot4Usb HPH09 - ok
00:32:41.0218 2856 dpti2o - ok
00:32:41.0250 2856 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:32:41.0250 2856 drmkaud - ok
00:32:41.0296 2856 [ 2476936F4994E9084CCFE75ED4F6226A ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
00:32:41.0296 2856 E1000 - ok
00:32:41.0359 2856 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:32:41.0359 2856 EapHost - ok
00:32:41.0453 2856 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:32:41.0453 2856 eeCtrl - ok
00:32:41.0515 2856 [ F6D494D609D52A0E9596756C5540A978 ] ehSched C:\WINDOWS\ehome\ehSched.exe
00:32:41.0515 2856 ehSched - ok
00:32:41.0562 2856 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:32:41.0562 2856 EraserUtilRebootDrv - ok
00:32:41.0593 2856 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:32:41.0593 2856 ERSvc - ok
00:32:41.0640 2856 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:32:41.0640 2856 Eventlog - ok
00:32:41.0687 2856 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
00:32:41.0687 2856 EventSystem - ok
00:32:41.0734 2856 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:32:41.0734 2856 Fastfat - ok
00:32:41.0781 2856 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:32:41.0781 2856 FastUserSwitchingCompatibility - ok
00:32:41.0812 2856 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:32:41.0812 2856 Fdc - ok
00:32:41.0843 2856 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:32:41.0843 2856 Fips - ok
00:32:41.0890 2856 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:32:41.0906 2856 Flpydisk - ok
00:32:41.0953 2856 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:32:41.0968 2856 FltMgr - ok
00:32:42.0015 2856 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
00:32:42.0015 2856 FolderSize - ok
00:32:42.0078 2856 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:32:42.0078 2856 FontCache3.0.0.0 - ok
00:32:42.0093 2856 FsUsbExDisk - ok
00:32:42.0156 2856 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
00:32:42.0156 2856 FsUsbExService - ok
00:32:42.0203 2856 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:32:42.0203 2856 Fs_Rec - ok
00:32:42.0234 2856 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:32:42.0234 2856 Ftdisk - ok
00:32:42.0281 2856 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:32:42.0281 2856 gameenum - ok
00:32:42.0328 2856 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:32:42.0328 2856 GEARAspiWDM - ok
00:32:42.0359 2856 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\WINDOWS\system32\drivers\GIDv2.sys
00:32:42.0359 2856 GIDv2 - ok
00:32:42.0421 2856 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:32:42.0421 2856 Gpc - ok
00:32:42.0484 2856 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:32:42.0500 2856 helpsvc - ok
00:32:42.0531 2856 [ BB1A6FB7D35A91E599973FA74A619056 ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys
00:32:42.0531 2856 HidIr - ok
00:32:42.0578 2856 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:32:42.0578 2856 HidServ - ok
00:32:42.0609 2856 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:32:42.0609 2856 HidUsb - ok
00:32:42.0640 2856 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:32:42.0640 2856 hkmsvc - ok
00:32:42.0671 2856 hpn - ok
00:32:42.0765 2856 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:32:42.0781 2856 hpqcxs08 - ok
00:32:42.0812 2856 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:32:42.0828 2856 hpqddsvc - ok
00:32:42.0859 2856 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
00:32:42.0859 2856 HPSLPSVC - ok
00:32:42.0906 2856 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:32:42.0906 2856 HPZid412 - ok
00:32:42.0937 2856 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:32:42.0937 2856 HPZipr12 - ok
00:32:42.0968 2856 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:32:42.0968 2856 HPZius12 - ok
00:32:43.0015 2856 [ 68329F53EBFD34ABF268C42D98C830F3 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
00:32:43.0031 2856 HSFHWICH - ok
00:32:43.0078 2856 [ 7BBC0D5900A1FC9F69FA0950A149A1C6 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
00:32:43.0078 2856 HSF_DP - ok
00:32:43.0125 2856 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:32:43.0140 2856 HTTP - ok
00:32:43.0171 2856 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:32:43.0171 2856 HTTPFilter - ok
00:32:43.0187 2856 i2omgmt - ok
00:32:43.0218 2856 i2omp - ok
00:32:43.0281 2856 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:32:43.0281 2856 i8042prt - ok
00:32:43.0296 2856 IDMTDI - ok
00:32:43.0390 2856 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:32:43.0406 2856 idsvc - ok
00:32:43.0500 2856 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121108.001\IDSxpx86.sys
00:32:43.0500 2856 IDSxpx86 - ok
00:32:43.0531 2856 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:32:43.0531 2856 Imapi - ok
00:32:43.0578 2856 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:32:43.0578 2856 ImapiService - ok
00:32:43.0609 2856 ini910u - ok
00:32:43.0656 2856 IntelIde - ok
00:32:43.0718 2856 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:32:43.0718 2856 intelppm - ok
00:32:43.0750 2856 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:32:43.0750 2856 ip6fw - ok
00:32:43.0781 2856 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:32:43.0781 2856 IpFilterDriver - ok
00:32:43.0812 2856 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:32:43.0812 2856 IpInIp - ok
00:32:43.0859 2856 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:32:43.0859 2856 IpNat - ok
00:32:43.0906 2856 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:32:43.0906 2856 IPSec - ok
00:32:43.0953 2856 [ B43B36B382AEA10861F7C7A37F9D4AE2 ] IrBus C:\WINDOWS\system32\DRIVERS\IrBus.sys
00:32:43.0953 2856 IrBus - ok
00:32:43.0984 2856 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:32:43.0984 2856 IRENUM - ok
00:32:44.0046 2856 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:32:44.0046 2856 isapnp - ok
00:32:44.0125 2856 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
00:32:44.0125 2856 JavaQuickStarterService - ok
00:32:44.0156 2856 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:32:44.0156 2856 Kbdclass - ok
00:32:44.0203 2856 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:32:44.0203 2856 kbdhid - ok
00:32:44.0234 2856 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:32:44.0234 2856 kmixer - ok
00:32:44.0281 2856 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:32:44.0281 2856 KSecDD - ok
00:32:44.0328 2856 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:32:44.0328 2856 lanmanserver - ok
00:32:44.0375 2856 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:32:44.0390 2856 lanmanworkstation - ok
00:32:44.0406 2856 lbrtfdc - ok
00:32:44.0468 2856 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:32:44.0484 2856 LmHosts - ok
00:32:44.0515 2856 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
00:32:44.0515 2856 LVPr2Mon - ok
00:32:44.0578 2856 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
00:32:44.0578 2856 LVPrcSrv - ok
00:32:44.0609 2856 [ F7E15F2FE7790733DF86E95A76556389 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
00:32:44.0609 2856 LVUSBSta - ok
00:32:44.0718 2856 [ 92D03DC19EAE9D0A86735705E374FDAD ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
00:32:44.0750 2856 LVUVC - ok
00:32:44.0781 2856 [ C6D085C7045200143528136A43A65FDE ] ManyCam C:\WINDOWS\system32\DRIVERS\ManyCam.sys
00:32:44.0781 2856 ManyCam - ok
00:32:44.0843 2856 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
00:32:44.0843 2856 MBAMProtector - ok
00:32:44.0921 2856 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:32:44.0937 2856 MBAMService - ok
00:32:44.0968 2856 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:32:44.0968 2856 mdmxsdk - ok
00:32:45.0015 2856 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:32:45.0015 2856 Messenger - ok
00:32:45.0046 2856 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:32:45.0046 2856 mnmdd - ok
00:32:45.0093 2856 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
00:32:45.0093 2856 mnmsrvc - ok
00:32:45.0125 2856 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:32:45.0125 2856 Modem - ok
00:32:45.0140 2856 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:32:45.0156 2856 Mouclass - ok
00:32:45.0203 2856 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:32:45.0203 2856 mouhid - ok
00:32:45.0218 2856 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:32:45.0218 2856 MountMgr - ok
00:32:45.0281 2856 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:32:45.0281 2856 MozillaMaintenance - ok
00:32:45.0296 2856 mraid35x - ok
00:32:45.0359 2856 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:32:45.0359 2856 MRxDAV - ok
00:32:45.0421 2856 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:32:45.0421 2856 MRxSmb - ok
00:32:45.0468 2856 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
00:32:45.0468 2856 MSDTC - ok
00:32:45.0515 2856 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:32:45.0531 2856 Msfs - ok
00:32:45.0546 2856 MSIServer - ok
00:32:45.0578 2856 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:32:45.0578 2856 MSKSSRV - ok
00:32:45.0609 2856 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:32:45.0609 2856 MSPCLOCK - ok
00:32:45.0671 2856 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:32:45.0671 2856 MSPQM - ok
00:32:45.0703 2856 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:32:45.0718 2856 mssmbios - ok
00:32:45.0734 2856 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:32:45.0734 2856 MSTEE - ok
00:32:45.0781 2856 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:32:45.0781 2856 Mup - ok
00:32:45.0859 2856 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
00:32:45.0859 2856 N360 - ok
00:32:45.0890 2856 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:32:45.0890 2856 NABTSFEC - ok
00:32:45.0937 2856 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:32:45.0953 2856 napagent - ok
00:32:46.0031 2856 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\NAVENG.SYS
00:32:46.0031 2856 NAVENG - ok
00:32:46.0187 2856 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\NAVEX15.SYS
00:32:46.0203 2856 NAVEX15 - ok
00:32:46.0250 2856 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:32:46.0250 2856 NDIS - ok
00:32:46.0281 2856 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:32:46.0281 2856 NdisIP - ok
00:32:46.0312 2856 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:32:46.0312 2856 NdisTapi - ok
00:32:46.0343 2856 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:32:46.0343 2856 Ndisuio - ok
00:32:46.0390 2856 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:32:46.0390 2856 NdisWan - ok
00:32:46.0437 2856 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:32:46.0437 2856 NDProxy - ok
00:32:46.0484 2856 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:32:46.0484 2856 Net Driver HPZ12 - ok
00:32:46.0500 2856 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:32:46.0515 2856 NetBIOS - ok
00:32:46.0546 2856 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:32:46.0546 2856 NetBT - ok
00:32:46.0593 2856 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:32:46.0593 2856 NetDDE - ok
00:32:46.0609 2856 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:32:46.0625 2856 NetDDEdsdm - ok
00:32:46.0656 2856 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:32:46.0656 2856 Netlogon - ok
00:32:46.0703 2856 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:32:46.0703 2856 Netman - ok
00:32:46.0750 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:46.0750 2856 NetTcpPortSharing - ok
00:32:46.0781 2856 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:32:46.0781 2856 NIC1394 - ok
00:32:46.0812 2856 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:32:46.0828 2856 Nla - ok
00:32:46.0859 2856 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\WINDOWS\system32\drivers\npf.sys
00:32:46.0859 2856 npf - ok
00:32:46.0875 2856 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:32:46.0875 2856 Npfs - ok
00:32:46.0937 2856 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:32:46.0937 2856 Ntfs - ok
00:32:46.0968 2856 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
00:32:46.0968 2856 NtLmSsp - ok
00:32:47.0015 2856 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:32:47.0031 2856 NtmsSvc - ok
00:32:47.0062 2856 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:32:47.0062 2856 Null - ok
00:32:47.0156 2856 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:32:47.0171 2856 nv - ok
00:32:47.0218 2856 [ 88A8CFCD2BC3FF1484901CE985782E6E ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
00:32:47.0234 2856 NVSvc - ok
00:32:47.0265 2856 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:32:47.0265 2856 NwlnkFlt - ok
00:32:47.0281 2856 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:32:47.0281 2856 NwlnkFwd - ok
00:32:47.0328 2856 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:32:47.0328 2856 ohci1394 - ok
00:32:47.0390 2856 [ 8C02B0CC65BEE71124A565062BA77B39 ] OpenVPNAccessClient D:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
00:32:47.0390 2856 OpenVPNAccessClient - ok
00:32:47.0453 2856 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService d:\Program Files\OpenVPN\bin\openvpnserv.exe
00:32:47.0453 2856 OpenVPNService - ok
00:32:47.0500 2856 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:32:47.0500 2856 ose - ok
00:32:47.0546 2856 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
00:32:47.0546 2856 ossrv - ok
00:32:47.0593 2856 [ DF886FFED69AEAD0CF608B89B18C3F6F ] P17 C:\WINDOWS\system32\drivers\P17.sys
00:32:47.0609 2856 P17 - ok
00:32:47.0640 2856 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:32:47.0640 2856 Parport - ok
00:32:47.0687 2856 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:32:47.0687 2856 PartMgr - ok
00:32:47.0718 2856 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:32:47.0718 2856 ParVdm - ok
00:32:47.0765 2856 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:32:47.0765 2856 PCI - ok
00:32:47.0781 2856 PCIDump - ok
00:32:47.0843 2856 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:32:47.0843 2856 PCIIde - ok
00:32:47.0875 2856 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:32:47.0875 2856 Pcmcia - ok
00:32:47.0890 2856 pctNdisMP - ok
00:32:47.0921 2856 PDCOMP - ok
00:32:47.0953 2856 PDFRAME - ok
00:32:47.0984 2856 PDRELI - ok
00:32:48.0015 2856 PDRFRAME - ok
00:32:48.0046 2856 perc2 - ok
00:32:48.0078 2856 perc2hib - ok
00:32:48.0187 2856 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:32:48.0187 2856 PlugPlay - ok
00:32:48.0218 2856 [ 7C13A95C456D4B61FBA3E1FD2924A2E8 ] Pml Driver C:\WINDOWS\system32\HPHipm09.exe
00:32:48.0234 2856 Pml Driver - ok
00:32:48.0250 2856 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:32:48.0265 2856 Pml Driver HPZ12 - ok
00:32:48.0281 2856 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:32:48.0296 2856 PolicyAgent - ok
00:32:48.0328 2856 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:32:48.0328 2856 PptpMiniport - ok
00:32:48.0375 2856 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:32:48.0375 2856 Processor - ok
00:32:48.0406 2856 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:32:48.0406 2856 ProtectedStorage - ok
00:32:48.0437 2856 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:32:48.0437 2856 PSched - ok
00:32:48.0468 2856 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:32:48.0484 2856 Ptilink - ok
00:32:48.0515 2856 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
00:32:48.0515 2856 PxHelp20 - ok
00:32:48.0515 2856 ql1080 - ok
00:32:48.0562 2856 Ql10wnt - ok
00:32:48.0593 2856 ql12160 - ok
00:32:48.0640 2856 ql1240 - ok
00:32:48.0671 2856 ql1280 - ok
00:32:48.0718 2856 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:32:48.0718 2856 RasAcd - ok
00:32:48.0765 2856 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:32:48.0765 2856 RasAuto - ok
00:32:48.0796 2856 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:32:48.0796 2856 Rasl2tp - ok
00:32:48.0843 2856 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:32:48.0843 2856 RasMan - ok
00:32:48.0875 2856 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:32:48.0890 2856 RasPppoe - ok
00:32:48.0906 2856 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:32:48.0921 2856 Raspti - ok
00:32:48.0953 2856 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:32:48.0953 2856 Rdbss - ok
00:32:48.0984 2856 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:32:48.0984 2856 RDPCDD - ok
00:32:49.0031 2856 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:32:49.0046 2856 rdpdr - ok
00:32:49.0093 2856 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:32:49.0093 2856 RDPWD - ok
00:32:49.0140 2856 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:32:49.0140 2856 RDSessMgr - ok
00:32:49.0171 2856 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:32:49.0187 2856 redbook - ok
00:32:49.0234 2856 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:32:49.0234 2856 RemoteAccess - ok
00:32:49.0281 2856 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:32:49.0281 2856 RemoteRegistry - ok
00:32:49.0296 2856 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
00:32:49.0312 2856 RpcLocator - ok
00:32:49.0359 2856 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
00:32:49.0359 2856 RpcSs - ok
00:32:49.0406 2856 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
00:32:49.0406 2856 RSVP - ok
00:32:49.0437 2856 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:32:49.0437 2856 rtl8139 - ok
00:32:49.0468 2856 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:32:49.0468 2856 SamSs - ok
00:32:49.0515 2856 [ 39763504067962108505BFF25F024345 ] SASDIFSV D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:32:49.0515 2856 SASDIFSV - ok
00:32:49.0531 2856 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:32:49.0531 2856 SASKUTIL - ok
00:32:49.0609 2856 [ A4AAC62E6C1A5A56AE41B6C0570AB68B ] SbieDrv d:\Program Files\Sandboxie\SbieDrv.sys
00:32:49.0609 2856 SbieDrv - ok
00:32:49.0640 2856 [ 9581517EF4B3E6F84B6CFD503A0178C4 ] SbieSvc d:\Program Files\Sandboxie\SbieSvc.exe
00:32:49.0640 2856 SbieSvc - ok
00:32:49.0671 2856 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:32:49.0687 2856 SCardSvr - ok
00:32:49.0718 2856 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
00:32:49.0718 2856 SCDEmu - ok
00:32:49.0765 2856 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:32:49.0781 2856 Schedule - ok
00:32:49.0828 2856 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:32:49.0828 2856 Secdrv - ok
00:32:49.0859 2856 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:32:49.0875 2856 seclogon - ok
00:32:49.0906 2856 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:32:49.0906 2856 SENS - ok
00:32:49.0937 2856 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
00:32:49.0937 2856 Serial - ok
00:32:50.0062 2856 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:32:50.0062 2856 Sfloppy - ok
00:32:50.0109 2856 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:32:50.0109 2856 SharedAccess - ok
00:32:50.0140 2856 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:32:50.0140 2856 ShellHWDetection - ok
00:32:50.0171 2856 Simbad - ok
00:32:50.0328 2856 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:32:50.0343 2856 Skype C2C Service - ok
00:32:50.0406 2856 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:32:50.0406 2856 SkypeUpdate - ok
00:32:50.0437 2856 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:32:50.0437 2856 SLIP - ok
00:32:50.0500 2856 [ 27D6BE8E961AB9DF26EC5CE823B68B7F ] smrt C:\WINDOWS\system32\DRIVERS\smrt.sys
00:32:50.0515 2856 smrt - ok
00:32:50.0593 2856 [ 89CB81394D58F450BDDBF4AE3483CA72 ] SonicStageMonitoring C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
00:32:50.0593 2856 SonicStageMonitoring - ok
00:32:50.0671 2856 [ CD1BEA0CB0E96B828D225B106CBFB968 ] Sony TV Tuner Controller C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
00:32:50.0687 2856 Sony TV Tuner Controller - ok
00:32:50.0703 2856 [ AF35291F72F6CF0915765E44F1045305 ] Sony TV Tuner Manager C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
00:32:50.0703 2856 Sony TV Tuner Manager - ok
00:32:50.0734 2856 [ EFAAEED11AAF285435A0DCFE15047983 ] Sony TVTA Manager C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
00:32:50.0734 2856 Sony TVTA Manager - ok
00:32:50.0781 2856 [ ED9A10456E25DE7A3350F896B962F60A ] SonyLSM C:\WINDOWS\system32\Drivers\SonyLSM.sys
00:32:50.0781 2856 SonyLSM - ok
00:32:50.0828 2856 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
00:32:50.0828 2856 SONYPVU1 - ok
00:32:50.0843 2856 Sparrow - ok
00:32:50.0890 2856 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:32:50.0890 2856 splitter - ok
00:32:50.0937 2856 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:32:50.0937 2856 Spooler - ok
00:32:50.0984 2856 [ FB3E6325A5B3B63CDABB7C0BF4125B2C ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
00:32:51.0000 2856 SPTISRV - ok
00:32:51.0031 2856 [ 03D7AD16AC204C48640CBE6ED8281A65 ] spupdsvc C:\WINDOWS\system32\spupdsvc.exe
00:32:51.0031 2856 spupdsvc - ok
00:32:51.0062 2856 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:32:51.0062 2856 sr - ok
00:32:51.0093 2856 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:32:51.0109 2856 srservice - ok
00:32:51.0187 2856 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
00:32:51.0203 2856 SRTSP - ok
00:32:51.0234 2856 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
00:32:51.0234 2856 SRTSPX - ok
00:32:51.0281 2856 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:32:51.0296 2856 Srv - ok
00:32:51.0328 2856 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
00:32:51.0328 2856 sscebus - ok
00:32:51.0343 2856 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
00:32:51.0359 2856 sscemdfl - ok
00:32:51.0390 2856 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
00:32:51.0406 2856 sscemdm - ok
00:32:51.0453 2856 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:32:51.0453 2856 SSDPSRV - ok
00:32:51.0468 2856 Steam Client Service - ok
00:32:51.0515 2856 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:32:51.0531 2856 stisvc - ok
00:32:51.0546 2856 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:32:51.0546 2856 streamip - ok
00:32:51.0609 2856 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:32:51.0609 2856 swenum - ok
00:32:51.0687 2856 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:32:51.0687 2856 SwitchBoard - ok
00:32:51.0718 2856 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:32:51.0718 2856 swmidi - ok
00:32:51.0750 2856 SwPrv - ok
00:32:51.0796 2856 symc810 - ok
00:32:51.0828 2856 symc8xx - ok
00:32:51.0875 2856 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
00:32:51.0890 2856 SymDS - ok
00:32:51.0953 2856 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
00:32:51.0953 2856 SymEFA - ok
00:32:52.0000 2856 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:32:52.0000 2856 SymEvent - ok
00:32:52.0031 2856 [ 94A2459242A6DD0DAF3BAA99E96784FF ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
00:32:52.0031 2856 SymIM - ok
00:32:52.0046 2856 [ 94A2459242A6DD0DAF3BAA99E96784FF ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
00:32:52.0046 2856 SymIMMP - ok
00:32:52.0109 2856 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
00:32:52.0109 2856 SymIRON - ok
00:32:52.0140 2856 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
00:32:52.0140 2856 SYMTDI - ok
00:32:52.0171 2856 sym_hi - ok
00:32:52.0203 2856 sym_u3 - ok
00:32:52.0234 2856 SynasUSB - ok
00:32:52.0265 2856 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:32:52.0265 2856 sysaudio - ok
00:32:52.0312 2856 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:32:52.0312 2856 SysmonLog - ok
00:32:52.0359 2856 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
00:32:52.0359 2856 tap0901 - ok
00:32:52.0406 2856 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:32:52.0406 2856 TapiSrv - ok
00:32:52.0453 2856 [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas C:\WINDOWS\system32\DRIVERS\tapoas.sys
00:32:52.0453 2856 tapoas - ok
00:32:52.0515 2856 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:32:52.0531 2856 Tcpip - ok
00:32:52.0562 2856 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:32:52.0562 2856 TDPIPE - ok
00:32:52.0593 2856 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:32:52.0609 2856 TDTCP - ok
00:32:52.0625 2856 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
00:32:52.0640 2856 teamviewervpn - ok
00:32:52.0671 2856 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:32:52.0671 2856 TermDD - ok
00:32:52.0718 2856 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:32:52.0734 2856 TermService - ok
00:32:52.0750 2856 TfFsMon - ok
00:32:52.0781 2856 TfNetMon - ok
00:32:52.0812 2856 TFSysMon - ok
00:32:52.0875 2856 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:32:52.0875 2856 Themes - ok
00:32:52.0921 2856 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
00:32:52.0937 2856 TlntSvr - ok
00:32:52.0953 2856 TMPassthruMP - ok
00:32:52.0968 2856 TosIde - ok
00:32:53.0078 2856 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:32:53.0078 2856 TrkWks - ok
00:32:53.0125 2856 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:32:53.0125 2856 Udfs - ok
00:32:53.0140 2856 ultra - ok
00:32:53.0187 2856 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
00:32:53.0187 2856 UMWdf - ok
00:32:53.0234 2856 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:32:53.0234 2856 Update - ok
00:32:53.0265 2856 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:32:53.0265 2856 upnphost - ok
00:32:53.0296 2856 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:32:53.0296 2856 UPS - ok
00:32:53.0359 2856 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:32:53.0359 2856 usbccgp - ok
00:32:53.0390 2856 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:32:53.0406 2856 usbehci - ok
00:32:53.0437 2856 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:32:53.0437 2856 usbhub - ok
00:32:53.0468 2856 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:32:53.0484 2856 usbprint - ok
00:32:53.0500 2856 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:32:53.0515 2856 usbscan - ok
00:32:53.0562 2856 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:32:53.0562 2856 USBSTOR - ok
00:32:53.0609 2856 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:32:53.0609 2856 usbuhci - ok
00:32:53.0625 2856 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:32:53.0625 2856 usb_rndisx - ok
00:32:53.0718 2856 [ 5A173C23810AC6935227C617893A63AA ] VAIOMediaPlatform-MusicServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
00:32:53.0718 2856 VAIOMediaPlatform-MusicServer-AppServer - ok
00:32:53.0750 2856 [ 6341C4E00A6F2474E59D1331B3CE9C0D ] VAIOMediaPlatform-MusicServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
00:32:53.0750 2856 VAIOMediaPlatform-MusicServer-HTTP - ok
00:32:53.0796 2856 [ F27789E13CA6A94D1420572D9E1A8344 ] VAIOMediaPlatform-MusicServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
00:32:53.0812 2856 VAIOMediaPlatform-MusicServer-UPnP - ok
00:32:53.0859 2856 [ 48036BCFB49346F33389AD9FB035522F ] VAIOMediaPlatform-PhotoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
00:32:53.0859 2856 VAIOMediaPlatform-PhotoServer-AppServer - ok
00:32:53.0875 2856 [ 6341C4E00A6F2474E59D1331B3CE9C0D ] VAIOMediaPlatform-PhotoServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
00:32:53.0875 2856 VAIOMediaPlatform-PhotoServer-HTTP - ok
00:32:53.0984 2856 [ F27789E13CA6A94D1420572D9E1A8344 ] VAIOMediaPlatform-PhotoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
00:32:53.0984 2856 VAIOMediaPlatform-PhotoServer-UPnP - ok
00:32:54.0078 2856 [ 095265E6F1C668709A4944F8DAB7EAA9 ] VAIOMediaPlatform-VideoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
00:32:54.0093 2856 VAIOMediaPlatform-VideoServer-AppServer - ok
00:32:54.0109 2856 [ 6341C4E00A6F2474E59D1331B3CE9C0D ] VAIOMediaPlatform-VideoServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
00:32:54.0109 2856 VAIOMediaPlatform-VideoServer-HTTP - ok
00:32:54.0156 2856 [ F27789E13CA6A94D1420572D9E1A8344 ] VAIOMediaPlatform-VideoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
00:32:54.0171 2856 VAIOMediaPlatform-VideoServer-UPnP - ok
00:32:54.0203 2856 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:32:54.0203 2856 VgaSave - ok
00:32:54.0218 2856 ViaIde - ok
00:32:54.0250 2856 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:32:54.0250 2856 VolSnap - ok
00:32:54.0296 2856 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:32:54.0296 2856 VSS - ok
00:32:54.0343 2856 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:32:54.0343 2856 W32Time - ok
00:32:54.0375 2856 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:32:54.0390 2856 Wanarp - ok
00:32:54.0406 2856 WDICA - ok
00:32:54.0453 2856 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:32:54.0453 2856 wdmaud - ok
00:32:54.0484 2856 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:32:54.0500 2856 WebClient - ok
00:32:54.0531 2856 [ E010C2588ED1C0AD0E8188EC0F46CED6 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:32:54.0546 2856 winachsf - ok
00:32:54.0625 2856 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:32:54.0625 2856 winmgmt - ok
00:32:54.0703 2856 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:32:54.0703 2856 WmdmPmSN - ok
00:32:54.0750 2856 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:32:54.0750 2856 Wmi - ok
00:32:54.0796 2856 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:32:54.0796 2856 WmiApSrv - ok
00:32:54.0843 2856 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
00:32:54.0843 2856 WpdUsb - ok
00:32:54.0921 2856 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:32:54.0937 2856 WPFFontCache_v0400 - ok
00:32:54.0968 2856 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:32:54.0984 2856 WS2IFSL - ok
00:32:55.0093 2856 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:32:55.0093 2856 wscsvc - ok
00:32:55.0125 2856 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:32:55.0125 2856 WSTCODEC - ok
00:32:55.0156 2856 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:32:55.0171 2856 wuauserv - ok
00:32:55.0218 2856 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:32:55.0234 2856 WZCSVC - ok
00:32:55.0281 2856 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:32:55.0281 2856 xmlprov - ok
00:32:55.0421 2856 ================ Scan global ===============================
00:32:55.0453 2856 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:32:55.0500 2856 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:32:55.0515 2856 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:32:55.0546 2856 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:32:55.0546 2856 [Global] - ok
00:32:55.0562 2856 ================ Scan MBR ==================================
00:32:55.0578 2856 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:32:55.0750 2856 \Device\Harddisk0\DR0 - ok
00:32:55.0750 2856 ================ Scan VBR ==================================
00:32:55.0765 2856 [ C0FE20D114CB07D343022C1B28312099 ] \Device\Harddisk0\DR0\Partition1
00:32:55.0765 2856 \Device\Harddisk0\DR0\Partition1 - ok
00:32:55.0796 2856 [ F1444DB58CA0E158D5DAEF1C462C7BA3 ] \Device\Harddisk0\DR0\Partition2
00:32:55.0796 2856 \Device\Harddisk0\DR0\Partition2 - ok
00:32:55.0828 2856 [ 49E8C76A61414CB061907B761185B448 ] \Device\Harddisk0\DR0\Partition3
00:32:55.0828 2856 \Device\Harddisk0\DR0\Partition3 - ok
00:32:55.0828 2856 ============================================================
00:32:55.0843 2856 Scan finished
00:32:55.0843 2856 ============================================================
00:32:55.0906 2116 Detected object count: 0
00:32:55.0906 2116 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-09 00:33:17
-----------------------------
00:33:17.546 OS Version: Windows 5.1.2600 Service Pack 3
00:33:17.546 Number of processors: 2 586 0x209
00:33:17.546 ComputerName: LENNIE UserName:
00:33:17.843 Initialize success
00:37:25.968 AVAST engine defs: 12110801
00:39:43.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:39:43.531 Disk 0 Vendor: Size: 0MB BusType: 0
00:39:43.546 Disk 1 \Device\Harddisk1\DR4 -> \Device\00000093
00:39:43.562 Disk 1 Vendor: Size: 0MB BusType: 0
00:39:43.609 Disk 0 MBR read successfully
00:39:43.625 Disk 0 MBR scan
00:39:43.687 Disk 0 Windows XP default MBR code
00:39:43.703 Disk 0 MBR hidden
00:39:43.734 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 6149 MB offset 63
00:39:43.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15366 MB offset 12594960
00:39:43.796 Disk 0 Partition - 00 0F Extended LBA 172957 MB offset 44066295
00:39:43.843 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 172957 MB offset 44066358
00:39:43.906 Disk 0 scanning C:\WINDOWS\system32\drivers
00:40:00.640 Service scanning
00:40:19.140 Modules scanning
00:40:24.203 Disk 0 trace - called modules:
00:40:24.375 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:40:24.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8beab8]
00:40:24.718 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000080[0x8a8c99e8]
00:40:24.875 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8c9d98]
00:40:25.312 AVAST engine scan C:\WINDOWS
00:40:33.953 AVAST engine scan C:\WINDOWS\system32
00:44:26.000 AVAST engine scan C:\WINDOWS\system32\drivers
00:44:45.390 AVAST engine scan C:\Documents and Settings\The Junks
00:47:56.218 AVAST engine scan C:\Documents and Settings\All Users
00:52:50.656 Scan finished successfully
10:04:42.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\The Junks\Desktop\MBR.dat"
10:04:42.953 The log file has been saved successfully to "C:\Documents and Settings\The Junks\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 09 November 2012 - 04:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 crunchyblack1

crunchyblack1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 09 November 2012 - 10:18 PM

ComboFix 12-11-09.02 - The Junks 11/09/2012 18:51:41.20.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1168 [GMT -8:00]
Running from: c:\documents and settings\The Junks\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The Junks\Desktop\CFscript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-05 10:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-10-19 23:53 . 2012-10-19 23:53 -------- d-----w- c:\documents and settings\The Junks\Application Data\DDMSettings
2012-10-18 10:05 . 2012-10-18 10:06 -------- dc-h--w- c:\windows\ie8
2012-10-17 20:41 . 2011-04-30 03:01 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 02:54 . 2011-06-14 07:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 08:41 . 2012-09-24 08:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-24 08:41 . 2012-09-24 08:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-24 08:41 . 2012-06-09 08:08 821736 -c--a-w- c:\windows\system32\npDeployJava1.dll
2012-09-24 08:41 . 2011-08-04 00:43 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2003-10-28 20:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-10-28 20:42 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-10-28 20:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2011-06-14 02:24 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2003-10-28 20:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 07:57 . 2012-08-24 07:57 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-21 13:33 . 2002-08-29 01:04 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2003-07-30 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 12:42 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 -csh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:42 57344 -csh--w- c:\windows\system32\msvcirt.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:42 11776 -csh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- d:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Aimersoft Helper Compact.exe"="c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\The Junks\Start Menu\Programs\Startup\
Rainmeter.lnk - d:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OpenVPN Client.lnk - d:\program files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe [2010-8-12 19968]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuNetworkPlaces"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 17:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 13:09 446392 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2003-08-25 17:49 53248 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
2001-09-19 17:18 45056 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2008-04-14 12:42 50176 -c--a-w- c:\windows\eHome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIDDesktop]
2011-07-05 17:24 395528 -c--a-w- c:\program files\SFT\GuardedID\GIDD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-10-25 14:55 196608 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2006-01-13 06:46 311296 -c--a-w- c:\windows\system32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 02:54 766536 ----a-w- d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-08-19 02:56 4841472 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-08-19 02:56 323584 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 02:38 64512 -c--a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-08-27 19:16 434960 ----a-w- d:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
2003-05-16 03:36 446464 -c--a-w- c:\program files\ScreenPrint32 v3\ScreenPrint32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sHotKey]
2003-08-22 17:22 45056 -c--a-w- c:\program files\Sony\sHotKey\SHOTKEY.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-19 23:57 1242448 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 -c--a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-03-17 19:52 1056768 -c--a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2003-06-24 00:32 1409024 -c--a-w- c:\program files\support.com\client\bin\tgcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"d:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\The Junks\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [10/28/2003 12:42 PM 4736]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 12:30 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 12:30 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys [11/5/2012 9:45 AM 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [8/21/2011 4:15 PM 25232]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 12:30 PM 136312]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 10:54 AM 116608]
R2 akl_svc";PrivacyKeyboard Service;d:\program files\PrivacyKeyboard\akl_svc.exe [11/4/2011 11:59 AM 66768]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 12:30 PM 130008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [9/14/2011 9:40 AM 18864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2012 7:57 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSXpx86.sys [11/9/2012 2:40 PM 373728]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 2:06 AM 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 11:48 PM 22856]
S0 cecp;cecp;c:\windows\system32\drivers\gukn.sys --> c:\windows\system32\drivers\gukn.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2/2/2012 12:23 AM 238952]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/5/2010 2:37 AM 676936]
S2 OpenVPNAccessClient;OpenVPN Access Client;d:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [8/12/2010 4:45 PM 24064]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/2/2012 11:13 AM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:14 PM 160944]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 1:23 PM 35088]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys --> c:\windows\system32\DRIVERS\pctNdis.sys [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/2/2012 12:25 AM 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/2/2012 12:25 AM 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/2/2012 12:25 AM 123648]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/3/2010 3:25 PM 26112]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/12/2012 12:29 PM 25088]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 96338460
*NewlyCreated* - TRUESIGHT
*Deregistered* - 96338460
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 17:26 435976 -c--a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- d:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-11-27 19:03]
.
2012-11-01 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- d:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-11-27 19:03]
.
2011-06-14 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-10-28 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\The Junks\Application Data\Mozilla\Firefox\Profiles\ok95auwn.default\
FF - ExtSQL: !HIDDEN! 2011-08-06 14:41; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1fab6ff5-f54d-4008-9464-006a9e13b955}]
@Denied: (Full) (Everyone)
"Model"=dword:00000097
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):60,c1,48,ee,e0,54,f8,83,87,91,63,21,d9,e5,23,86,95,3e,2b,3d,89,
82,be,02,e3,c7,50,38,75,2e,58,58,d9,1b,59,10,fd,e5,5d,73,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
d:\program files\Internet Download Manager\IDMShellExt.dll
d:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-11-09 19:00:00
ComboFix-quarantined-files.txt 2012-11-10 02:59
ComboFix2.txt 2012-11-09 07:54
.
Pre-Run: 1,121,861,632 bytes free
Post-Run: 1,216,163,840 bytes free
.
- - End Of File - - 4FF5A46CEAC5E7E7B827795CFB46DB2F

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 09 November 2012 - 11:29 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Freecorder 5
Java 7 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 crunchyblack1

crunchyblack1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 10 November 2012 - 01:30 AM

computer just randomly froze
can only start pc in safe mode with networking now

didn't get the last scans yet
do i continue?

Edited by crunchyblack1, 10 November 2012 - 01:32 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 10 November 2012 - 01:48 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users