Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:DOS/Alureon.J


  • This topic is locked This topic is locked
39 replies to this topic

#1 C-A

C-A

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 31 May 2013 - 02:47 PM

Hello,

 

I recently received help here to remove a Google Redirect virus.  After this I ended up with Avast, WinPatrol, and MalwareBytes paid version, and my computer appeared clean.  I did notice, I could not re-enable all the shields of Avast - even though the taskbar icon reported the shields were up, when I opened Avast, three of the eight shields would report as off.  I replaced Avast with Microsoft Security Essentials, which found the trojan "Alureon.J".  MSE was unable to remove the trojan, so I tried Windows Defender Offline, which is recommended by Microsoft to remove Alureon.J.  I booted up my computer with Windows Defender Offline from a USB-stick, but when the removal process was over, I received a Microsoft error code that the process could not be completed. MSE still reports an "Alureon.J" infection.

 

Any help would be deeply appreciated. Here's my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Hans at 12:18:08 on 2013-05-31
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1060 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mfsyncsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Morgan\m3jpegV3\MMTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\MirrorFolder\mrfshl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: bho2gr Class: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\program files\getright\xx2gr.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: CNavExtBho Class: {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\program files\norton systemworks\norton antivirus\NAVShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Norton AntiVirus: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\program files\norton systemworks\norton antivirus\NAVShExt.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [PatchMix DSP Application] c:\program files\creative professional\digital audio system\e-mu patchmix dsp\EmuPatchMixDSP.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LgWDskTp] c:\program files\wireless desktop\LgWDskTp.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [MMTray] "c:\program files\morgan\m3jpegv3\MMTray.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [MirrorFolderShell] c:\program files\mirrorfolder\mrfshl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~4\office\1033\phdintl.dll/phdContext.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354576101265
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{48E8CA89-9359-4E29-87BF-6A0A88AA8BDF} : DHCPNameServer = 192.168.1.1 68.238.64.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [2013-4-30 78128]
R1 GhPciScan;GhostPciScanner;c:\program files\norton systemworks\norton ghost\GhPciScan.sys [2003-5-28 5632]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton systemworks\norton antivirus\Savrtpel.sys [2003-8-6 35008]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-5-2 353672]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-8-14 255648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-8-14 235168]
R2 Logic232;Logic232;c:\windows\system32\drivers\Logic232.sys [2009-9-5 6356]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-30 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-30 701512]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 mfsyncsv;MirrorFolder Auto-synchronization Service;c:\windows\system32\mfsyncsv.exe [2013-4-30 175656]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~2\NPROTECT.EXE [2003-9-10 81920]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-1-13 585728]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [2009-9-14 1347584]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [2009-9-14 164864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-30 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2009-9-9 8960]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-9-9 17280]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-8-14 87712]
S3 EWAVE;EWAVE;c:\windows\system32\drivers\ew.sys [2007-2-15 1447040]
S3 FILESPY;FILESPY;c:\windows\system32\drivers\FileSpy.sys [2007-2-15 26992]
S3 GS4ENGINE;GS4ENGINE;c:\program files\tascam\gigastudio 4\system\GS4ENGINE.sys [2008-7-3 857104]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\magix\samplitude_v8_demo\mxasio.sys [2006-3-30 4899]
S3 MIDUSB;Driver for MidiStuio-2;c:\windows\system32\drivers\mstud-2drv.sys [2006-1-16 17920]
S3 mos24ser;MosChip High-Speed USB MultiSerial Device Service;c:\windows\system32\drivers\mos24ser.sys [2009-9-5 546560]
S3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton systemworks\norton antivirus\navapsvc.exe [2003-8-17 158376]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060111.038\NAVENG.Sys [2006-1-13 77864]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060111.038\NavEx15.Sys [2006-1-13 750952]
S3 NSTATION;NSTATION;c:\windows\system32\drivers\NSTATION.sys [2007-2-15 18944]
S3 SAVRT;SAVRT;c:\program files\norton systemworks\norton antivirus\savrt.sys [2003-8-6 300736]
S3 SAVScan;SAVScan;c:\program files\norton systemworks\norton antivirus\SAVScan.exe [2003-8-9 193816]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-11-29 23288]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2007-2-20 356352]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2007-2-20 18432]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [2007-2-20 32768]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-05-30 22:42:42 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{70aaffd8-132c-4852-8c22-0a95f3a24160}\mpengine.dll
2013-05-29 22:42:45 7016152 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-27 19:46:00 -------- d-----w- c:\windows\Microsoft Antimalware
2013-05-23 23:17:27 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-23 23:16:25 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-05-23 23:16:25 214256 ----a-w- c:\windows\system32\muweb.dll
2013-05-23 23:16:25 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2013-05-23 23:15:08 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-11 04:17:36 -------- d-sh--r- C:\cmdcons
2013-05-11 04:17:35 -------- d-----w- c:\windows\setup.pss
2013-05-11 04:17:18 -------- d-----w- c:\windows\setupupd
2013-05-10 00:04:58 -------- d-----w- c:\documents and settings\hans\application data\WinPatrol
2013-05-10 00:04:38 -------- d-----w- c:\program files\BillP Studios
2013-05-10 00:04:38 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-05-06 00:26:01 -------- d-----w- c:\program files\CCleaner
2013-05-05 17:17:50 -------- d-----w- c:\program files\VS Revo Group
2013-05-02 17:56:53 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2013-05-02 00:18:16 -------- d-----w- c:\program files\AVAST Software
2013-05-02 00:17:07 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M  ====================
.
2013-05-15 03:36:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:36:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 02:09:18 78128 ----a-w- c:\windows\system32\drivers\mrfoldr.sys
2013-04-03 02:09:18 175656 ----a-w- c:\windows\system32\mfsyncsv.exe
2013-04-03 02:09:18 13352 ----a-w- c:\windows\system32\mfchboot.exe
2002-11-11 22:56:56 155648 ----a-w- c:\program files\common files\MTron Sounds Installer.exe
1998-02-11 00:34:48 128000 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 12:19:18.87 ===============

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 PM

Posted 02 June 2013 - 11:07 AM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
----------
 
TDSK.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 C-A

C-A
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 02 June 2013 - 02:35 PM

Thanks Jeff,

 

I have attached the TDSS log below. I also would like to provide you the info from the Microsoft Security Essentials scan: 

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:

boot:\\.\PHYSICALDRIVE0\Partition0 (Type 00)

 

 

 

12:28:08.0048 4888  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:28:08.0532 4888  ============================================================
12:28:08.0532 4888  Current date / time: 2013/06/02 12:28:08.0532
12:28:08.0532 4888  SystemInfo:
12:28:08.0532 4888 
12:28:08.0532 4888  OS Version: 5.1.2600 ServicePack: 3.0
12:28:08.0532 4888  Product type: Workstation
12:28:08.0532 4888  ComputerName: HANSVAIO
12:28:08.0532 4888  UserName: Hans
12:28:08.0532 4888  Windows directory: C:\WINDOWS
12:28:08.0532 4888  System windows directory: C:\WINDOWS
12:28:08.0532 4888  Processor architecture: Intel x86
12:28:08.0532 4888  Number of processors: 2
12:28:08.0532 4888  Page size: 0x1000
12:28:08.0532 4888  Boot type: Normal boot
12:28:08.0532 4888  ============================================================
12:28:11.0205 4888  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:28:11.0220 4888  Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:28:11.0220 4888  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:28:11.0236 4888  Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:28:11.0314 4888  ============================================================
12:28:11.0314 4888  \Device\Harddisk0\DR0:
12:28:11.0314 4888  MBR partitions:
12:28:11.0314 4888  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x1C5C1671
12:28:11.0314 4888  \Device\Harddisk1\DR1:
12:28:11.0314 4888  MBR partitions:
12:28:11.0314 4888  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0xB7DD5A1
12:28:11.0314 4888  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC3E04B1, BlocksNum 0xB7F4E27
12:28:11.0314 4888  \Device\Harddisk2\DR2:
12:28:11.0314 4888  MBR partitions:
12:28:11.0314 4888  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x73B02AB1
12:28:11.0314 4888  \Device\Harddisk3\DR3:
12:28:11.0314 4888  MBR partitions:
12:28:11.0314 4888  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
12:28:11.0314 4888  ============================================================
12:28:11.0580 4888  C: <-> \Device\Harddisk0\DR0\Partition1
12:28:11.0611 4888  F: <-> \Device\Harddisk1\DR1\Partition1
12:28:11.0658 4888  K: <-> \Device\Harddisk1\DR1\Partition2
12:28:11.0689 4888  G: <-> \Device\Harddisk2\DR2\Partition1
12:28:11.0830 4888  H: <-> \Device\Harddisk3\DR3\Partition1
12:28:11.0830 4888  ============================================================
12:28:11.0830 4888  Initialize success
12:28:11.0830 4888  ============================================================
12:28:22.0628 4948  ============================================================
12:28:22.0628 4948  Scan started
12:28:22.0628 4948  Mode: Manual;
12:28:22.0628 4948  ============================================================
12:28:23.0331 4948  ================ Scan system memory ========================
12:28:23.0331 4948  System memory - ok
12:28:23.0331 4948  ================ Scan services =============================
12:28:23.0644 4948  Abiosdsk - ok
12:28:23.0660 4948  abp480n5 - ok
12:28:23.0847 4948  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:28:23.0847 4948  ACDaemon - ok
12:28:23.0957 4948  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:28:24.0003 4948  ACPI - ok
12:28:24.0050 4948  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:28:24.0050 4948  ACPIEC - ok
12:28:24.0222 4948  [ E42F7B36B4D8866184E8DF9776CA4226 ] AdobeActiveFileMonitor C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
12:28:24.0253 4948  AdobeActiveFileMonitor - ok
12:28:24.0425 4948  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:28:24.0425 4948  AdobeFlashPlayerUpdateSvc - ok
12:28:24.0441 4948  adpu160m - ok
12:28:24.0504 4948  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:28:24.0566 4948  aec - ok
12:28:24.0660 4948  [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:28:24.0707 4948  AFD - ok
12:28:24.0785 4948  [ B34B1AB0A7690A0E2301FEC6D17B2FC1 ] AFS2K           C:\WINDOWS\system32\drivers\AFS2K.sys
12:28:24.0816 4948  AFS2K - ok
12:28:24.0816 4948  Aha154x - ok
12:28:24.0832 4948  aic78u2 - ok
12:28:24.0832 4948  aic78xx - ok
12:28:24.0879 4948  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:28:24.0879 4948  Alerter - ok
12:28:24.0925 4948  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:28:24.0925 4948  ALG - ok
12:28:24.0925 4948  AliIde - ok
12:28:24.0941 4948  amsint - ok
12:28:25.0035 4948  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:28:25.0035 4948  AppMgmt - ok
12:28:25.0097 4948  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:28:25.0113 4948  Arp1394 - ok
12:28:25.0129 4948  asc - ok
12:28:25.0129 4948  asc3350p - ok
12:28:25.0144 4948  asc3550 - ok
12:28:25.0207 4948  [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32          C:\WINDOWS\system32\drivers\Aspi32.sys
12:28:25.0207 4948  Aspi32 - ok
12:28:25.0410 4948  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:28:25.0441 4948  aspnet_state - ok
12:28:25.0457 4948  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:28:25.0472 4948  AsyncMac - ok
12:28:25.0519 4948  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:28:25.0535 4948  atapi - ok
12:28:25.0535 4948  Atdisk - ok
12:28:25.0910 4948  [ 2FBDFEC8CD60CEC3D55E615865333033 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:28:26.0285 4948  ati2mtag - ok
12:28:26.0332 4948  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:28:26.0348 4948  Atmarpc - ok
12:28:26.0410 4948  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:28:26.0410 4948  AudioSrv - ok
12:28:26.0473 4948  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:28:26.0473 4948  audstub - ok
12:28:26.0519 4948  [ D179774660AB62FAA08103D4E5717BC9 ] bautopw         C:\WINDOWS\system32\drivers\bautopw.sys
12:28:26.0566 4948  bautopw - ok
12:28:26.0613 4948  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:28:26.0613 4948  Beep - ok
12:28:26.0629 4948  [ FD4427B3538997B8333723FD500B4F8C ] bfturboh        C:\WINDOWS\system32\drivers\bfturboh.sys
12:28:26.0644 4948  bfturboh - ok
12:28:26.0801 4948  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:28:26.0879 4948  BITS - ok
12:28:26.0941 4948  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
12:28:26.0941 4948  Browser - ok
12:28:26.0973 4948  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:28:26.0973 4948  cbidf2k - ok
12:28:26.0988 4948  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:28:27.0004 4948  CCDECODE - ok
12:28:27.0176 4948  [ 1A5EF733E73F02A48ACDF89F01E0CA65 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
12:28:27.0176 4948  ccEvtMgr - ok
12:28:27.0238 4948  [ 1002A7F9C3C60D9CE356360876357D77 ] ccPwdSvc        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
12:28:27.0238 4948  ccPwdSvc - ok
12:28:27.0348 4948  [ B81DE244AAF906CC00650BA0CB3ABE32 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
12:28:27.0348 4948  ccSetMgr - ok
12:28:27.0348 4948  cd20xrnt - ok
12:28:27.0363 4948  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:28:27.0379 4948  Cdaudio - ok
12:28:27.0410 4948  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:28:27.0426 4948  Cdfs - ok
12:28:27.0504 4948  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:28:27.0520 4948  Cdrom - ok
12:28:27.0535 4948  Changer - ok
12:28:27.0582 4948  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:28:27.0582 4948  CiSvc - ok
12:28:27.0613 4948  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:28:27.0613 4948  ClipSrv - ok
12:28:27.0785 4948  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:28:27.0895 4948  clr_optimization_v2.0.50727_32 - ok
12:28:27.0957 4948  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:28:28.0098 4948  clr_optimization_v4.0.30319_32 - ok
12:28:28.0113 4948  CmdIde - ok
12:28:28.0113 4948  COMSysApp - ok
12:28:28.0129 4948  Cpqarray - ok
12:28:28.0160 4948  Crypkey License - ok
12:28:28.0223 4948  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:28:28.0223 4948  CryptSvc - ok
12:28:28.0426 4948  [ 6299B37CE2B1FAC102F13B9A507D6167 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
12:28:28.0613 4948  ctac32k - ok
12:28:28.0754 4948  [ C06234C73AA6BCC068D239DB66F85E04 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
12:28:28.0989 4948  ctaud2k - ok
12:28:29.0051 4948  [ 750C198416FE8C5576F7BCEE05BC2AC8 ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
12:28:29.0098 4948  ctprxy2k - ok
12:28:29.0176 4948  [ A2CD7B7ACE6D40FCE3C3969FE5D92376 ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
12:28:29.0317 4948  ctsfm2k - ok
12:28:29.0332 4948  dac2w2k - ok
12:28:29.0332 4948  dac960nt - ok
12:28:29.0551 4948  [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:28:29.0567 4948  DcomLaunch - ok
12:28:29.0567 4948  DELTA - ok
12:28:29.0661 4948  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:28:29.0661 4948  Dhcp - ok
12:28:29.0692 4948  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:28:29.0707 4948  Disk - ok
12:28:29.0707 4948  dmadmin - ok
12:28:29.0989 4948  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:28:30.0223 4948  dmboot - ok
12:28:30.0270 4948  [ 526192BF7696F72E29777BF4A180513A ] DMICall         C:\WINDOWS\system32\DRIVERS\DMICall.sys
12:28:30.0270 4948  DMICall - ok
12:28:30.0332 4948  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:28:30.0364 4948  dmio - ok
12:28:30.0426 4948  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:28:30.0442 4948  dmload - ok
12:28:30.0489 4948  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:28:30.0504 4948  dmserver - ok
12:28:30.0520 4948  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:28:30.0536 4948  DMusic - ok
12:28:30.0567 4948  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:28:30.0567 4948  Dnscache - ok
12:28:30.0661 4948  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:28:30.0661 4948  Dot3svc - ok
12:28:30.0676 4948  dpti2o - ok
12:28:30.0692 4948  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:28:30.0692 4948  drmkaud - ok
12:28:30.0786 4948  [ 0849EACDC01487573ADD86F5E470806C ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:28:30.0879 4948  e1express - ok
12:28:30.0926 4948  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:28:30.0926 4948  EapHost - ok
12:28:31.0098 4948  [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
12:28:31.0114 4948  ehRecvr - ok
12:28:31.0176 4948  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
12:28:31.0176 4948  ehSched - ok
12:28:31.0208 4948  [ D22E686F2B81F79A09EDBFDF1BA488F1 ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
12:28:31.0317 4948  emupia - ok
12:28:31.0442 4948  [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
12:28:31.0442 4948  EPSON_PM_RPCV4_01 - ok
12:28:31.0505 4948  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:28:31.0505 4948  ERSvc - ok
12:28:31.0598 4948  [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog        C:\WINDOWS\system32\services.exe
12:28:31.0598 4948  Eventlog - ok
12:28:31.0723 4948  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
12:28:31.0723 4948  EventSystem - ok
12:28:32.0223 4948  [ A9BDCCF9294D50C2FDC9D2939E43A508 ] EWAVE           C:\WINDOWS\system32\drivers\ew.sys
12:28:32.0770 4948  EWAVE - ok
12:28:32.0848 4948  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:28:32.0895 4948  Fastfat - ok
12:28:32.0989 4948  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:28:33.0005 4948  FastUserSwitchingCompatibility - ok
12:28:33.0067 4948  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
12:28:33.0083 4948  Fdc - ok
12:28:33.0114 4948  [ 9658161BEB44D0193B6F2F03372119A2 ] FILESPY         C:\WINDOWS\system32\drivers\FILESPY.sys
12:28:33.0192 4948  FILESPY - ok
12:28:33.0239 4948  [ 5C329E2AB8DD62310213CBFAC0178539 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
12:28:33.0255 4948  FilterService - ok
12:28:33.0286 4948  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:28:33.0302 4948  Fips - ok
12:28:33.0317 4948  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:28:33.0333 4948  Flpydisk - ok
12:28:33.0380 4948  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:28:33.0427 4948  FltMgr - ok
12:28:33.0489 4948  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:28:33.0489 4948  FontCache3.0.0.0 - ok
12:28:33.0536 4948  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:28:33.0536 4948  Fs_Rec - ok
12:28:33.0614 4948  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:28:33.0645 4948  Ftdisk - ok
12:28:33.0817 4948  [ BD98F4D6CCAA81F422316B587C7DA8C1 ] GhostStartService C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
12:28:33.0817 4948  GhostStartService - ok
12:28:33.0817 4948  [ DDB5395D3C385B109B7D3AC57C9BD7A6 ] GhPciScan       C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
12:28:33.0880 4948  GhPciScan - ok
12:28:33.0958 4948  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:28:33.0958 4948  Gpc - ok
12:28:34.0317 4948  [ 2CBDCC0E2AB7B34003BC430756122010 ] GS4ENGINE       C:\Program Files\TASCAM\GigaStudio 4\system\GS4Engine.sys
12:28:34.0755 4948  GS4ENGINE - ok
12:28:35.0161 4948  [ 53AEF448CA736B2FCE243DCDB9C1BF8D ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
12:28:36.0255 4948  ha10kx2k - ok
12:28:36.0333 4948  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:28:36.0474 4948  HDAudBus - ok
12:28:36.0708 4948  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:28:37.0255 4948  helpsvc - ok
12:28:37.0365 4948  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:28:37.0365 4948  HidServ - ok
12:28:37.0443 4948  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:28:37.0490 4948  hidusb - ok
12:28:37.0552 4948  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:28:37.0552 4948  hkmsvc - ok
12:28:37.0568 4948  hpn - ok
12:28:37.0662 4948  [ 9BEC5D4AC6EFDAAF001D42C77811E3DB ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:28:37.0740 4948  HSFHWAZL - ok
12:28:38.0412 4948  [ 6CAD234BECF58529879B6C303F02777F ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:28:39.0193 4948  HSF_DPV - ok
12:28:39.0443 4948  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:28:39.0662 4948  HTTP - ok
12:28:39.0756 4948  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:28:40.0006 4948  HTTPFilter - ok
12:28:40.0600 4948  [ 365C5C63D9ED9E7C8CE19FEBC2B6683D ] hypaudio        C:\WINDOWS\system32\DRIVERS\hypaudio.sys
12:28:41.0725 4948  hypaudio - ok
12:28:41.0959 4948  [ 17916A8405E05F0414DE3AA6D6E0257C ] hypkern         C:\WINDOWS\system32\drivers\hypkern.sys
12:28:42.0256 4948  hypkern - ok
12:28:42.0256 4948  i2omgmt - ok
12:28:42.0272 4948  i2omp - ok
12:28:42.0350 4948  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:28:42.0397 4948  i8042prt - ok
12:28:42.0569 4948  [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon        C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
12:28:42.0569 4948  IAANTMon - ok
12:28:43.0006 4948  [ 9A65E42664D1534B68512CAAD0EFE963 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
12:28:43.0553 4948  iaStor - ok
12:28:43.0725 4948  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:28:43.0725 4948  IDriverT - ok
12:28:44.0210 4948  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:28:44.0241 4948  idsvc - ok
12:28:44.0460 4948  [ 29007134FAA5C261C1DC4E6BC47FB68E ] Image Converter video recording monitor for VAIO Entertainment C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
12:28:44.0460 4948  Image Converter video recording monitor for VAIO Entertainment - ok
12:28:44.0506 4948  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:28:44.0538 4948  Imapi - ok
12:28:44.0678 4948  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:28:44.0678 4948  ImapiService - ok
12:28:44.0694 4948  ini910u - ok
12:28:44.0694 4948  IntelIde - ok
12:28:44.0741 4948  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:28:44.0788 4948  intelppm - ok
12:28:44.0819 4948  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:28:44.0835 4948  Ip6Fw - ok
12:28:44.0897 4948  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:28:44.0913 4948  IpFilterDriver - ok
12:28:44.0960 4948  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:28:44.0991 4948  IpInIp - ok
12:28:45.0085 4948  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:28:45.0194 4948  IpNat - ok
12:28:45.0272 4948  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:28:45.0335 4948  IPSec - ok
12:28:45.0366 4948  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:28:45.0366 4948  IRENUM - ok
12:28:45.0413 4948  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:28:45.0428 4948  isapnp - ok
12:28:45.0491 4948  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:28:45.0491 4948  Kbdclass - ok
12:28:45.0522 4948  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:28:45.0538 4948  kbdhid - ok
12:28:45.0632 4948  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:28:45.0725 4948  kmixer - ok
12:28:45.0804 4948  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:28:45.0819 4948  KSecDD - ok
12:28:45.0882 4948  [ 5A11400EA1F0A106FE7EDB28C270F7B8 ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
12:28:45.0897 4948  L8042Kbd - ok
12:28:45.0929 4948  [ 20C919B52897B72EBCB2AD2FC29D8EF0 ] L8042mou        C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
12:28:45.0975 4948  L8042mou - ok
12:28:46.0054 4948  [ AD799B46A3984D04194DE6C151F10709 ] L8042pr2        C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
12:28:46.0069 4948  L8042pr2 - ok
12:28:46.0147 4948  [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:28:46.0147 4948  lanmanserver - ok
12:28:46.0335 4948  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:28:46.0585 4948  lanmanworkstation - ok
12:28:46.0585 4948  lbrtfdc - ok
12:28:46.0663 4948  [ 34A0797F517A90E7D454F15F5A727964 ] LCcfltr         C:\WINDOWS\system32\Drivers\LCcFltr.Sys
12:28:46.0663 4948  LCcfltr - ok
12:28:46.0788 4948  [ 360BECA015F67DEBA9490E204849180E ] LHidFlt2        C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
12:28:46.0819 4948  LHidFlt2 - ok
12:28:46.0976 4948  [ 31B582394DA3290DFF300F10952E9A4D ] LHidKe          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
12:28:47.0007 4948  LHidKe - ok
12:28:47.0116 4948  [ 3A60D180E820F13897973B7DAD58118D ] LHidUsb         C:\WINDOWS\system32\Drivers\LHidUsb.Sys
12:28:47.0147 4948  LHidUsb - ok
12:28:47.0319 4948  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:28:47.0319 4948  LmHosts - ok
12:28:47.0460 4948  [ D8AF21830FCD3292617FB798A8538573 ] LMouFlt2        C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
12:28:47.0476 4948  LMouFlt2 - ok
12:28:47.0569 4948  [ 90A794D0A0BF3531C4BA1C0510449629 ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:28:47.0616 4948  LMouKE - ok
12:28:47.0694 4948  [ C105A051AA45054991E64AAAC7415785 ] Logic232        C:\WINDOWS\System32\drivers\Logic232.sys
12:28:47.0710 4948  Logic232 - ok
12:28:48.0820 4948  [ 8113133EC42DD6C566908008CE913EDD ] Lvckap          C:\WINDOWS\system32\DRIVERS\LVcKap.sys
12:28:49.0804 4948  Lvckap - ok
12:28:49.0992 4948  [ 9E41266C68C11D7101A2D18CD1F7553E ] LVCOMSer        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
12:28:49.0992 4948  LVCOMSer - ok
12:28:50.0820 4948  [ 0DD5B8AF4917A2821047450195C511B3 ] lvmvdrv         C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
12:28:51.0679 4948  lvmvdrv - ok
12:28:52.0398 4948  [ E8ACF6DD83956FB63CEB058D5F51B18A ] lvpopflt        C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
12:28:53.0023 4948  lvpopflt - ok
12:28:53.0101 4948  [ 406B1D186F75B4B4832D6237859E1B00 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
12:28:53.0101 4948  LVPr2Mon - ok
12:28:53.0148 4948  [ 4FD5A6335FB4FC1F758088B2F90613FE ] LVPrcMon        C:\WINDOWS\system32\drivers\LVPrcMon.sys
12:28:53.0226 4948  LVPrcMon - ok
12:28:53.0383 4948  [ 85C2E84BC1224C75A20B5560D5A15DB9 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
12:28:53.0383 4948  LVPrcSrv - ok
12:28:53.0523 4948  [ 656180E9C0C5199520972426C44BC2F0 ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
12:28:53.0523 4948  LVSrvLauncher - ok
12:28:53.0617 4948  [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta        C:\WINDOWS\system32\drivers\LVUSBSta.sys
12:28:53.0617 4948  LVUSBSta - ok
12:28:54.0445 4948  [ 922BE6770499220DC27B529CA236815A ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
12:28:55.0539 4948  LVUVC - ok
12:28:55.0711 4948  [ 34933232C17FBBFE2E224E5C536A48CF ] MagixASIODrv    C:\MAGIX\Samplitude_V8_demo\mxasio.sys
12:28:55.0821 4948  MagixASIODrv - ok
12:28:55.0852 4948  [ 6D03A526EEDED908759CA8C0E581494D ] MA_CMIDI        C:\WINDOWS\system32\drivers\ma_cmidi.sys
12:28:55.0930 4948  MA_CMIDI - ok
12:28:56.0055 4948  [ 09B32CA2265397A6FADB3AB34F34CA9A ] MA_CMIDI_InstallerService C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
12:28:56.0071 4948  MA_CMIDI_InstallerService - ok
12:28:56.0133 4948  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
12:28:56.0133 4948  MBAMProtector - ok
12:28:56.0493 4948  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:28:56.0493 4948  MBAMScheduler - ok
12:28:56.0836 4948  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:28:56.0836 4948  MBAMService - ok
12:28:56.0915 4948  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
12:28:56.0930 4948  McrdSvc - ok
12:28:56.0977 4948  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:28:56.0977 4948  mdmxsdk - ok
12:28:57.0040 4948  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:28:57.0040 4948  Messenger - ok
12:28:57.0165 4948  [ 4D78F3A4C09E96C7F8EEB2425ED0260A ] mfsyncsv        C:\WINDOWS\system32\mfsyncsv.exe
12:28:57.0180 4948  mfsyncsv - ok
12:28:57.0258 4948  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
12:28:57.0258 4948  MHN - ok
12:28:57.0290 4948  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:28:57.0305 4948  MHNDRV - ok
12:28:57.0336 4948  [ 682BF777ABCF732C7C641B6E13CA2B6B ] MIDUSB          C:\WINDOWS\system32\Drivers\mstud-2drv.sys
12:28:57.0383 4948  MIDUSB - ok
12:28:57.0430 4948  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:57.0461 4948  mnmdd - ok
12:28:57.0493 4948  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:28:57.0493 4948  mnmsrvc - ok
12:28:57.0524 4948  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:28:57.0540 4948  Modem - ok
12:28:57.0805 4948  [ 933EC5231F5D7C8B20A3C13C10333EE1 ] mos24ser        C:\WINDOWS\system32\DRIVERS\mos24ser.sys
12:28:58.0102 4948  mos24ser - ok
12:28:58.0165 4948  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:58.0196 4948  Mouclass - ok
12:28:58.0290 4948  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:58.0352 4948  mouhid - ok
12:28:58.0446 4948  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:58.0477 4948  MountMgr - ok
12:28:58.0649 4948  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:28:58.0743 4948  MpFilter - ok
12:28:59.0556 4948  [ A69630D039C38018689190234F866D77 ] MpKsl4cb7c64d   C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C05F7071-5CA6-44DD-B9E5-A6D9EE1294FA}\MpKsl4cb7c64d.sys
12:28:59.0556 4948  MpKsl4cb7c64d - ok
12:28:59.0587 4948  mraid35x - ok
12:28:59.0727 4948  [ 3E703753985F45A1654E4252813A36F5 ] mrfoldr         C:\WINDOWS\system32\drivers\mrfoldr.sys
12:28:59.0899 4948  mrfoldr - ok
12:29:00.0009 4948  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:29:00.0103 4948  MRxDAV - ok
12:29:00.0415 4948  [ 60AE98742484E7AB80C3C1450E708148 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:29:00.0743 4948  MRxSmb - ok
12:29:01.0009 4948  [ A5FE164169E82E446D717511B390D5D2 ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
12:29:01.0009 4948  MSCSPTISRV - ok
12:29:01.0025 4948  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:29:01.0025 4948  MSDTC - ok
12:29:01.0071 4948  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:29:01.0071 4948  Msfs - ok
12:29:01.0087 4948  MSIServer - ok
12:29:01.0118 4948  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:29:01.0118 4948  MSKSSRV - ok
12:29:01.0275 4948  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:29:01.0275 4948  MsMpSvc - ok
12:29:01.0321 4948  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:29:01.0321 4948  MSPCLOCK - ok
12:29:01.0353 4948  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:29:01.0353 4948  MSPQM - ok
12:29:01.0431 4948  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:29:01.0462 4948  mssmbios - ok
12:29:01.0509 4948  MSSQL$SONY_MEDIAMGR - ok
12:29:01.0618 4948  MSSQL$VAIO_VEDB - ok
12:29:01.0681 4948  [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
12:29:01.0681 4948  MSSQLServerADHelper - ok
12:29:01.0696 4948  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:29:01.0696 4948  MSTEE - ok
12:29:01.0853 4948  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:29:02.0150 4948  Mup - ok
12:29:02.0197 4948  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:29:02.0259 4948  NABTSFEC - ok
12:29:02.0431 4948  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:29:02.0447 4948  napagent - ok
12:29:02.0681 4948  [ D9F779AC35B8FEDB9CBF2D6963D82F63 ] navapsvc        C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
12:29:02.0681 4948  navapsvc - ok
12:29:02.0806 4948  [ 758DDB94F34ADD247E2499F557480116 ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060111.038\NAVENG.Sys
12:29:02.0915 4948  NAVENG - ok
12:29:03.0228 4948  [ 7FA3F4DF4D63E0EB6371FE6152F75CA4 ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060111.038\NavEx15.Sys
12:29:03.0572 4948  NAVEX15 - ok
12:29:03.0681 4948  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:29:03.0775 4948  NDIS - ok
12:29:03.0806 4948  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:29:03.0853 4948  NdisIP - ok
12:29:03.0884 4948  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:29:03.0916 4948  NdisTapi - ok
12:29:03.0962 4948  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:29:03.0978 4948  Ndisuio - ok
12:29:04.0119 4948  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:29:04.0478 4948  NdisWan - ok
12:29:04.0509 4948  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:29:04.0525 4948  NDProxy - ok
12:29:04.0572 4948  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:29:04.0572 4948  NetBIOS - ok
12:29:04.0853 4948  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:29:04.0916 4948  NetBT - ok
12:29:04.0994 4948  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:29:04.0994 4948  NetDDE - ok
12:29:05.0025 4948  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:29:05.0025 4948  NetDDEdsdm - ok
12:29:05.0072 4948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:29:05.0072 4948  Netlogon - ok
12:29:05.0150 4948  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:29:05.0150 4948  Netman - ok
12:29:05.0244 4948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:29:05.0338 4948  NetTcpPortSharing - ok
12:29:05.0431 4948  [ BE149E2DD6DE0E2635310BAF7F897F52 ] NetworkX        C:\WINDOWS\system32\ckldrv.sys
12:29:05.0760 4948  NetworkX - ok
12:29:05.0791 4948  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:29:05.0822 4948  NIC1394 - ok
12:29:05.0978 4948  [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:29:05.0978 4948  Nla - ok
12:29:06.0150 4948  [ F5812BCACBFDCFA9B8E849084D15A9E9 ] NPDriver        C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
12:29:06.0166 4948  NPDriver - ok
12:29:06.0228 4948  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:29:06.0244 4948  Npfs - ok
12:29:06.0385 4948  [ 360F93496FD1664B6E2D318D3E76882A ] NProtectService C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
12:29:06.0385 4948  NProtectService - ok
12:29:06.0478 4948  [ 94F8231032653C2C3802CAD0E28BAD85 ] NSTATION        C:\WINDOWS\system32\drivers\nstation.sys
12:29:06.0525 4948  NSTATION - ok
12:29:06.0760 4948  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:29:06.0979 4948  Ntfs - ok
12:29:07.0025 4948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:29:07.0025 4948  NtLmSsp - ok
12:29:07.0213 4948  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:29:07.0213 4948  NtmsSvc - ok
12:29:07.0275 4948  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:29:07.0291 4948  Null - ok
12:29:07.0338 4948  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:29:07.0354 4948  NwlnkFlt - ok
12:29:07.0432 4948  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:29:07.0447 4948  NwlnkFwd - ok
12:29:07.0541 4948  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:29:07.0572 4948  ohci1394 - ok
12:29:07.0682 4948  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:29:07.0682 4948  ose - ok
12:29:07.0760 4948  [ 308141F9B64B66A9C6F03DB319944234 ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
12:29:07.0838 4948  ossrv - ok
12:29:07.0885 4948  [ 2AACB80F75A0683E32CF350B0C60A17F ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
12:29:07.0885 4948  PACSPTISVR - ok
12:29:07.0963 4948  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:29:07.0994 4948  Parport - ok
12:29:08.0041 4948  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:29:08.0041 4948  PartMgr - ok
12:29:08.0104 4948  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:29:08.0104 4948  ParVdm - ok
12:29:08.0151 4948  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:29:08.0166 4948  PCI - ok
12:29:08.0182 4948  PCIDump - ok
12:29:08.0229 4948  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:29:08.0229 4948  PCIIde - ok
12:29:08.0307 4948  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:29:08.0338 4948  Pcmcia - ok
12:29:08.0338 4948  PDCOMP - ok
12:29:08.0369 4948  PDFRAME - ok
12:29:08.0369 4948  PDRELI - ok
12:29:08.0385 4948  PDRFRAME - ok
12:29:08.0385 4948  perc2 - ok
12:29:08.0385 4948  perc2hib - ok
12:29:08.0447 4948  [ 0BF03C3ED7DD03AB1A3347ECE4209EC5 ] PfModNT         C:\WINDOWS\system32\drivers\PfModNT.sys
12:29:08.0447 4948  PfModNT - ok
12:29:08.0588 4948  [ D0F9F362023BF94CF58A1C3CDBBEBE06 ] PhotoshopElementsDeviceConnect C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
12:29:08.0588 4948  PhotoshopElementsDeviceConnect - ok
12:29:08.0666 4948  [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:29:08.0666 4948  PlugPlay - ok
12:29:08.0682 4948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:29:08.0682 4948  PolicyAgent - ok
12:29:08.0760 4948  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:29:08.0776 4948  PptpMiniport - ok
12:29:08.0823 4948  [ 04F3971B70A7855F04D351AA4BEE7799 ] PQNTDrv         C:\WINDOWS\system32\drivers\PQNTDrv.sys
12:29:08.0838 4948  PQNTDrv - ok
12:29:08.0838 4948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:29:08.0854 4948  ProtectedStorage - ok
12:29:08.0885 4948  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:29:08.0901 4948  PSched - ok
12:29:08.0963 4948  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:29:08.0963 4948  Ptilink - ok
12:29:09.0026 4948  [ 86724469CD077901706854974CD13C3E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:29:09.0026 4948  PxHelp20 - ok
12:29:09.0041 4948  ql1080 - ok
12:29:09.0057 4948  Ql10wnt - ok
12:29:09.0057 4948  ql12160 - ok
12:29:09.0057 4948  ql1240 - ok
12:29:09.0073 4948  ql1280 - ok
12:29:09.0135 4948  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:29:09.0135 4948  RasAcd - ok
12:29:09.0198 4948  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:29:09.0198 4948  RasAuto - ok
12:29:09.0244 4948  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:29:09.0260 4948  Rasl2tp - ok
12:29:09.0369 4948  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:29:09.0369 4948  RasMan - ok
12:29:09.0401 4948  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:29:09.0416 4948  RasPppoe - ok
12:29:09.0479 4948  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:29:09.0495 4948  Raspti - ok
12:29:09.0557 4948  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:29:09.0604 4948  Rdbss - ok
12:29:09.0651 4948  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:29:09.0651 4948  RDPCDD - ok
12:29:09.0745 4948  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:29:09.0807 4948  rdpdr - ok
12:29:09.0916 4948  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:29:09.0995 4948  RDPWD - ok
12:29:10.0073 4948  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:29:10.0073 4948  RDSessMgr - ok
12:29:10.0135 4948  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:29:10.0151 4948  redbook - ok
12:29:10.0198 4948  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:29:10.0213 4948  RemoteAccess - ok
12:29:10.0307 4948  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:29:10.0307 4948  RemoteRegistry - ok
12:29:10.0417 4948  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:29:10.0432 4948  RpcLocator - ok
12:29:10.0604 4948  [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:29:10.0604 4948  RpcSs - ok
12:29:10.0776 4948  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:29:10.0776 4948  RSVP - ok
12:29:10.0838 4948  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:29:10.0838 4948  SamSs - ok
12:29:11.0042 4948  [ 0C67E81ABBE009D074563D86C4457DA6 ] SAVRT           C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS
12:29:11.0135 4948  SAVRT - ok
12:29:11.0182 4948  [ B51DDBE72D6650658D243B78F157FCF0 ] SAVRTPEL        C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS
12:29:11.0198 4948  SAVRTPEL - ok
12:29:11.0276 4948  [ 760B4D1D222B534422BB81E5EBBACB57 ] SAVScan         C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
12:29:11.0276 4948  SAVScan - ok
12:29:11.0339 4948  [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port        C:\WINDOWS\system32\DRIVERS\sbp2port.sys
12:29:11.0354 4948  sbp2port - ok
12:29:11.0432 4948  [ 928627472ADBD58BB72D5BB9CB1448F6 ] SBService       C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
12:29:11.0432 4948  SBService - ok
12:29:11.0495 4948  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:29:11.0510 4948  SCardSvr - ok
12:29:11.0620 4948  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:29:11.0620 4948  Schedule - ok
12:29:11.0714 4948  [ 491F052B8F1E05B396D15EC9BF36565A ] SDdriver        C:\WINDOWS\system32\Drivers\sddriver.sys
12:29:11.0854 4948  SDdriver - ok
12:29:11.0901 4948  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:29:11.0917 4948  Secdrv - ok
12:29:11.0964 4948  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:29:11.0964 4948  seclogon - ok
12:29:11.0979 4948  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:29:11.0979 4948  SENS - ok
12:29:11.0995 4948  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:29:11.0995 4948  Serenum - ok
12:29:12.0073 4948  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:29:12.0089 4948  Serial - ok
12:29:12.0151 4948  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:29:12.0151 4948  Sfloppy - ok
12:29:12.0292 4948  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:29:12.0292 4948  SharedAccess - ok
12:29:12.0401 4948  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:29:12.0401 4948  ShellHWDetection - ok
12:29:12.0401 4948  Simbad - ok
12:29:12.0417 4948  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:29:12.0417 4948  SLIP - ok
12:29:12.0682 4948  [ 27D6BE8E961AB9DF26EC5CE823B68B7F ] smrt            C:\WINDOWS\system32\DRIVERS\smrt.sys
12:29:12.0933 4948  smrt - ok
12:29:13.0104 4948  [ 997BF60BEF992C61C3014EF5C56D93EA ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
12:29:13.0104 4948  SNDSrvc - ok
12:29:13.0198 4948  [ 447AF8EF9C114AF75E252BE2A4E9C4AA ] SonicStageMonitoring C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
12:29:13.0198 4948  SonicStageMonitoring - ok
12:29:13.0308 4948  [ CD1BEA0CB0E96B828D225B106CBFB968 ] Sony TV Tuner Controller C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
12:29:13.0308 4948  Sony TV Tuner Controller - ok
12:29:13.0370 4948  [ AF35291F72F6CF0915765E44F1045305 ] Sony TV Tuner Manager C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
12:29:13.0370 4948  Sony TV Tuner Manager - ok
12:29:13.0417 4948  [ EFAAEED11AAF285435A0DCFE15047983 ] Sony TVTA Manager C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
12:29:13.0417 4948  Sony TVTA Manager - ok
12:29:13.0464 4948  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:29:13.0464 4948  SONYPVU1 - ok
12:29:13.0464 4948  Sparrow - ok
12:29:13.0558 4948  [ 5E71D2342B963E61F99B19CB2E462C63 ] Speed Disk service C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
12:29:13.0558 4948  Speed Disk service - ok
12:29:13.0620 4948  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:29:13.0620 4948  splitter - ok
12:29:13.0698 4948  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:29:13.0714 4948  Spooler - ok
12:29:13.0980 4948  [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
12:29:13.0980 4948  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
12:29:13.0980 4948  sptd ( LockedFile.Multi.Generic ) - warning
12:29:13.0980 4948  sptd - detected LockedFile.Multi.Generic (1)
12:29:14.0026 4948  [ B451765E79957D651FB4B7ABB2DD804F ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
12:29:14.0026 4948  SPTISRV - ok
12:29:14.0026 4948  SQLAgent$SONY_MEDIAMGR - ok
12:29:14.0026 4948  SQLAgent$VAIO_VEDB - ok
12:29:14.0073 4948  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:29:14.0089 4948  sr - ok
12:29:14.0151 4948  [ BB1CC49B817D2551EB321F4A9AFB7D8C ] srescan         C:\WINDOWS\system32\ZoneLabs\srescan.sys
12:29:14.0167 4948  srescan - ok
12:29:14.0276 4948  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:29:14.0276 4948  srservice - ok
12:29:14.0433 4948  [ 3BB03F2BA89D2BE417206C373D2AF17C ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:29:14.0542 4948  Srv - ok
12:29:14.0573 4948  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:29:14.0573 4948  SSDPSRV - ok
12:29:14.0652 4948  [ ACB893CDED2C6EA692782433EA885CEA ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
12:29:14.0652 4948  SSScsiSV - ok
12:29:14.0933 4948  STacSV - ok
12:29:15.0120 4948  [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:29:15.0120 4948  StarWindServiceAE - ok
12:29:15.0542 4948  [ 6AD7569CC5E40B94932EC56097C5DCCD ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
12:29:15.0933 4948  STHDA - ok
12:29:16.0136 4948  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:29:16.0136 4948  stisvc - ok
12:29:16.0183 4948  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:29:16.0199 4948  streamip - ok
12:29:16.0246 4948  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:29:16.0246 4948  swenum - ok
12:29:16.0324 4948  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:29:16.0339 4948  swmidi - ok
12:29:16.0339 4948  SwPrv - ok
12:29:16.0558 4948  [ 94D3C8257776019A7A96AF69F62BA509 ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
12:29:16.0574 4948  Symantec Core LC - ok
12:29:16.0574 4948  symc810 - ok
12:29:16.0574 4948  symc8xx - ok
12:29:16.0667 4948  [ C9B8F325B2A22CDA1BDA7B25181B1389 ] SymEvent        C:\Program Files\Symantec\SYMEVENT.SYS
12:29:16.0667 4948  SymEvent - ok
12:29:16.0667 4948  [ 993C0CB4BEDDDEBF7254191EC8A3F67E ] symlcbrd        C:\WINDOWS\system32\drivers\symlcbrd.sys
12:29:16.0683 4948  symlcbrd - ok
12:29:16.0714 4948  [ F26E71125DA173D57CABA3457C5E48CF ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
12:29:16.0730 4948  SYMREDRV - ok
12:29:16.0839 4948  [ 23B6ADBAA7026C53B5EF102E56750B13 ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
12:29:16.0917 4948  SYMTDI - ok
12:29:16.0933 4948  sym_hi - ok
12:29:16.0933 4948  sym_u3 - ok
12:29:16.0980 4948  [ E46088B882E6315518630E249DDF958C ] SynasUSB        C:\WINDOWS\system32\drivers\SynasUSB.sys
12:29:17.0011 4948  SynasUSB - ok
12:29:17.0058 4948  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:29:17.0074 4948  sysaudio - ok
12:29:17.0136 4948  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:29:17.0152 4948  SysmonLog - ok
12:29:17.0308 4948  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:29:17.0308 4948  TapiSrv - ok
12:29:17.0449 4948  [ C144CE996761283D05457029269099C0 ] TASCAM_US122144 C:\WINDOWS\system32\Drivers\tascusb2.sys
12:29:17.0668 4948  TASCAM_US122144 - ok
12:29:17.0683 4948  [ F68AFE976F89F13C23F3CF71C73325B3 ] TASCAM_US144_MIDI C:\WINDOWS\system32\drivers\tscusb2m.sys
12:29:17.0714 4948  TASCAM_US144_MIDI - ok
12:29:17.0730 4948  [ EBFC6774EC57B87E9CE139D2B7CCB4EF ] TASCAM_US144_WDM C:\WINDOWS\system32\drivers\tscusb2a.sys
12:29:17.0777 4948  TASCAM_US144_WDM - ok
12:29:17.0902 4948  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:29:18.0058 4948  Tcpip - ok
12:29:18.0105 4948  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:29:18.0105 4948  TDPIPE - ok
12:29:18.0136 4948  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:29:18.0152 4948  TDTCP - ok
12:29:18.0183 4948  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:29:18.0183 4948  TermDD - ok
12:29:18.0340 4948  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:29:18.0340 4948  TermService - ok
12:29:18.0402 4948  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:29:18.0402 4948  Themes - ok
12:29:18.0465 4948  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:29:18.0465 4948  TlntSvr - ok
12:29:18.0465 4948  TosIde - ok
12:29:18.0543 4948  [ 5815AE5EF8519066F19E575D67F6F191 ] TPkd            C:\WINDOWS\system32\drivers\TPkd.sys
12:29:18.0683 4948  TPkd - ok
12:29:18.0762 4948  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:29:18.0762 4948  TrkWks - ok
12:29:18.0824 4948  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:29:18.0840 4948  Udfs - ok
12:29:18.0855 4948  ultra - ok
12:29:19.0012 4948  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:29:19.0121 4948  Update - ok
12:29:19.0199 4948  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:29:19.0199 4948  upnphost - ok
12:29:19.0246 4948  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:29:19.0246 4948  UPS - ok
12:29:19.0293 4948  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:29:19.0308 4948  usbaudio - ok
12:29:19.0340 4948  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:29:19.0355 4948  usbccgp - ok
12:29:19.0371 4948  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:29:19.0387 4948  usbehci - ok
12:29:19.0418 4948  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:29:19.0433 4948  usbhub - ok
12:29:19.0465 4948  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:29:19.0480 4948  usbprint - ok
12:29:19.0512 4948  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:29:19.0512 4948  usbscan - ok
12:29:19.0558 4948  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:29:19.0558 4948  usbstor - ok
12:29:19.0574 4948  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:29:19.0590 4948  usbuhci - ok
12:29:19.0652 4948  [ B648E3C89F2944A013ED452A8BFB6D68 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
12:29:19.0652 4948  VAIO Entertainment TV Device Arbitration Service - ok
12:29:19.0746 4948  [ 2B0EAC2B6E5F1C5E007DABAE101028B0 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
12:29:19.0746 4948  VAIO Event Service - ok
12:29:20.0387 4948  [ 563335C39DC70DEA5318DE264CDAADA7 ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
12:29:20.0434 4948  VAIOMediaPlatform-IntegratedServer-AppServer - ok
12:29:20.0481 4948  [ ECBCC89C8DA6EB5D73301792E5E44DA6 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
12:29:20.0481 4948  VAIOMediaPlatform-IntegratedServer-HTTP - ok
12:29:20.0731 4948  [ 028D7AA7C9E7BA459534795908AB414C ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
12:29:20.0746 4948  VAIOMediaPlatform-IntegratedServer-UPnP - ok
12:29:20.0746 4948  Vcsw - ok
12:29:20.0793 4948  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:29:20.0809 4948  VgaSave - ok
12:29:20.0809 4948  ViaIde - ok
12:29:20.0840 4948  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:29:20.0856 4948  VolSnap - ok
12:29:21.0012 4948  [ 13A225A31F8D64A395373E9434D2D1AB ] vsdatant        C:\WINDOWS\system32\vsdatant.sys
12:29:21.0012 4948  vsdatant - ok
12:29:21.0012 4948  vsmon - ok
12:29:21.0137 4948  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:29:21.0137 4948  VSS - ok
12:29:21.0293 4948  [ 0BD64CCEA7B4BF25CA2FB9BF1444DFD9 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
12:29:21.0293 4948  VzCdbSvc - ok
12:29:21.0340 4948  [ E81E8C7DC7EBC6CEDE156EAAD5EF9C8E ] VzFw            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
12:29:21.0340 4948  VzFw - ok
12:29:21.0403 4948  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:29:21.0418 4948  W32Time - ok
12:29:21.0434 4948  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:29:21.0449 4948  Wanarp - ok
12:29:21.0668 4948  [ 060E8CB99CC0A6751DB5810C042B0D45 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:29:21.0840 4948  Wdf01000 - ok
12:29:21.0856 4948  WDICA - ok
12:29:21.0934 4948  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:29:21.0965 4948  wdmaud - ok
12:29:22.0028 4948  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:29:22.0028 4948  WebClient - ok
12:29:22.0293 4948  [ AB7646D4CB9BB83D29D21EF7E00A0D15 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:29:22.0543 4948  winachsf - ok
12:29:22.0715 4948  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:29:22.0715 4948  winmgmt - ok
12:29:22.0793 4948  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:29:22.0793 4948  WmdmPmSN - ok
12:29:23.0028 4948  [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:29:23.0028 4948  Wmi - ok
12:29:23.0122 4948  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:29:23.0122 4948  WmiApSrv - ok
12:29:23.0465 4948  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:29:23.0481 4948  WMPNetworkSvc - ok
12:29:23.0856 4948  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:29:23.0872 4948  WPFFontCache_v0400 - ok
12:29:23.0903 4948  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:29:23.0903 4948  WS2IFSL - ok
12:29:23.0981 4948  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:29:23.0981 4948  wscsvc - ok
12:29:24.0012 4948  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:29:24.0028 4948  WSTCODEC - ok
12:29:24.0059 4948  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:29:24.0059 4948  wuauserv - ok
12:29:24.0122 4948  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:29:24.0137 4948  WudfPf - ok
12:29:24.0169 4948  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:29:24.0200 4948  WudfRd - ok
12:29:24.0231 4948  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:29:24.0231 4948  WudfSvc - ok
12:29:24.0419 4948  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:29:24.0419 4948  WZCSVC - ok
12:29:24.0497 4948  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:29:24.0497 4948  xmlprov - ok
12:29:24.0512 4948  ================ Scan global ===============================
12:29:24.0575 4948  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:29:24.0700 4948  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:29:24.0919 4948  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:29:25.0122 4948  [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
12:29:25.0122 4948  [Global] - ok
12:29:25.0122 4948  ================ Scan MBR ==================================
12:29:25.0153 4948  [ DD654EBC28EA19FC767AF95A73CCA807 ] \Device\Harddisk0\DR0
12:29:25.0387 4948  \Device\Harddisk0\DR0 - ok
12:29:25.0403 4948  [ DD654EBC28EA19FC767AF95A73CCA807 ] \Device\Harddisk1\DR1
12:29:25.0512 4948  \Device\Harddisk1\DR1 - ok
12:29:25.0512 4948  [ DD654EBC28EA19FC767AF95A73CCA807 ] \Device\Harddisk2\DR2
12:29:25.0544 4948  \Device\Harddisk2\DR2 - ok
12:29:25.0559 4948  [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk3\DR3
12:29:28.0825 4948  \Device\Harddisk3\DR3 - ok
12:29:28.0825 4948  ================ Scan VBR ==================================
12:29:28.0872 4948  [ 28770C4C9B765CFDA99C2080E61AF110 ] \Device\Harddisk0\DR0\Partition1
12:29:28.0872 4948  \Device\Harddisk0\DR0\Partition1 - ok
12:29:28.0935 4948  [ DDE03DD3FB1FEB484A71A8FB1947C503 ] \Device\Harddisk1\DR1\Partition1
12:29:28.0935 4948  \Device\Harddisk1\DR1\Partition1 - ok
12:29:28.0966 4948  [ 1A92E9CF5F9AF132BF5B1E999822D6E0 ] \Device\Harddisk1\DR1\Partition2
12:29:29.0013 4948  \Device\Harddisk1\DR1\Partition2 - ok
12:29:29.0013 4948  [ 24B070622F99B174EB627A434D839030 ] \Device\Harddisk2\DR2\Partition1
12:29:29.0013 4948  \Device\Harddisk2\DR2\Partition1 - ok
12:29:29.0029 4948  [ C92B7131EB227A7FC62CFD72991CB0C6 ] \Device\Harddisk3\DR3\Partition1
12:29:29.0029 4948  \Device\Harddisk3\DR3\Partition1 - ok
12:29:29.0029 4948  ============================================================
12:29:29.0029 4948  Scan finished
12:29:29.0029 4948  ============================================================
12:29:29.0044 4804  Detected object count: 1
12:29:29.0044 4804  Actual detected object count: 1
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 PM

Posted 02 June 2013 - 02:53 PM

mbarrrrr_zps191062b8.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 C-A

C-A
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 June 2013 - 11:30 AM

When I am running the Malwarebytes Anti-Rootkit, should I use its cleanup function and remove any threats found, or should I just report the log to you before taking any action?



#6 C-A

C-A
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 June 2013 - 12:23 PM

I ran Malwarebytes Anti-rootkit.  After receiving the message "Initializing - OK" it took 30 seconds, and an Error message appeared: "The system volume seems inaccessible or encrypted. Scan can't continue. Simultaneously, Malwarebytes showed the screen "Scan Finished: No malware found!"

 

After exiting MB Anti-rootkit, Winpatrol reported that MB ARK was added as a startup program, which I allowed.  I read the MB "readme" which said the ARK could be run in safe mode.  I restarted the computer in safe mode.  When starting in safe mode I received a message: "CLick Esc to stop SPTD.SYS from loading". I allowed it to load. I ran MB ARK, but again I received the same error message as the first time.  I restarted in safe mode once again, this time I canceled the loading of SPTD.sys by clicking Esc.  I ran MB ARK, but once again received the same error message. I have attached a jpg of the error message.

 

Thanks

Attached Files


Edited by C-A, 03 June 2013 - 12:26 PM.


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 PM

Posted 03 June 2013 - 04:55 PM

Hi,
 
Thanks for letting me exactly what is happening.   :)
 
Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 C-A

C-A
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 June 2013 - 05:51 PM

Thanks,

 

Here's the combofix log:

 

ComboFix 13-06-03.06 - Hans 06/03/2013  15:31:28.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1473 [GMT -7:00]
Running from: c:\documents and settings\Hans\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-03 to 2013-06-03  )))))))))))))))))))))))))))))))
.
.
2013-06-03 22:17 . 2013-06-03 22:17 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{459714B6-6BBD-4DFF-818F-F20C6E4CA367}\offreg.dll
2013-06-03 16:35 . 2013-06-03 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-03 02:41 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{459714B6-6BBD-4DFF-818F-F20C6E4CA367}\mpengine.dll
2013-06-02 19:30 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-27 19:46 . 2013-05-27 19:46 -------- d-----w- c:\windows\Microsoft Antimalware
2013-05-23 23:17 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-23 23:16 . 2012-06-02 22:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-05-23 23:16 . 2012-06-02 22:18 214256 ----a-w- c:\windows\system32\muweb.dll
2013-05-23 23:15 . 2013-05-23 23:15 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-05-10 00:04 . 2013-05-10 00:04 -------- d-----w- c:\documents and settings\Hans\Application Data\WinPatrol
2013-05-10 00:04 . 2013-05-10 00:04 -------- d-----w- c:\program files\BillP Studios
2013-05-10 00:04 . 2013-05-10 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2013-05-06 00:26 . 2013-05-06 00:26 -------- d-----w- c:\program files\CCleaner
2013-05-05 17:17 . 2013-05-05 17:17 -------- d-----w- c:\program files\VS Revo Group
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 03:36 . 2012-12-07 04:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 03:36 . 2011-10-11 01:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 21:50 . 2013-05-01 06:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 02:09 . 2013-05-01 05:58 13352 ----a-w- c:\windows\system32\mfchboot.exe
2013-04-03 02:08 . 2013-05-01 05:58 77104 ----a-w- c:\windows\system32\drivers\mrfoldr.sys
2013-04-03 02:08 . 2013-05-01 05:58 182312 ----a-w- c:\windows\system32\mfsyncsv.exe
2013-03-06 22:32 . 2013-05-02 00:19 228600 ----a-w- c:\windows\system32\aswBoot.exe
2002-11-11 22:56 . 2002-11-11 22:56 155648 ----a-w- c:\program files\Common Files\MTron Sounds Installer.exe
1998-02-11 00:34 . 2009-08-17 00:41 128000 ----a-w- c:\program files\UNWISE.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Hans\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Hans\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Hans\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Hans\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-10-22 25088]
"PatchMix DSP Application"="c:\program files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe" [2005-09-26 610427]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"LgWDskTp"="c:\program files\Wireless Desktop\LgWDskTp.exe" [2004-10-27 65536]
"Logitech Utility"="Logi_MwX.Exe" [2004-10-18 19968]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-02-25 95960]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-26 2178832]
"MMTray"="c:\program files\Morgan\m3jpegV3\MMTray.exe" [2001-11-09 53248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"MirrorFolderShell"="c:\program files\MirrorFolder\mrfshl.exe" [2013-04-03 228904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-1 450560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=mstud-2int.cpl
"midi3"=mstart-2int.cpl
"midi4"=ma_cmidn.dll
"midi6"=mstart-2int.cpl
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-02-22 11:30 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 21:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSound Monitor]
2008-07-03 21:14 248336 ----a-w- c:\program files\Common Files\TASCAM\QuickSound\QSMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 08:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Hans\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [4/30/2013 10:58 PM 77104]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/23/2008 12:30 PM 716272]
R1 GhPciScan;GhostPciScanner;c:\program files\Norton SystemWorks\Norton Ghost\GhPciScan.sys [5/28/2003 8:01 PM 5632]
R2 Logic232;Logic232;c:\windows\system32\drivers\Logic232.sys [9/5/2009 3:52 PM 6356]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [9/14/2009 10:34 PM 1347584]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [9/14/2009 10:34 PM 164864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/30/2013 11:01 PM 22856]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [9/9/2009 3:17 PM 8960]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [9/9/2009 3:15 PM 17280]
S3 EWAVE;EWAVE;c:\windows\system32\drivers\ew.sys [2/15/2007 2:05 PM 1447040]
S3 FILESPY;FILESPY;c:\windows\system32\drivers\FileSpy.sys [2/15/2007 2:05 PM 26992]
S3 GS4ENGINE;GS4ENGINE;c:\program files\Tascam\GigaStudio 4\System\GS4ENGINE.sys [7/3/2008 2:16 PM 857104]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\magix\Samplitude_V8_demo\mxasio.sys [3/30/2006 2:57 PM 4899]
S3 MIDUSB;Driver for MidiStuio-2;c:\windows\system32\drivers\mstud-2drv.sys [1/16/2006 9:38 AM 17920]
S3 mos24ser;MosChip High-Speed USB MultiSerial Device Service;c:\windows\system32\drivers\mos24ser.sys [9/5/2009 2:50 PM 546560]
S3 NSTATION;NSTATION;c:\windows\system32\drivers\NSTATION.sys [2/15/2007 2:05 PM 18944]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [11/29/2007 8:44 PM 23288]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2/20/2007 12:57 PM 356352]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2/20/2007 12:57 PM 18432]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [2/20/2007 12:57 PM 32768]
S4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-07 03:36]
.
2013-05-23 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-05-31 10:03]
.
2013-06-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
2007-11-25 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-17 23:34]
.
2006-01-14 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-08-20 00:12]
.
2013-06-03 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 12:48]
.
2006-01-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-01-14 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-03 15:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Std\7.0\DefaultPreset]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\Adobe\\Premiere Standard\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Std\7.0\Help]
@DACL=(02 0000)
@SACL=
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Standard\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Standard\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\mstart-2int.cpl
c:\windows\system32\mstud-2int.cpl
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\mstart-2int.cpl
c:\windows\system32\mstud-2int.cpl
.
Completion time: 2013-06-03  15:44:44
ComboFix-quarantined-files.txt  2013-06-03 22:44
.
Pre-Run: 37,720,117,248 bytes free
Post-Run: 37,771,952,128 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 33FB6A16E6BED3EBBB3D316D9F5B5ADC
 



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 PM

Posted 03 June 2013 - 08:54 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\windows\system32\drivers\FileSpy.sys
 
c:\windows\system32\mfchboot.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 C-A

C-A
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 04 June 2013 - 12:09 AM

Thanks Jeff,

 

I scanned both files.  Here are the links to the result pages:

 

FileSpy.sys

https://www.virustotal.com/en/file/024353c791a3a2e07de739b90d499f65863bc8021f6d60eb13bf50c7c8a7d59c/analysis/1370322116/

 

mfchboot.exe

https://www.virustotal.com/en/file/612324bfb21be77c78418c936f62d03b270dd44802ffdad21dc697a92b9620b3/analysis/1370322380/

 

 

 

 

 



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 PM

Posted 04 June 2013 - 06:34 AM

Ok thank you.

 

How is your system running now?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 C-A

C-A
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 04 June 2013 - 11:32 AM

Microsoft Security Essentials is still showing Alureon.J as active.  I tried to remove it again with MSE, but without result.  I have attached a screenshot of MSE.

 

Attached Files


Edited by C-A, 04 June 2013 - 11:34 AM.


#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 PM

Posted 04 June 2013 - 02:48 PM

Please download Farbar Recovery Scan Tool (32 bit version) and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 C-A

C-A
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 June 2013 - 01:37 AM

Thanks Jeff,

 

Here is the FRST log.  I have also attached the Addition.txt which I noticed had some info on the Alureon.J trojan.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2013 02
Ran by Hans (administrator) on 04-06-2013 23:28:38
Running from C:\Documents and Settings\Hans\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\crypserv.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Symantec Corporation) C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
() C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Techsoft) C:\WINDOWS\system32\mfsyncsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
(Symantec Corporation) C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
(Sony Corporation) C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
(Symantec Corporation) C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
(Logitech Inc.) C:\Program Files\Wireless Desktop\LgWDskTp.exe
(Logitech Inc.) C:\WINDOWS\Logi_MwX.Exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Morgan Multimedia) C:\Program Files\Morgan\m3jpegV3\MMTray.exe
(Techsoft) C:\Program Files\MirrorFolder\mrfshl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Sony Corporation) C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-03-22] (ATI Technologies, Inc.)
HKLM\...\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [28672 2003-04-19] (Sony Electronics Inc)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [139264 2005-06-17] (Intel Corporation)
HKLM\...\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe [65536 2004-10-27] (Logitech Inc.)
HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]
HKLM\...\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [28672 2003-04-19] (Sony Electronics Inc)
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [71328 2005-12-12] (Symantec Corporation)
HKLM\...\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [95960 2007-02-25] (Symantec Corporation)
HKLM\...\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [563984 2007-10-25] ()
HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [2178832 2007-10-25] ()
HKLM\...\Run: [MMTray] "C:\Program Files\Morgan\m3jpegV3\MMTray.exe" [53248 2001-11-08] (Morgan Multimedia)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MirrorFolderShell] C:\Program Files\MirrorFolder\mrfshl.exe [228904 2013-04-02] (Techsoft)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKCU\...\Run: [PatchMix DSP Application] C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe [610427 2005-09-26] (EMU Systems)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (Symantec Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
PDF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354576101265
PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [255648 2005-12-12] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [87712 2005-12-12] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [235168 2005-12-12] (Symantec Corporation)
R2 Crypkey License; C:\Windows\System32\crypserv.exe [61440 2003-11-26] (CrypKey (Canada) Ltd.)
R2 EPSON_PM_RPCV4_01; C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 GhostStartService; C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe [200704 2003-05-28] (Symantec Corporation)
S3 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-04-05] (Sony Corporation)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 MA_CMIDI_InstallerService; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [94208 2007-01-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 mfsyncsv; C:\Windows\system32\mfsyncsv.exe [182312 2013-04-02] (Techsoft)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S3 navapsvc; C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe [158376 2003-08-17] (Symantec Corporation)
R2 NProtectService; C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE [81920 2003-09-10] (Symantec Corporation)
S4 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()
S3 SAVScan; C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe [193816 2003-08-09] (Symantec Corporation)
S2 SBService; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [66784 2003-06-24] (Symantec Corporation)
S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-01-21] (Symantec Corporation)
R2 SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [135168 2005-03-11] (Sony Corporation)
S3 Sony TV Tuner Controller; C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe [118784 2003-08-13] (Sony Corporation)
R3 Sony TV Tuner Manager; C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe [94208 2003-08-13] (Sony Corporation)
R2 Sony TVTA Manager; C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe [106496 2003-08-13] (Sony Corporation)
R2 Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE [176193 2003-09-10] (Symantec Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-06-07] (Sony Corporation)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S3 SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2005-06-03] (Sony Corporation)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [585728 2006-01-13] (Symantec Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2005-06-15] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [1851392 2005-06-07] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2005-06-07] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [270336 2005-06-15] (Sony Corporation)
S3 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2402184 2009-02-16] (Check Point Software Technologies LTD)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [167936 2005-06-15] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2005-06-15] (Sony Corporation)
S2 STacSV; c:\docume~1\hans\locals~1\temp\cdm\{1b650294-cb2b-4c5c-b3ef-ff6b3b7af9bb}\STacSV.exe [x]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]

==================== Drivers (Whitelisted) ====================

R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [82380 2009-03-11] (Oak Technology Inc.)
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [17005 2003-05-28] (Adaptec)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1034752 2005-03-22] (ATI Technologies Inc.)
S3 bautopw; C:\Windows\System32\drivers\bautopw.sys [8960 2009-03-04] (BUFFALO INC.)
S3 bfturboh; C:\Windows\System32\drivers\bfturboh.sys [17280 2008-07-22] (BUFFALO INC.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 EWAVE; C:\WINDOWS\system32\drivers\ew.sys [1447040 2006-12-07] (TASCAM)
S3 FILESPY; C:\WINDOWS\system32\drivers\FILESPY.sys [26992 2006-12-07] (TASCAM)
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [22560 2007-02-03] (Logitech Inc.)
R1 GhPciScan; C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [5632 2003-05-28] (Symantec Corporation)
S3 GS4ENGINE; C:\Program Files\TASCAM\GigaStudio 4\system\GS4Engine.sys [857104 2008-07-03] (TASCAM)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [746496 2005-10-22] (Creative Technology Ltd)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [178048 2005-05-23] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1034752 2005-05-23] (Conexant Systems, Inc.)
R3 hypkern; C:\Windows\System32\drivers\hypkern.sys [164864 2009-08-25] ()
S3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [54008 2004-10-18] (Logitech, Inc.)
S3 LCcfltr; C:\Windows\System32\Drivers\LCcFltr.Sys [15126 2004-10-18] (Logitech, Inc.)
R3 LHidKe; C:\Windows\System32\DRIVERS\LHidKE.Sys [25600 2005-05-20] (Logitech, Inc.)
S3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37814 2004-10-18] (Logitech, Inc.)
R2 Logic232; C:\WINDOWS\System32\drivers\Logic232.sys [6356 2001-07-30] (emagic Soft- und Hardware GmbH, Germany)
S3 Lvckap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 lvmvdrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-12-09] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 MagixASIODrv; C:\MAGIX\Samplitude_V8_demo\mxasio.sys [4899 2002-04-16] (MAGIX AG)
S3 MA_CMIDI; C:\Windows\System32\drivers\ma_cmidi.sys [21888 2006-08-16] (M-Audio)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MIDUSB; C:\Windows\System32\Drivers\mstud-2drv.sys [17920 2005-08-16] (Miditech GmbH)
S3 mos24ser; C:\Windows\System32\DRIVERS\mos24ser.sys [546560 2006-10-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R0 mrfoldr; C:\Windows\System32\drivers\mrfoldr.sys [77104 2013-04-02] (Techsoft)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060111.038\NAVENG.Sys [77864 2006-01-11] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060111.038\NavEx15.Sys [750952 2006-01-11] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28518 2003-07-28] ()
R3 NPDriver; C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [258476 2003-09-10] (Symantec Corporation)
S3 NSTATION; C:\WINDOWS\system32\drivers\nstation.sys [18944 2006-12-07] (TASCAM)
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [9216 2005-10-22] (Creative Technology Ltd.)
R1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation)
S3 SAVRT; C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS [300736 2003-08-06] (Symantec Corporation)
R1 SAVRTPEL; C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS [35008 2003-08-06] (Symantec Corporation)
S3 SDdriver; C:\WINDOWS\system32\Drivers\sddriver.sys [90272 2003-09-10] (Symantec Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 smrt; C:\Windows\System32\DRIVERS\smrt.sys [788736 2004-08-05] (Sony Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2008-02-23] ()
R0 srescan; C:\Windows\System32\ZoneLabs\srescan.sys [51688 2008-11-17] (Check Point Software Technologies LTD)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1271032 2008-04-10] (IDT, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [124016 2006-09-15] (Symantec Corporation)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [2397 2006-01-13] ()
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26424 2005-01-21] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267384 2005-01-21] (Symantec Corporation)
S3 SynasUSB; C:\Windows\System32\drivers\SynasUSB.sys [23288 2007-10-24] (SIA Syncrosoft)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [356352 2007-08-31] (TASCAM)
S3 TASCAM_US144_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [18432 2007-08-31] (TASCAM)
S3 TASCAM_US144_WDM; C:\Windows\System32\drivers\tscusb2a.sys [32768 2007-08-31] (TASCAM)
R0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [90472 2009-05-21] (PACE Anti-Piracy, Inc.)
R1 vsdatant; C:\Windows\System32\vsdatant.sys [353672 2009-02-16] (Check Point Software Technologies LTD)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
U3 atmxk9ne; C:\Windows\System32\Drivers\atmxk9ne.sys [0 ] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\DOCUME~1\Hans\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S3 DELTA; system32\drivers\delta.sys [x]
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-04 23:28 - 2013-06-04 23:28 - 00000000 ____D C:\FRST
2013-06-04 23:27 - 2013-06-04 23:27 - 01356205 ____A (Farbar) C:\Documents and Settings\Hans\Desktop\FRST.exe
2013-06-03 15:44 - 2013-06-03 15:44 - 00016118 ____A C:\ComboFix.txt
2013-06-03 15:28 - 2013-06-03 15:28 - 00000000 RASHD C:\cmdcons
2013-06-03 15:24 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-03 15:24 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-03 15:24 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-03 15:24 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-03 15:24 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-03 15:24 - 2000-08-30 17:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-06-03 15:24 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-03 15:24 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-03 15:24 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-03 15:23 - 2013-06-03 15:44 - 00000000 ___AD C:\Qoobox
2013-06-03 15:05 - 2013-06-03 15:05 - 05077441 ____R (Swearware) C:\Documents and Settings\Hans\Desktop\ComboFix.exe
2013-06-03 09:35 - 2013-06-03 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-03 09:32 - 2013-06-03 09:32 - 00000000 ____D C:\Documents and Settings\Hans\Desktop\mbar-1.06.0.1003
2013-06-03 09:31 - 2013-06-03 09:31 - 13169742 ____A C:\Documents and Settings\Hans\Desktop\mbar-1.06.0.1003.zip
2013-06-02 12:27 - 2013-06-02 12:27 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Hans\Desktop\tdsskiller.exe
2013-05-31 12:19 - 2013-05-31 12:19 - 00016163 ____A C:\Documents and Settings\Hans\Desktop\dds.txt
2013-05-31 12:19 - 2013-05-31 12:19 - 00013851 ____A C:\Documents and Settings\Hans\Desktop\attach.txt
2013-05-31 12:14 - 2013-05-31 12:14 - 00688992 ____R (Swearware) C:\Documents and Settings\Hans\Desktop\dds.com
2013-05-27 12:46 - 2013-05-27 12:46 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-05-23 17:58 - 2013-05-23 18:15 - 00009649 ____A C:\Windows\KB959426.log
2013-05-23 17:57 - 2013-05-23 18:15 - 00009635 ____A C:\Windows\KB2712808.log
2013-05-23 17:57 - 2013-05-23 18:14 - 00009479 ____A C:\Windows\KB960859.log
2013-05-23 17:56 - 2013-05-23 18:14 - 00009473 ____A C:\Windows\KB2758857.log
2013-05-23 17:56 - 2013-05-23 18:14 - 00009392 ____A C:\Windows\KB2478971.log
2013-05-23 17:51 - 2013-05-23 18:13 - 00009437 ____A C:\Windows\KB2544893-v2.log
2013-05-23 17:51 - 2013-05-23 18:13 - 00009413 ____A C:\Windows\KB2585542.log
2013-05-23 17:49 - 2013-05-23 18:13 - 00009227 ____A C:\Windows\KB2631813.log
2013-05-23 17:47 - 2013-05-23 18:12 - 00009146 ____A C:\Windows\KB2691442.log
2013-05-23 17:46 - 2013-05-23 18:12 - 00009078 ____A C:\Windows\KB2115168.log
2013-05-23 17:44 - 2013-05-23 18:12 - 00008832 ____A C:\Windows\KB974318.log
2013-05-23 17:44 - 2013-05-23 18:12 - 00008831 ____A C:\Windows\KB969059.log
2013-05-23 17:43 - 2013-05-23 18:12 - 00008792 ____A C:\Windows\KB2443105.log
2013-05-23 17:42 - 2013-05-23 18:11 - 00008730 ____A C:\Windows\KB2655992.log
2013-05-23 17:42 - 2013-05-23 18:11 - 00008651 ____A C:\Windows\KB2802968.log
2013-05-23 17:41 - 2013-05-23 18:11 - 00009343 ____A C:\Windows\KB2481109.log
2013-05-23 17:39 - 2013-05-23 18:11 - 00008418 ____A C:\Windows\KB975713.log
2013-05-23 17:38 - 2013-05-23 18:11 - 00008392 ____A C:\Windows\KB2598479.log
2013-05-23 17:37 - 2013-05-23 18:10 - 00008251 ____A C:\Windows\KB982132.log
2013-05-23 17:36 - 2013-05-23 18:10 - 00008167 ____A C:\Windows\KB971657.log
2013-05-23 17:34 - 2013-05-23 18:10 - 00008025 ____A C:\Windows\KB978338.log
2013-05-23 17:33 - 2013-05-23 18:10 - 00008008 ____A C:\Windows\KB2780091.log
2013-05-23 17:32 - 2013-05-23 18:10 - 00007875 ____A C:\Windows\KB2507938.log
2013-05-23 17:31 - 2013-05-23 18:10 - 00007829 ____A C:\Windows\KB974112.log
2013-05-23 17:30 - 2013-05-23 18:10 - 00008316 ____A C:\Windows\KB2829361.log
2013-05-23 17:27 - 2013-05-23 18:09 - 00007876 ____A C:\Windows\KB2705219-v2.log
2013-05-23 17:26 - 2013-05-23 18:09 - 00007511 ____A C:\Windows\KB2820917.log
2013-05-23 17:25 - 2013-05-23 18:09 - 00007456 ____A C:\Windows\KB2727528.log
2013-05-23 17:23 - 2013-05-23 18:09 - 00007378 ____A C:\Windows\KB2757638.log
2013-05-23 17:23 - 2013-05-23 18:08 - 00007433 ____A C:\Windows\KB2661254-v2.log
2013-05-23 17:22 - 2013-05-23 18:08 - 00007991 ____A C:\Windows\KB2813345.log
2013-05-23 17:21 - 2013-05-23 18:08 - 00007106 ____A C:\Windows\KB2483185.log
2013-05-23 17:20 - 2013-05-23 18:07 - 00006950 ____A C:\Windows\KB2624667.log
2013-05-23 17:18 - 2013-05-23 18:06 - 00006781 ____A C:\Windows\KB2749655.log
2013-05-23 17:18 - 2013-05-23 18:06 - 00006742 ____A C:\Windows\KB979687.log
2013-05-23 17:16 - 2013-05-23 18:06 - 00008176 ____A C:\Windows\KB2676562.log
2013-05-23 17:15 - 2013-05-23 18:05 - 00006492 ____A C:\Windows\KB975025.log
2013-05-23 17:14 - 2013-05-23 18:05 - 00006529 ____A C:\Windows\KB2719985.log
2013-05-23 17:13 - 2013-05-23 18:04 - 00006370 ____A C:\Windows\KB2508429.log
2013-05-23 17:12 - 2013-05-23 18:04 - 00006336 ____A C:\Windows\KB971029.log
2013-05-23 17:11 - 2013-05-23 18:04 - 00006237 ____A C:\Windows\KB979482.log
2013-05-23 17:09 - 2013-05-23 18:04 - 00006205 ____A C:\Windows\KB2509553.log
2013-05-23 17:08 - 2013-05-23 18:03 - 00006073 ____A C:\Windows\KB952004.log
2013-05-23 17:06 - 2013-05-23 18:03 - 00005964 ____A C:\Windows\KB974571.log
2013-05-23 17:06 - 2013-05-23 18:03 - 00005829 ____A C:\Windows\KB978706.log
2013-05-23 17:01 - 2013-05-23 18:02 - 00008399 ____A C:\Windows\KB977914.log
2013-05-23 17:00 - 2013-05-23 18:02 - 00005609 ____A C:\Windows\KB982665.log
2013-05-23 17:00 - 2013-05-23 18:02 - 00005489 ____A C:\Windows\KB973507.log
2013-05-23 17:00 - 2013-05-23 18:01 - 00005439 ____A C:\Windows\KB2506212.log
2013-05-23 16:59 - 2013-05-23 18:01 - 00005342 ____A C:\Windows\KB978542.log
2013-05-23 16:59 - 2013-05-23 18:01 - 00005245 ____A C:\Windows\KB977816.log
2013-05-23 16:59 - 2013-05-23 18:00 - 00005184 ____A C:\Windows\KB2653956.log
2013-05-23 16:58 - 2013-05-23 18:00 - 00005076 ____A C:\Windows\KB974392.log
2013-05-23 16:58 - 2013-05-23 18:00 - 00004998 ____A C:\Windows\KB981322.log
2013-05-23 16:57 - 2013-05-23 17:59 - 00004955 ____A C:\Windows\KB2419632.log
2013-05-23 16:57 - 2013-05-23 17:58 - 00004824 ____A C:\Windows\KB960803.log
2013-05-23 16:56 - 2013-05-23 17:58 - 00004744 ____A C:\Windows\KB973815.log
2013-05-23 16:50 - 2013-05-23 17:40 - 00004600 ____A C:\Windows\KB2620712.log
2013-05-23 16:49 - 2013-05-23 17:35 - 00004523 ____A C:\Windows\KB2584146.log
2013-05-23 16:48 - 2013-05-23 17:32 - 00004411 ____A C:\Windows\KB975467.log
2013-05-23 16:42 - 2013-05-23 16:56 - 00004400 ____A C:\Windows\KB968389.log
2013-05-23 16:25 - 2013-06-04 09:30 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-05-23 16:17 - 2013-05-02 08:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-23 16:16 - 2013-05-23 16:16 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-23 16:16 - 2012-06-02 15:18 - 00275696 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll
2013-05-23 16:16 - 2012-06-02 15:18 - 00214256 ____A (Microsoft Corporation) C:\Windows\System32\muweb.dll
2013-05-23 16:16 - 2012-06-02 15:18 - 00017136 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll.mui
2013-05-23 16:15 - 2013-05-23 16:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-10 21:17 - 2013-05-10 21:17 - 00025254 ____A C:\Windows\wsdu.log
2013-05-10 21:17 - 2013-05-10 21:17 - 00000264 ____A C:\Windows\UPGRADE.TXT
2013-05-10 21:17 - 2013-05-10 21:17 - 00000000 ____D C:\Windows\setupupd
2013-05-10 21:17 - 2013-05-10 21:17 - 00000000 ____D C:\Windows\setup.pss
2013-05-10 21:16 - 2013-05-10 21:17 - 00016397 ____A C:\Windows\WINNT32.LOG
2013-05-10 21:16 - 2013-05-10 21:16 - 00000178 ____A C:\Windows\DHCPUPG.LOG
2013-05-10 18:07 - 2013-05-10 18:08 - 00000000 __HDC C:\Windows\$NtUninstallKB979309$
2013-05-10 18:06 - 2013-05-10 18:08 - 00012888 ____A C:\Windows\KB979309.log
2013-05-09 17:04 - 2013-05-09 17:04 - 00000000 ____D C:\Program Files\BillP Studios
2013-05-09 17:04 - 2013-05-09 17:04 - 00000000 ____D C:\Documents and Settings\Hans\Application Data\WinPatrol
2013-05-09 17:04 - 2013-05-09 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate
2013-05-09 16:57 - 2013-05-09 17:42 - 00000000 ____D C:\Documents and Settings\Hans\My Documents\Bleeping Computer
2013-05-09 15:15 - 2013-06-04 22:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-06 16:08 - 2013-05-06 16:08 - 00000000 ____D C:\Documents and Settings\Hans\Desktop\backups
2013-05-05 23:11 - 2013-05-05 23:11 - 00000000 ____D C:\Documents and Settings\Hans\My Documents\Malwarebytes
2013-05-05 17:26 - 2013-05-05 17:26 - 00000688 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-05-05 17:26 - 2013-05-05 17:26 - 00000000 ____D C:\Program Files\CCleaner
2013-05-05 17:22 - 2013-05-05 17:22 - 00001740 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-05-05 10:17 - 2013-05-05 10:17 - 00000923 ____A C:\Documents and Settings\Hans\Desktop\Revo Uninstaller.lnk
2013-05-05 10:17 - 2013-05-05 10:17 - 00000000 ____D C:\Program Files\VS Revo Group

==================== One Month Modified Files and Folders ========

2013-06-04 23:28 - 2013-06-04 23:28 - 00000000 ____D C:\FRST
2013-06-04 23:27 - 2013-06-04 23:27 - 01356205 ____A (Farbar) C:\Documents and Settings\Hans\Desktop\FRST.exe
2013-06-04 23:15 - 2005-08-20 07:21 - 00000611 ____A C:\Windows\wiadebug.log
2013-06-04 22:36 - 2013-05-09 15:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-04 20:51 - 2013-05-01 14:08 - 00001072 ____A C:\Windows\mrfldr.dat
2013-06-04 09:39 - 2005-08-20 14:24 - 01958467 ____A C:\Windows\WindowsUpdate.log
2013-06-04 09:35 - 2013-05-01 14:08 - 00001072 ____A C:\Windows\mrfldr.da0
2013-06-04 09:30 - 2013-05-23 16:25 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-04 09:24 - 2005-08-20 14:23 - 00000000 ____D C:\Windows\Registration
2013-06-04 09:21 - 2005-08-20 07:21 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-04 09:20 - 2006-01-13 21:38 - 00000062 __ASH C:\Documents and Settings\Hans\Local Settings\desktop.ini
2013-06-04 09:20 - 2005-08-20 14:29 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 09:19 - 2005-08-20 14:29 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-04 09:19 - 2005-08-20 14:29 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-04 09:16 - 2006-01-13 21:38 - 00000178 ___SH C:\Documents and Settings\Hans\ntuser.ini
2013-06-04 09:16 - 2005-08-20 14:29 - 00032546 ____A C:\Windows\SchedLgU.Txt
2013-06-03 15:44 - 2013-06-03 15:44 - 00016118 ____A C:\ComboFix.txt
2013-06-03 15:44 - 2013-06-03 15:23 - 00000000 ___AD C:\Qoobox
2013-06-03 15:41 - 2005-08-20 14:14 - 00000227 ____A C:\Windows\system.ini
2013-06-03 15:28 - 2013-06-03 15:28 - 00000000 RASHD C:\cmdcons
2013-06-03 15:28 - 2005-08-20 14:14 - 00000325 _RASH C:\boot.ini
2013-06-03 15:23 - 2013-05-03 13:26 - 00000000 ____D C:\Windows\erdnt
2013-06-03 15:05 - 2013-06-03 15:05 - 05077441 ____R (Swearware) C:\Documents and Settings\Hans\Desktop\ComboFix.exe
2013-06-03 13:16 - 2006-02-01 14:12 - 00000586 ____A C:\Windows\Rr50.INI
2013-06-03 13:12 - 2006-03-30 18:22 - 00000824 ____A C:\Windows\Sam8_E.INI
2013-06-03 11:30 - 2005-08-20 14:24 - 00000000 ____D C:\Windows\System32\Restore
2013-06-03 09:35 - 2013-06-03 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-03 09:32 - 2013-06-03 09:32 - 00000000 ____D C:\Documents and Settings\Hans\Desktop\mbar-1.06.0.1003
2013-06-03 09:31 - 2013-06-03 09:31 - 13169742 ____A C:\Documents and Settings\Hans\Desktop\mbar-1.06.0.1003.zip
2013-06-03 00:00 - 2006-01-13 23:24 - 00000306 ____A C:\Windows\Tasks\Symantec Drmc.job
2013-06-02 13:26 - 2013-04-30 22:58 - 00000000 ____D C:\Program Files\MirrorFolder
2013-06-02 13:24 - 2013-04-30 22:58 - 00000697 ____A C:\Documents and Settings\All Users\Desktop\MirrorFolder.lnk
2013-06-02 12:27 - 2013-06-02 12:27 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Hans\Desktop\tdsskiller.exe
2013-06-02 12:18 - 2005-08-20 14:14 - 00012598 ____A C:\Windows\System32\wpa.dbl
2013-05-31 12:21 - 2013-05-02 16:12 - 00005215 ____A C:\Documents and Settings\Hans\Desktop\attach.zip
2013-05-31 12:19 - 2013-05-31 12:19 - 00016163 ____A C:\Documents and Settings\Hans\Desktop\dds.txt
2013-05-31 12:19 - 2013-05-31 12:19 - 00013851 ____A C:\Documents and Settings\Hans\Desktop\attach.txt
2013-05-31 12:14 - 2013-05-31 12:14 - 00688992 ____R (Swearware) C:\Documents and Settings\Hans\Desktop\dds.com
2013-05-27 12:46 - 2013-05-27 12:46 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-05-24 09:38 - 2010-08-21 22:29 - 00000000 __HDC C:\Windows\$NtUninstallMSCompPackV1$
2013-05-23 18:15 - 2013-05-23 17:58 - 00009649 ____A C:\Windows\KB959426.log
2013-05-23 18:15 - 2013-05-23 17:57 - 00009635 ____A C:\Windows\KB2712808.log
2013-05-23 18:14 - 2013-05-23 17:57 - 00009479 ____A C:\Windows\KB960859.log
2013-05-23 18:14 - 2013-05-23 17:56 - 00009473 ____A C:\Windows\KB2758857.log
2013-05-23 18:14 - 2013-05-23 17:56 - 00009392 ____A C:\Windows\KB2478971.log
2013-05-23 18:13 - 2013-05-23 17:51 - 00009437 ____A C:\Windows\KB2544893-v2.log
2013-05-23 18:13 - 2013-05-23 17:51 - 00009413 ____A C:\Windows\KB2585542.log
2013-05-23 18:13 - 2013-05-23 17:49 - 00009227 ____A C:\Windows\KB2631813.log
2013-05-23 18:12 - 2013-05-23 17:47 - 00009146 ____A C:\Windows\KB2691442.log
2013-05-23 18:12 - 2013-05-23 17:46 - 00009078 ____A C:\Windows\KB2115168.log
2013-05-23 18:12 - 2013-05-23 17:44 - 00008832 ____A C:\Windows\KB974318.log
2013-05-23 18:12 - 2013-05-23 17:44 - 00008831 ____A C:\Windows\KB969059.log
2013-05-23 18:12 - 2013-05-23 17:43 - 00008792 ____A C:\Windows\KB2443105.log
2013-05-23 18:11 - 2013-05-23 17:42 - 00008730 ____A C:\Windows\KB2655992.log
2013-05-23 18:11 - 2013-05-23 17:42 - 00008651 ____A C:\Windows\KB2802968.log
2013-05-23 18:11 - 2013-05-23 17:41 - 00009343 ____A C:\Windows\KB2481109.log
2013-05-23 18:11 - 2013-05-23 17:39 - 00008418 ____A C:\Windows\KB975713.log
2013-05-23 18:11 - 2013-05-23 17:38 - 00008392 ____A C:\Windows\KB2598479.log
2013-05-23 18:10 - 2013-05-23 17:37 - 00008251 ____A C:\Windows\KB982132.log
2013-05-23 18:10 - 2013-05-23 17:36 - 00008167 ____A C:\Windows\KB971657.log
2013-05-23 18:10 - 2013-05-23 17:34 - 00008025 ____A C:\Windows\KB978338.log
2013-05-23 18:10 - 2013-05-23 17:33 - 00008008 ____A C:\Windows\KB2780091.log
2013-05-23 18:10 - 2013-05-23 17:32 - 00007875 ____A C:\Windows\KB2507938.log
2013-05-23 18:10 - 2013-05-23 17:31 - 00007829 ____A C:\Windows\KB974112.log
2013-05-23 18:10 - 2013-05-23 17:30 - 00008316 ____A C:\Windows\KB2829361.log
2013-05-23 18:09 - 2013-05-23 17:27 - 00007876 ____A C:\Windows\KB2705219-v2.log
2013-05-23 18:09 - 2013-05-23 17:26 - 00007511 ____A C:\Windows\KB2820917.log
2013-05-23 18:09 - 2013-05-23 17:25 - 00007456 ____A C:\Windows\KB2727528.log
2013-05-23 18:09 - 2013-05-23 17:23 - 00007378 ____A C:\Windows\KB2757638.log
2013-05-23 18:08 - 2013-05-23 17:23 - 00007433 ____A C:\Windows\KB2661254-v2.log
2013-05-23 18:08 - 2013-05-23 17:22 - 00007991 ____A C:\Windows\KB2813345.log
2013-05-23 18:08 - 2013-05-23 17:21 - 00007106 ____A C:\Windows\KB2483185.log
2013-05-23 18:07 - 2013-05-23 17:20 - 00006950 ____A C:\Windows\KB2624667.log
2013-05-23 18:06 - 2013-05-23 17:18 - 00006781 ____A C:\Windows\KB2749655.log
2013-05-23 18:06 - 2013-05-23 17:18 - 00006742 ____A C:\Windows\KB979687.log
2013-05-23 18:06 - 2013-05-23 17:16 - 00008176 ____A C:\Windows\KB2676562.log
2013-05-23 18:05 - 2013-05-23 17:15 - 00006492 ____A C:\Windows\KB975025.log
2013-05-23 18:05 - 2013-05-23 17:14 - 00006529 ____A C:\Windows\KB2719985.log
2013-05-23 18:04 - 2013-05-23 17:13 - 00006370 ____A C:\Windows\KB2508429.log
2013-05-23 18:04 - 2013-05-23 17:12 - 00006336 ____A C:\Windows\KB971029.log
2013-05-23 18:04 - 2013-05-23 17:11 - 00006237 ____A C:\Windows\KB979482.log
2013-05-23 18:04 - 2013-05-23 17:09 - 00006205 ____A C:\Windows\KB2509553.log
2013-05-23 18:03 - 2013-05-23 17:08 - 00006073 ____A C:\Windows\KB952004.log
2013-05-23 18:03 - 2013-05-23 17:06 - 00005964 ____A C:\Windows\KB974571.log
2013-05-23 18:03 - 2013-05-23 17:06 - 00005829 ____A C:\Windows\KB978706.log
2013-05-23 18:02 - 2013-05-23 17:01 - 00008399 ____A C:\Windows\KB977914.log
2013-05-23 18:02 - 2013-05-23 17:00 - 00005609 ____A C:\Windows\KB982665.log
2013-05-23 18:02 - 2013-05-23 17:00 - 00005489 ____A C:\Windows\KB973507.log
2013-05-23 18:01 - 2013-05-23 17:00 - 00005439 ____A C:\Windows\KB2506212.log
2013-05-23 18:01 - 2013-05-23 16:59 - 00005342 ____A C:\Windows\KB978542.log
2013-05-23 18:01 - 2013-05-23 16:59 - 00005245 ____A C:\Windows\KB977816.log
2013-05-23 18:00 - 2013-05-23 16:59 - 00005184 ____A C:\Windows\KB2653956.log
2013-05-23 18:00 - 2013-05-23 16:58 - 00005076 ____A C:\Windows\KB974392.log
2013-05-23 18:00 - 2013-05-23 16:58 - 00004998 ____A C:\Windows\KB981322.log
2013-05-23 17:59 - 2013-05-23 16:57 - 00004955 ____A C:\Windows\KB2419632.log
2013-05-23 17:58 - 2013-05-23 16:57 - 00004824 ____A C:\Windows\KB960803.log
2013-05-23 17:58 - 2013-05-23 16:56 - 00004744 ____A C:\Windows\KB973815.log
2013-05-23 17:58 - 2005-08-20 15:22 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-23 17:40 - 2013-05-23 16:50 - 00004600 ____A C:\Windows\KB2620712.log
2013-05-23 17:35 - 2013-05-23 16:49 - 00004523 ____A C:\Windows\KB2584146.log
2013-05-23 17:32 - 2013-05-23 16:48 - 00004411 ____A C:\Windows\KB975467.log
2013-05-23 17:04 - 2009-01-16 15:42 - 00601857 ____A C:\Windows\setupapi.log
2013-05-23 16:56 - 2013-05-23 16:42 - 00004400 ____A C:\Windows\KB968389.log
2013-05-23 16:16 - 2013-05-23 16:16 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-23 16:16 - 2005-08-21 11:03 - 00149656 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-23 16:15 - 2013-05-23 16:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-23 15:59 - 2013-05-01 17:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-05-23 14:34 - 2006-03-30 20:25 - 00000000 __SHD C:\Documents and Settings\Hans\UserData
2013-05-22 18:11 - 2009-03-25 13:59 - 00001050 ___AH C:\Windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
2013-05-15 13:56 - 2005-08-21 10:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-15 13:53 - 2006-01-13 21:38 - 00000000 ____D C:\Documents and Settings\Hans\Application Data\Adobe
2013-05-14 20:36 - 2012-12-06 21:25 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 20:36 - 2011-10-10 18:47 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-13 19:51 - 2010-01-22 15:04 - 00000800 ____A C:\Windows\m3jpeg.ini
2013-05-10 21:17 - 2013-05-10 21:17 - 00025254 ____A C:\Windows\wsdu.log
2013-05-10 21:17 - 2013-05-10 21:17 - 00000264 ____A C:\Windows\UPGRADE.TXT
2013-05-10 21:17 - 2013-05-10 21:17 - 00000000 ____D C:\Windows\setupupd
2013-05-10 21:17 - 2013-05-10 21:17 - 00000000 ____D C:\Windows\setup.pss
2013-05-10 21:17 - 2013-05-10 21:16 - 00016397 ____A C:\Windows\WINNT32.LOG
2013-05-10 21:17 - 2013-05-03 13:31 - 00000325 ____A C:\Boot.bak
2013-05-10 21:17 - 2005-08-20 07:19 - 00372826 ____A C:\Windows\setupact.log
2013-05-10 21:16 - 2013-05-10 21:16 - 00000178 ____A C:\Windows\DHCPUPG.LOG
2013-05-10 18:08 - 2013-05-10 18:07 - 00000000 __HDC C:\Windows\$NtUninstallKB979309$
2013-05-10 18:08 - 2013-05-10 18:06 - 00012888 ____A C:\Windows\KB979309.log
2013-05-10 18:08 - 2005-08-20 07:20 - 01194136 ____A C:\Windows\iis6.log
2013-05-10 18:08 - 2005-08-20 07:20 - 01088627 ____A C:\Windows\FaxSetup.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00530145 ____A C:\Windows\ocgen.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00509306 ____A C:\Windows\tsoc.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00369102 ____A C:\Windows\comsetup.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00337640 ____A C:\Windows\msmqinst.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00221518 ____A C:\Windows\ntdtcsetup.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00204966 ____A C:\Windows\netfxocm.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00133661 ____A C:\Windows\MedCtrOC.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00125738 ____A C:\Windows\plusoc.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00061285 ____A C:\Windows\ehOCGen.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00059369 ____A C:\Windows\ocmsn.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00055291 ____A C:\Windows\tabletoc.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00054821 ____A C:\Windows\msgsocm.log
2013-05-10 18:08 - 2005-08-20 07:20 - 00001374 ____A C:\Windows\imsins.log
2013-05-09 17:42 - 2013-05-09 16:57 - 00000000 ____D C:\Documents and Settings\Hans\My Documents\Bleeping Computer
2013-05-09 17:04 - 2013-05-09 17:04 - 00000000 ____D C:\Program Files\BillP Studios
2013-05-09 17:04 - 2013-05-09 17:04 - 00000000 ____D C:\Documents and Settings\Hans\Application Data\WinPatrol
2013-05-09 17:04 - 2013-05-09 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate
2013-05-09 15:35 - 2005-08-20 07:19 - 00489088 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-06 16:08 - 2013-05-06 16:08 - 00000000 ____D C:\Documents and Settings\Hans\Desktop\backups
2013-05-05 23:11 - 2013-05-05 23:11 - 00000000 ____D C:\Documents and Settings\Hans\My Documents\Malwarebytes
2013-05-05 17:30 - 2012-03-12 19:47 - 00000000 ____D C:\Documents and Settings\Hans\Application Data\FileZilla
2013-05-05 17:30 - 2007-06-10 20:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-05-05 17:30 - 2006-09-03 18:46 - 00000000 ____D C:\Documents and Settings\Hans\Application Data\Skype
2013-05-05 17:30 - 2006-04-28 13:44 - 00000000 ____D C:\Program Files\GetRight
2013-05-05 17:26 - 2013-05-05 17:26 - 00000688 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-05-05 17:26 - 2013-05-05 17:26 - 00000000 ____D C:\Program Files\CCleaner
2013-05-05 17:22 - 2013-05-05 17:22 - 00001740 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-05-05 17:22 - 2005-08-21 10:28 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-05 17:21 - 2005-08-21 10:28 - 00000000 ____D C:\Program Files\Adobe
2013-05-05 10:29 - 2005-08-21 09:27 - 00000000 ____D C:\Program Files\Java
2013-05-05 10:17 - 2013-05-05 10:17 - 00000923 ____A C:\Documents and Settings\Hans\Desktop\Revo Uninstaller.lnk
2013-05-05 10:17 - 2013-05-05 10:17 - 00000000 ____D C:\Program Files\VS Revo Group

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2005-08-20 14:14] - [2008-04-13 17:12] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Attached Files



#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:32 PM

Posted 05 June 2013 - 12:31 PM

Hi,

 

Run a new scan with TDSSKiller please and post the new log...I want to see something.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users