Jump to content

tbglover

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by tbglover

  1. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.21.12 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 tim :: TIM-PC [administrator] Protection: Disabled 7/22/2012 6:20:48 PM mbam-log-2012-07-22 (18-20-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216341 Time elapsed: 8 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\catchme.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\tim\LOCALS~1\Temp\mscikzd.bat -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|15129 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msnrjo.exe -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{a7afd095-2f9b-9866-4f86-15b4904e357d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end)
  2. I'm still experiencing the symptoms with random sites popping up and sites redirrecting when I click on a link on google. I ran combofix again and it did the same thing. It's freezing on an output folder from the c drive. The part that I could see is C:\32788R22FWJFW\N It freezes and then suddenly finishes. iexplore.exe and svchost.exe seem to be using the most average cpu
  3. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-19 19:10:41 ----------------------------- 19:10:41.978 OS Version: Windows x64 6.0.6002 Service Pack 2 19:10:41.978 Number of processors: 4 586 0x203 19:10:41.978 ComputerName: TIM-PC UserName: tim 19:10:52.515 Initialize success 19:11:15.987 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:11:15.990 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3 19:11:16.030 Disk 0 MBR read successfully 19:11:16.032 Disk 0 MBR scan 19:11:16.035 Disk 0 unknown MBR code 19:11:16.047 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63 19:11:16.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096 19:11:16.156 Disk 0 scanning C:\Windows\system32\drivers 19:11:46.372 Service scanning 19:13:01.738 Modules scanning 19:13:01.745 Disk 0 trace - called modules: 19:13:01.878 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys 19:13:01.882 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005282790] 19:13:01.887 3 CLASSPNP.SYS[fffffa60011cdc33] -> nt!IofCallDriver -> [0xfffffa800484f760] 19:13:01.893 5 acpi.sys[fffffa6000b80fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800483f940] 19:13:01.898 Scan finished successfully 19:14:35.099 Disk 0 MBR has been saved successfully to "C:\Users\tim\Desktop\MBR.dat" 19:14:35.114 The log file has been saved successfully to "C:\Users\tim\Desktop\aswMBR.txt"
  4. 18:24:57.0365 39228 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 18:24:57.0693 39228 ============================================================ 18:24:57.0693 39228 Current date / time: 2012/07/19 18:24:57.0693 18:24:57.0693 39228 SystemInfo: 18:24:57.0693 39228 18:24:57.0694 39228 OS Version: 6.0.6002 ServicePack: 2.0 18:24:57.0694 39228 Product type: Workstation 18:24:57.0694 39228 ComputerName: TIM-PC 18:24:57.0694 39228 UserName: tim 18:24:57.0694 39228 Windows directory: C:\Windows 18:24:57.0694 39228 System windows directory: C:\Windows 18:24:57.0694 39228 Running under WOW64 18:24:57.0694 39228 Processor architecture: Intel x64 18:24:57.0694 39228 Number of processors: 4 18:24:57.0694 39228 Page size: 0x1000 18:24:57.0694 39228 Boot type: Normal boot 18:24:57.0694 39228 ============================================================ 18:25:00.0792 39228 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:25:00.0797 39228 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:25:01.0258 39228 Drive \Device\Harddisk6\DR6 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:25:01.0817 39228 Drive \Device\Harddisk7\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:25:02.0200 39228 ============================================================ 18:25:02.0200 39228 \Device\Harddisk0\DR0: 18:25:02.0216 39228 MBR partitions: 18:25:02.0216 39228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800 18:25:02.0217 39228 \Device\Harddisk1\DR1: 18:25:02.0218 39228 MBR partitions: 18:25:02.0218 39228 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982 18:25:02.0218 39228 \Device\Harddisk6\DR6: 18:25:02.0219 39228 MBR partitions: 18:25:02.0219 39228 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x575452C2 18:25:02.0219 39228 \Device\Harddisk7\DR7: 18:25:02.0220 39228 MBR partitions: 18:25:02.0220 39228 \Device\Harddisk7\DR7\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02 18:25:02.0220 39228 ============================================================ 18:25:02.0239 39228 C: <-> \Device\Harddisk0\DR0\Partition0 18:25:02.0240 39228 I: <-> \Device\Harddisk1\DR1\Partition0 18:25:02.0241 39228 K: <-> \Device\Harddisk6\DR6\Partition0 18:25:02.0242 39228 L: <-> \Device\Harddisk7\DR7\Partition0 18:25:02.0242 39228 ============================================================ 18:25:02.0242 39228 Initialize success 18:25:02.0242 39228 ============================================================ 18:25:15.0345 41052 ============================================================ 18:25:15.0345 41052 Scan started 18:25:15.0345 41052 Mode: Manual; 18:25:15.0345 41052 ============================================================ 18:25:20.0391 41052 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 18:25:20.0396 41052 ACPI - ok 18:25:20.0477 41052 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:25:20.0479 41052 AdobeARMservice - ok 18:25:20.0556 41052 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:25:20.0560 41052 AdobeFlashPlayerUpdateSvc - ok 18:25:20.0635 41052 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 18:25:20.0652 41052 adp94xx - ok 18:25:20.0722 41052 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 18:25:20.0733 41052 adpahci - ok 18:25:20.0762 41052 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 18:25:20.0773 41052 adpu160m - ok 18:25:20.0802 41052 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 18:25:20.0829 41052 adpu320 - ok 18:25:20.0868 41052 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll 18:25:20.0869 41052 AeLookupSvc - ok 18:25:21.0378 41052 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 18:25:21.0385 41052 AFD - ok 18:25:21.0437 41052 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe 18:25:21.0438 41052 AgereModemAudio - ok 18:25:22.0564 41052 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys 18:25:22.0631 41052 AgereSoftModem - ok 18:25:22.0681 41052 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 18:25:22.0683 41052 agp440 - ok 18:25:22.0718 41052 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 18:25:22.0723 41052 aic78xx - ok 18:25:22.0748 41052 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe 18:25:22.0753 41052 ALG - ok 18:25:22.0774 41052 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 18:25:22.0776 41052 aliide - ok 18:25:22.0794 41052 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 18:25:22.0796 41052 amdide - ok 18:25:22.0814 41052 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 18:25:22.0817 41052 AmdK8 - ok 18:25:22.0923 41052 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll 18:25:22.0924 41052 Appinfo - ok 18:25:23.0256 41052 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:25:23.0260 41052 Apple Mobile Device - ok 18:25:23.0309 41052 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 18:25:23.0311 41052 arc - ok 18:25:23.0353 41052 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 18:25:23.0364 41052 arcsas - ok 18:25:23.0441 41052 aspnet_state - ok 18:25:23.0469 41052 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 18:25:23.0471 41052 AsyncMac - ok 18:25:23.0486 41052 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 18:25:23.0487 41052 atapi - ok 18:25:23.0561 41052 Ati External Event Utility (5a208b1d4aa1736e195be9dbb31db382) C:\Windows\system32\Ati2evxx.exe 18:25:23.0577 41052 Ati External Event Utility - ok 18:25:25.0487 41052 atikmdag (0746ea434a4693251c7d3be3cccc77d6) C:\Windows\system32\DRIVERS\atikmdag.sys 18:25:25.0600 41052 atikmdag - ok 18:25:26.0416 41052 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys 18:25:26.0417 41052 AtiPcie - ok 18:25:26.0763 41052 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 18:25:26.0918 41052 AudioEndpointBuilder - ok 18:25:26.0924 41052 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 18:25:26.0928 41052 AudioSrv - ok 18:25:27.0372 41052 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll 18:25:27.0393 41052 BFE - ok 18:25:28.0418 41052 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys 18:25:28.0469 41052 BHDrvx64 - ok 18:25:30.0360 41052 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll 18:25:30.0406 41052 BITS - ok 18:25:30.0467 41052 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 18:25:30.0469 41052 blbdrive - ok 18:25:30.0566 41052 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 18:25:30.0582 41052 Bonjour Service - ok 18:25:30.0608 41052 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 18:25:30.0613 41052 bowser - ok 18:25:30.0640 41052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 18:25:30.0641 41052 BrFiltLo - ok 18:25:30.0651 41052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 18:25:30.0653 41052 BrFiltUp - ok 18:25:30.0681 41052 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll 18:25:30.0686 41052 Browser - ok 18:25:30.0704 41052 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 18:25:30.0709 41052 Brserid - ok 18:25:30.0724 41052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 18:25:30.0725 41052 BrSerWdm - ok 18:25:30.0743 41052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 18:25:30.0745 41052 BrUsbMdm - ok 18:25:30.0755 41052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 18:25:30.0756 41052 BrUsbSer - ok 18:25:30.0774 41052 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 18:25:30.0775 41052 BTHMODEM - ok 18:25:30.0832 41052 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys 18:25:30.0844 41052 CAXHWBS2 - ok 18:25:30.0916 41052 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys 18:25:30.0929 41052 ccHP - ok 18:25:30.0944 41052 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 18:25:30.0949 41052 cdfs - ok 18:25:30.0976 41052 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 18:25:30.0978 41052 cdrom - ok 18:25:31.0016 41052 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 18:25:31.0018 41052 CertPropSvc - ok 18:25:31.0031 41052 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 18:25:31.0032 41052 circlass - ok 18:25:31.0071 41052 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 18:25:31.0090 41052 CLFS - ok 18:25:31.0300 41052 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:25:31.0303 41052 clr_optimization_v2.0.50727_32 - ok 18:25:31.0334 41052 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:25:31.0339 41052 clr_optimization_v2.0.50727_64 - ok 18:25:31.0400 41052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:25:31.0403 41052 clr_optimization_v4.0.30319_32 - ok 18:25:31.0448 41052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:25:31.0459 41052 clr_optimization_v4.0.30319_64 - ok 18:25:31.0482 41052 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 18:25:31.0484 41052 cmdide - ok 18:25:31.0501 41052 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 18:25:31.0502 41052 Compbatt - ok 18:25:31.0507 41052 COMSysApp - ok 18:25:31.0515 41052 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 18:25:31.0516 41052 crcdisk - ok 18:25:31.0545 41052 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll 18:25:31.0564 41052 CryptSvc - ok 18:25:31.0632 41052 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 18:25:31.0647 41052 DcomLaunch - ok 18:25:31.0683 41052 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 18:25:31.0688 41052 DfsC - ok 18:25:33.0400 41052 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe 18:25:33.0495 41052 DFSR - ok 18:25:33.0718 41052 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll 18:25:33.0726 41052 Dhcp - ok 18:25:33.0781 41052 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 18:25:33.0783 41052 disk - ok 18:25:33.0828 41052 DLABMFSE (e85b7e377a86a4afb8221206630b2afe) C:\Windows\system32\DLA\DLABMFSE.SYS 18:25:33.0830 41052 DLABMFSE - ok 18:25:33.0858 41052 DLABOIOE (125a225750bdc2db64434aff4908e6fb) C:\Windows\system32\DLA\DLABOIOE.SYS 18:25:33.0860 41052 DLABOIOE - ok 18:25:33.0883 41052 DLACDBHE (a5715479ce737cdd67136c970c9b0d1f) C:\Windows\system32\Drivers\DLACDBHE.SYS 18:25:33.0884 41052 DLACDBHE - ok 18:25:33.0906 41052 DLADResE (f0bdde819b02a288130ba87ebf2fe67e) C:\Windows\system32\DLA\DLADResE.SYS 18:25:33.0907 41052 DLADResE - ok 18:25:33.0926 41052 DLAIFS_E (4935547c237007afc4ea3fc60e987e81) C:\Windows\system32\DLA\DLAIFS_E.SYS 18:25:33.0937 41052 DLAIFS_E - ok 18:25:33.0962 41052 DLAOPIOE (476775ef0f04a511515066d54a0e56b7) C:\Windows\system32\DLA\DLAOPIOE.SYS 18:25:33.0963 41052 DLAOPIOE - ok 18:25:33.0977 41052 DLAPoolE (60b61e2faf5d2f70550aaabc5ca45f03) C:\Windows\system32\DLA\DLAPoolE.SYS 18:25:33.0979 41052 DLAPoolE - ok 18:25:34.0019 41052 DLARTL_E (fb65f6a2e2555162a7d8caacf4af47db) C:\Windows\system32\Drivers\DLARTL_E.SYS 18:25:34.0021 41052 DLARTL_E - ok 18:25:34.0038 41052 DLAUDFAE (bb6a99680b79acfeab94c4c042f42b07) C:\Windows\system32\DLA\DLAUDFAE.SYS 18:25:34.0049 41052 DLAUDFAE - ok 18:25:34.0069 41052 DLAUDF_E (3c2d9bbd91e2ec75757b25ebda26d093) C:\Windows\system32\DLA\DLAUDF_E.SYS 18:25:34.0080 41052 DLAUDF_E - ok 18:25:34.0109 41052 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll 18:25:34.0112 41052 Dnscache - ok 18:25:34.0150 41052 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll 18:25:34.0154 41052 dot3svc - ok 18:25:34.0182 41052 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll 18:25:34.0193 41052 DPS - ok 18:25:34.0220 41052 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 18:25:34.0222 41052 drmkaud - ok 18:25:34.0417 41052 DRVECDB (ba1383de7eabd669e1e0e28f1bef0968) C:\Windows\system32\Drivers\DRVECDB.SYS 18:25:34.0482 41052 DRVECDB - ok 18:25:34.0500 41052 DRVEDDM (af88a16db83d7433c341cdabb26e1eb8) C:\Windows\system32\Drivers\DRVEDDM.SYS 18:25:34.0503 41052 DRVEDDM - ok 18:25:34.0579 41052 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 18:25:34.0595 41052 DXGKrnl - ok 18:25:34.0613 41052 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 18:25:34.0624 41052 E1G60 - ok 18:25:34.0645 41052 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll 18:25:34.0647 41052 EapHost - ok 18:25:34.0671 41052 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 18:25:34.0682 41052 Ecache - ok 18:25:34.0950 41052 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 18:25:34.0966 41052 eeCtrl - ok 18:25:35.0017 41052 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe 18:25:35.0023 41052 ehRecvr - ok 18:25:35.0042 41052 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe 18:25:35.0053 41052 ehSched - ok 18:25:35.0062 41052 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll 18:25:35.0062 41052 ehstart - ok 18:25:35.0098 41052 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 18:25:35.0109 41052 elxstor - ok 18:25:35.0148 41052 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll 18:25:35.0160 41052 EMDMgmt - ok 18:25:35.0236 41052 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 18:25:35.0247 41052 EraserUtilRebootDrv - ok 18:25:35.0262 41052 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 18:25:35.0264 41052 ErrDev - ok 18:25:35.0327 41052 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe 18:25:35.0328 41052 ETService - ok 18:25:35.0378 41052 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll 18:25:35.0389 41052 EventSystem - ok 18:25:35.0427 41052 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 18:25:35.0436 41052 exfat - ok 18:25:35.0479 41052 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 18:25:35.0488 41052 fastfat - ok 18:25:35.0515 41052 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 18:25:35.0516 41052 fdc - ok 18:25:35.0537 41052 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll 18:25:35.0538 41052 fdPHost - ok 18:25:35.0547 41052 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll 18:25:35.0548 41052 FDResPub - ok 18:25:35.0565 41052 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 18:25:35.0567 41052 FileInfo - ok 18:25:35.0592 41052 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 18:25:35.0593 41052 Filetrace - ok 18:25:35.0605 41052 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 18:25:35.0606 41052 flpydisk - ok 18:25:35.0640 41052 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 18:25:35.0647 41052 FltMgr - ok 18:25:35.0775 41052 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll 18:25:35.0814 41052 FontCache - ok 18:25:35.0866 41052 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:25:35.0867 41052 FontCache3.0.0.0 - ok 18:25:35.0903 41052 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys 18:25:35.0905 41052 Fs_Rec - ok 18:25:35.0927 41052 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 18:25:35.0929 41052 gagp30kx - ok 18:25:35.0960 41052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys 18:25:35.0962 41052 GEARAspiWDM - ok 18:25:36.0147 41052 GoogleDesktopManager (66f74ac56ee6ac980ed662b54788ccc1) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe 18:25:36.0225 41052 GoogleDesktopManager - ok 18:25:36.0376 41052 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll 18:25:36.0392 41052 gpsvc - ok 18:25:36.0480 41052 gupdate1ca6d577e060a90 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:25:36.0491 41052 gupdate1ca6d577e060a90 - ok 18:25:36.0506 41052 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:25:36.0508 41052 gupdatem - ok 18:25:36.0529 41052 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:25:36.0539 41052 gusvc - ok 18:25:36.0599 41052 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 18:25:36.0606 41052 HdAudAddService - ok 18:25:36.0690 41052 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:25:36.0720 41052 HDAudBus - ok 18:25:36.0745 41052 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 18:25:36.0746 41052 HidBth - ok 18:25:36.0763 41052 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 18:25:36.0765 41052 HidIr - ok 18:25:36.0791 41052 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll 18:25:36.0792 41052 hidserv - ok 18:25:36.0819 41052 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 18:25:36.0820 41052 HidUsb - ok 18:25:36.0841 41052 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll 18:25:36.0846 41052 hkmsvc - ok 18:25:36.0865 41052 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 18:25:36.0867 41052 HpCISSs - ok 18:25:36.0987 41052 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys 18:25:37.0016 41052 HSF_DPV - ok 18:25:37.0136 41052 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 18:25:37.0162 41052 HTTP - ok 18:25:37.0189 41052 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 18:25:37.0191 41052 i2omp - ok 18:25:37.0207 41052 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 18:25:37.0210 41052 i8042prt - ok 18:25:37.0249 41052 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 18:25:37.0256 41052 iaStorV - ok 18:25:37.0362 41052 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 18:25:37.0383 41052 IDriverT - ok 18:25:37.0501 41052 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:25:37.0529 41052 idsvc - ok 18:25:37.0689 41052 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111223.001\IDSvia64.sys 18:25:37.0698 41052 IDSVia64 - ok 18:25:37.0767 41052 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 18:25:37.0769 41052 iirsp - ok 18:25:37.0903 41052 IJPLMSVC (755519f49906b73c1fe9cbbf75e347ea) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 18:25:37.0905 41052 IJPLMSVC - ok 18:25:37.0949 41052 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll 18:25:37.0968 41052 IKEEXT - ok 18:25:38.0037 41052 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys 18:25:38.0039 41052 int15 - ok 18:25:38.0137 41052 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys 18:25:38.0175 41052 IntcAzAudAddService - ok 18:25:38.0288 41052 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 18:25:38.0290 41052 intelide - ok 18:25:38.0314 41052 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 18:25:38.0316 41052 intelppm - ok 18:25:38.0344 41052 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll 18:25:38.0348 41052 IPBusEnum - ok 18:25:38.0386 41052 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:25:38.0388 41052 IpFilterDriver - ok 18:25:38.0428 41052 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll 18:25:38.0444 41052 iphlpsvc - ok 18:25:38.0448 41052 IpInIp - ok 18:25:38.0475 41052 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 18:25:38.0478 41052 IPMIDRV - ok 18:25:38.0491 41052 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 18:25:38.0503 41052 IPNAT - ok 18:25:38.0681 41052 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe 18:25:38.0712 41052 iPod Service - ok 18:25:38.0735 41052 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 18:25:38.0737 41052 IRENUM - ok 18:25:38.0763 41052 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 18:25:38.0765 41052 isapnp - ok 18:25:38.0796 41052 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 18:25:38.0800 41052 iScsiPrt - ok 18:25:38.0817 41052 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 18:25:38.0818 41052 iteatapi - ok 18:25:38.0839 41052 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 18:25:38.0841 41052 iteraid - ok 18:25:38.0854 41052 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 18:25:38.0855 41052 kbdclass - ok 18:25:38.0878 41052 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 18:25:38.0879 41052 kbdhid - ok 18:25:38.0901 41052 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 18:25:38.0903 41052 KeyIso - ok 18:25:38.0956 41052 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys 18:25:38.0989 41052 KSecDD - ok 18:25:39.0033 41052 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 18:25:39.0034 41052 ksthunk - ok 18:25:39.0075 41052 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll 18:25:39.0094 41052 KtmRm - ok 18:25:39.0135 41052 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll 18:25:39.0154 41052 LanmanServer - ok 18:25:39.0236 41052 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll 18:25:39.0253 41052 LanmanWorkstation - ok 18:25:39.0310 41052 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 18:25:39.0312 41052 LightScribeService - ok 18:25:39.0333 41052 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 18:25:39.0334 41052 lltdio - ok 18:25:39.0382 41052 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll 18:25:39.0389 41052 lltdsvc - ok 18:25:39.0403 41052 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll 18:25:39.0405 41052 lmhosts - ok 18:25:39.0431 41052 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 18:25:39.0442 41052 LSI_FC - ok 18:25:39.0465 41052 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 18:25:39.0469 41052 LSI_SAS - ok 18:25:39.0883 41052 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 18:25:39.0885 41052 LSI_SCSI - ok 18:25:39.0905 41052 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 18:25:39.0917 41052 luafv - ok 18:25:39.0922 41052 LVPr2M64 - ok 18:25:39.0953 41052 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 18:25:39.0954 41052 MBAMProtector - ok 18:25:40.0029 41052 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:25:40.0041 41052 MBAMService - ok 18:25:40.0062 41052 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll 18:25:40.0065 41052 Mcx2Svc - ok 18:25:40.0091 41052 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 18:25:40.0093 41052 mdmxsdk - ok 18:25:40.0115 41052 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 18:25:40.0117 41052 megasas - ok 18:25:40.0160 41052 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 18:25:40.0170 41052 MegaSR - ok 18:25:40.0219 41052 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys 18:25:40.0224 41052 mfeavfk - ok 18:25:40.0261 41052 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys 18:25:40.0275 41052 mfehidk - ok 18:25:40.0293 41052 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys 18:25:40.0295 41052 mferkdk - ok 18:25:40.0331 41052 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys 18:25:40.0333 41052 mfesmfk - ok 18:25:40.0357 41052 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 18:25:40.0359 41052 MMCSS - ok 18:25:40.0373 41052 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 18:25:40.0374 41052 Modem - ok 18:25:40.0398 41052 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 18:25:40.0399 41052 monitor - ok 18:25:40.0409 41052 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 18:25:40.0411 41052 mouclass - ok 18:25:40.0436 41052 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 18:25:40.0437 41052 mouhid - ok 18:25:40.0451 41052 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 18:25:40.0453 41052 MountMgr - ok 18:25:40.0508 41052 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:25:40.0520 41052 MozillaMaintenance - ok 18:25:40.0552 41052 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 18:25:40.0563 41052 mpio - ok 18:25:40.0598 41052 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 18:25:40.0600 41052 mpsdrv - ok 18:25:40.0614 41052 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 18:25:40.0616 41052 Mraid35x - ok 18:25:40.0648 41052 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\MRVW24C.sys 18:25:40.0695 41052 MRV6X64U - ok 18:25:41.0360 41052 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 18:25:41.0363 41052 MRxDAV - ok 18:25:41.0395 41052 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:25:41.0406 41052 mrxsmb - ok 18:25:41.0453 41052 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:25:41.0460 41052 mrxsmb10 - ok 18:25:41.0471 41052 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:25:41.0473 41052 mrxsmb20 - ok 18:25:41.0492 41052 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 18:25:41.0494 41052 msahci - ok 18:25:41.0550 41052 MSCamSvc (a2f24ce648f4b790607d264aaa895936) C:\Program Files\Microsoft LifeCam\MSCamS64.exe 18:25:41.0557 41052 MSCamSvc - ok 18:25:42.0072 41052 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 18:25:42.0100 41052 msdsm - ok 18:25:42.0140 41052 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe 18:25:42.0152 41052 MSDTC - ok 18:25:42.0177 41052 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 18:25:42.0178 41052 Msfs - ok 18:25:42.0208 41052 MSHUSBVideo (956e3c9aca0ccec254dcc76811e89c11) C:\Windows\system32\Drivers\nx6000.sys 18:25:42.0210 41052 MSHUSBVideo - ok 18:25:42.0245 41052 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 18:25:42.0247 41052 msisadrv - ok 18:25:42.0273 41052 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll 18:25:42.0292 41052 MSiSCSI - ok 18:25:42.0296 41052 msiserver - ok 18:25:42.0328 41052 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 18:25:42.0329 41052 MSKSSRV - ok 18:25:42.0337 41052 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 18:25:42.0339 41052 MSPCLOCK - ok 18:25:42.0366 41052 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 18:25:42.0368 41052 MSPQM - ok 18:25:42.0420 41052 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 18:25:42.0426 41052 MsRPC - ok 18:25:42.0440 41052 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 18:25:42.0441 41052 mssmbios - ok 18:25:42.0458 41052 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 18:25:42.0459 41052 MSTEE - ok 18:25:42.0466 41052 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 18:25:42.0469 41052 Mup - ok 18:25:42.0547 41052 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe 18:25:42.0559 41052 N360 - ok 18:25:42.0605 41052 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll 18:25:42.0624 41052 napagent - ok 18:25:42.0680 41052 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 18:25:42.0689 41052 NativeWifiP - ok 18:25:42.0927 41052 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe 18:25:42.0936 41052 NAUpdate - ok 18:25:43.0045 41052 NAVENG - ok 18:25:43.0051 41052 NAVEX15 - ok 18:25:43.0410 41052 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 18:25:43.0433 41052 NDIS - ok 18:25:43.0497 41052 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 18:25:43.0528 41052 NdisTapi - ok 18:25:43.0545 41052 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 18:25:43.0546 41052 Ndisuio - ok 18:25:43.0921 41052 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 18:25:43.0929 41052 NdisWan - ok 18:25:43.0942 41052 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 18:25:43.0944 41052 NDProxy - ok 18:25:43.0952 41052 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 18:25:43.0954 41052 NetBIOS - ok 18:25:43.0989 41052 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 18:25:43.0996 41052 netbt - ok 18:25:44.0026 41052 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 18:25:44.0027 41052 Netlogon - ok 18:25:44.0066 41052 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll 18:25:44.0073 41052 Netman - ok 18:25:44.0103 41052 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll 18:25:44.0126 41052 netprofm - ok 18:25:44.0188 41052 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:25:44.0200 41052 NetTcpPortSharing - ok 18:25:44.0222 41052 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 18:25:44.0224 41052 nfrd960 - ok 18:25:44.0245 41052 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll 18:25:44.0250 41052 NlaSvc - ok 18:25:44.0271 41052 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 18:25:44.0273 41052 Npfs - ok 18:25:44.0311 41052 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll 18:25:44.0322 41052 nsi - ok 18:25:44.0336 41052 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 18:25:44.0337 41052 nsiproxy - ok 18:25:45.0523 41052 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 18:25:45.0565 41052 Ntfs - ok 18:25:46.0501 41052 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 18:25:46.0512 41052 Null - ok 18:25:46.0534 41052 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 18:25:46.0546 41052 nvraid - ok 18:25:46.0562 41052 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 18:25:46.0564 41052 nvstor - ok 18:25:46.0599 41052 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 18:25:46.0603 41052 nv_agp - ok 18:25:46.0607 41052 NwlnkFlt - ok 18:25:46.0615 41052 NwlnkFwd - ok 18:25:47.0737 41052 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:25:47.0854 41052 odserv - ok 18:25:47.0990 41052 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 18:25:47.0993 41052 ohci1394 - ok 18:25:48.0173 41052 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:25:48.0181 41052 ose - ok 18:25:48.0561 41052 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 18:25:48.0786 41052 p2pimsvc - ok 18:25:48.0796 41052 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 18:25:48.0804 41052 p2psvc - ok 18:25:49.0861 41052 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys 18:25:49.0872 41052 Parport - ok 18:25:49.0919 41052 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys 18:25:49.0921 41052 partmgr - ok 18:25:49.0949 41052 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll 18:25:49.0962 41052 PcaSvc - ok 18:25:50.0149 41052 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 18:25:50.0192 41052 pci - ok 18:25:50.0297 41052 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 18:25:50.0332 41052 pciide - ok 18:25:51.0387 41052 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 18:25:51.0420 41052 pcmcia - ok 18:25:52.0128 41052 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 18:25:52.0147 41052 PEAUTH - ok 18:25:52.0414 41052 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe 18:25:52.0446 41052 PerfHost - ok 18:25:52.0902 41052 PID_0928 (b47dee29b5e6e1939567a926c7a3e6a4) C:\Windows\system32\DRIVERS\LV561V64.SYS 18:25:52.0960 41052 PID_0928 - ok 18:25:54.0417 41052 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll 18:25:54.0485 41052 pla - ok 18:25:54.0543 41052 PLTurbh (3be92b7432bc07ad1e88260c1e1c60f5) C:\Windows\system32\drivers\plturbh.sys 18:25:54.0559 41052 PLTurbh - ok 18:25:54.0589 41052 PLTurbo (7e75ec3c77a4158d92d1c27bd221412d) C:\Windows\system32\drivers\plturbo.sys 18:25:54.0590 41052 PLTurbo - ok 18:25:55.0214 41052 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll 18:25:55.0231 41052 PlugPlay - ok 18:25:55.0392 41052 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 18:25:55.0400 41052 PNRPAutoReg - ok 18:25:55.0411 41052 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 18:25:55.0419 41052 PNRPsvc - ok 18:25:56.0790 41052 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll 18:25:56.0799 41052 PolicyAgent - ok 18:25:57.0421 41052 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 18:25:57.0437 41052 PptpMiniport - ok 18:25:57.0456 41052 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys 18:25:57.0457 41052 Processor - ok 18:25:57.0491 41052 PROCEXP113 (c56a9ed0192c5a2b39691e54f2132a2f) C:\Windows\system32\Drivers\PROCEXP113.SYS 18:25:57.0515 41052 PROCEXP113 - ok 18:25:57.0545 41052 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll 18:25:57.0555 41052 ProfSvc - ok 18:25:57.0583 41052 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 18:25:57.0584 41052 ProtectedStorage - ok 18:25:57.0970 41052 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 18:25:57.0972 41052 PSched - ok 18:25:58.0011 41052 PxHlpa64 (24dd667d22dbd29618947c804e23aa03) C:\Windows\system32\Drivers\PxHlpa64.sys 18:25:58.0013 41052 PxHlpa64 - ok 18:25:58.0433 41052 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 18:25:58.0485 41052 ql2300 - ok 18:25:58.0512 41052 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 18:25:58.0523 41052 ql40xx - ok 18:25:58.0978 41052 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll 18:25:59.0008 41052 QWAVE - ok 18:25:59.0029 41052 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 18:25:59.0032 41052 QWAVEdrv - ok 18:25:59.0050 41052 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 18:25:59.0052 41052 RasAcd - ok 18:25:59.0084 41052 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll 18:25:59.0087 41052 RasAuto - ok 18:25:59.0115 41052 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:25:59.0127 41052 Rasl2tp - ok 18:25:59.0410 41052 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll 18:25:59.0430 41052 RasMan - ok 18:25:59.0708 41052 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 18:25:59.0714 41052 RasPppoe - ok 18:25:59.0740 41052 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 18:25:59.0743 41052 RasSstp - ok 18:25:59.0783 41052 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 18:25:59.0797 41052 rdbss - ok 18:25:59.0817 41052 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:25:59.0818 41052 RDPCDD - ok 18:25:59.0852 41052 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 18:25:59.0875 41052 rdpdr - ok 18:25:59.0880 41052 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 18:25:59.0882 41052 RDPENCDD - ok 18:25:59.0919 41052 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys 18:25:59.0930 41052 RDPWD - ok 18:25:59.0960 41052 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll 18:25:59.0965 41052 RemoteAccess - ok 18:26:00.0003 41052 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll 18:26:00.0012 41052 RemoteRegistry - ok 18:26:00.0087 41052 RichVideo (d1f1d0ee50f8c070a612796676971699) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 18:26:00.0095 41052 RichVideo - ok 18:26:00.0130 41052 Roxio UPnP Renderer 9 (a189a928896f240fe5247be60623fc07) C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe 18:26:00.0131 41052 Roxio UPnP Renderer 9 - ok 18:26:00.0158 41052 Roxio Upnp Server 9 (fdd632f943f2650ee7928ff6841cb6b2) C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe 18:26:00.0179 41052 Roxio Upnp Server 9 - ok 18:26:00.0402 41052 RoxLiveShare9 (a6a0c81e275ae2eba46dde1216a9e557) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe 18:26:00.0423 41052 RoxLiveShare9 - ok 18:26:01.0617 41052 RoxMediaDB9 (b3868bb4948d1f6579fa1906c038424e) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 18:26:01.0642 41052 RoxMediaDB9 - ok 18:26:01.0685 41052 RoxWatch9 (3c2449d45aede29b06050557efa2f5e1) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 18:26:01.0720 41052 RoxWatch9 - ok 18:26:02.0465 41052 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe 18:26:02.0466 41052 RpcLocator - ok 18:26:03.0043 41052 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 18:26:03.0050 41052 RpcSs - ok 18:26:03.0480 41052 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 18:26:03.0486 41052 rspndr - ok 18:26:03.0522 41052 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys 18:26:03.0531 41052 RTHDMIAzAudService - ok 18:26:03.0554 41052 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS 18:26:03.0557 41052 RTSTOR - ok 18:26:03.0579 41052 RxFilter (24a20afab6fd388fd2f4ddc3a5b6d8b1) C:\Windows\system32\DRIVERS\RxFilter.sys 18:26:03.0580 41052 RxFilter - ok 18:26:03.0607 41052 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 18:26:03.0609 41052 SamSs - ok 18:26:04.0150 41052 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 18:26:04.0162 41052 sbp2port - ok 18:26:04.0193 41052 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll 18:26:04.0212 41052 SCardSvr - ok 18:26:04.0247 41052 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys 18:26:04.0249 41052 SCDEmu - ok 18:26:04.0428 41052 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll 18:26:04.0456 41052 Schedule - ok 18:26:04.0774 41052 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 18:26:04.0775 41052 SCPolicySvc - ok 18:26:05.0375 41052 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll 18:26:05.0382 41052 SDRSVC - ok 18:26:05.0395 41052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:26:05.0397 41052 secdrv - ok 18:26:05.0418 41052 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll 18:26:05.0421 41052 seclogon - ok 18:26:05.0451 41052 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll 18:26:05.0457 41052 SENS - ok 18:26:05.0471 41052 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys 18:26:05.0472 41052 Serenum - ok 18:26:05.0491 41052 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys 18:26:05.0496 41052 Serial - ok 18:26:05.0509 41052 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 18:26:05.0510 41052 sermouse - ok 18:26:06.0031 41052 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll 18:26:06.0102 41052 SessionEnv - ok 18:26:06.0133 41052 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 18:26:06.0134 41052 sffdisk - ok 18:26:06.0148 41052 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 18:26:06.0150 41052 sffp_mmc - ok 18:26:06.0166 41052 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 18:26:06.0167 41052 sffp_sd - ok 18:26:06.0187 41052 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 18:26:06.0189 41052 sfloppy - ok 18:26:06.0232 41052 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll 18:26:06.0255 41052 ShellHWDetection - ok 18:26:06.0282 41052 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 18:26:06.0284 41052 SiSRaid2 - ok 18:26:06.0307 41052 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 18:26:06.0313 41052 SiSRaid4 - ok 18:26:06.0721 41052 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe 18:26:06.0982 41052 slsvc - ok 18:26:08.0396 41052 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll 18:26:08.0402 41052 SLUINotify - ok 18:26:08.0650 41052 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 18:26:08.0664 41052 Smb - ok 18:26:08.0700 41052 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe 18:26:08.0702 41052 SNMPTRAP - ok 18:26:08.0724 41052 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 18:26:08.0726 41052 spldr - ok 18:26:08.0758 41052 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe 18:26:08.0807 41052 Spooler - ok 18:26:08.0883 41052 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys 18:26:08.0883 41052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c 18:26:08.0886 41052 sptd ( LockedFile.Multi.Generic ) - warning 18:26:08.0886 41052 sptd - detected LockedFile.Multi.Generic (1) 18:26:09.0421 41052 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS 18:26:09.0436 41052 SRTSP - ok 18:26:09.0499 41052 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS 18:26:09.0499 41052 SRTSPX - ok 18:26:09.0546 41052 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 18:26:09.0577 41052 srv - ok 18:26:09.0592 41052 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 18:26:09.0592 41052 srv2 - ok 18:26:09.0624 41052 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 18:26:09.0639 41052 srvnet - ok 18:26:09.0655 41052 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll 18:26:09.0670 41052 SSDPSRV - ok 18:26:09.0702 41052 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll 18:26:09.0717 41052 SstpSvc - ok 18:26:09.0733 41052 StarOpen - ok 18:26:09.0780 41052 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll 18:26:09.0795 41052 stisvc - ok 18:26:09.0835 41052 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 18:26:09.0845 41052 stllssvr - ok 18:26:09.0865 41052 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 18:26:09.0865 41052 swenum - ok 18:26:09.0905 41052 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll 18:26:09.0925 41052 swprv - ok 18:26:09.0945 41052 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 18:26:09.0955 41052 Symc8xx - ok 18:26:10.0025 41052 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS 18:26:10.0035 41052 SymDS - ok 18:26:10.0075 41052 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS 18:26:10.0085 41052 SymEFA - ok 18:26:10.0125 41052 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 18:26:10.0135 41052 SymEvent - ok 18:26:10.0165 41052 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS 18:26:10.0185 41052 SymIRON - ok 18:26:10.0225 41052 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS 18:26:10.0245 41052 SYMTDIv - ok 18:26:10.0265 41052 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 18:26:10.0265 41052 Sym_hi - ok 18:26:10.0275 41052 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 18:26:10.0285 41052 Sym_u3 - ok 18:26:10.0425 41052 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll 18:26:10.0455 41052 SysMain - ok 18:26:10.0515 41052 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll 18:26:10.0535 41052 TabletInputService - ok 18:26:10.0565 41052 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll 18:26:10.0575 41052 TapiSrv - ok 18:26:10.0585 41052 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll 18:26:10.0595 41052 TBS - ok 18:26:11.0427 41052 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys 18:26:11.0487 41052 Tcpip - ok 18:26:11.0503 41052 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys 18:26:11.0515 41052 Tcpip6 - ok 18:26:11.0701 41052 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 18:26:11.0758 41052 tcpipreg - ok 18:26:11.0783 41052 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 18:26:11.0785 41052 TDPIPE - ok 18:26:11.0799 41052 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 18:26:11.0801 41052 TDTCP - ok 18:26:11.0828 41052 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 18:26:11.0833 41052 tdx - ok 18:26:11.0850 41052 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 18:26:11.0852 41052 TermDD - ok 18:26:12.0432 41052 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll 18:26:12.0442 41052 TermService - ok 18:26:13.0177 41052 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll 18:26:13.0181 41052 Themes - ok 18:26:13.0201 41052 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 18:26:13.0203 41052 THREADORDER - ok 18:26:13.0269 41052 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 18:26:13.0274 41052 TomTomHOMEService - ok 18:26:13.0304 41052 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll 18:26:13.0316 41052 TrkWks - ok 18:26:13.0351 41052 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe 18:26:13.0353 41052 TrustedInstaller - ok 18:26:13.0396 41052 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:26:13.0398 41052 tssecsrv - ok 18:26:13.0423 41052 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 18:26:13.0424 41052 tunmp - ok 18:26:13.0447 41052 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 18:26:13.0448 41052 tunnel - ok 18:26:13.0464 41052 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 18:26:13.0467 41052 uagp35 - ok 18:26:13.0501 41052 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 18:26:13.0540 41052 udfs - ok 18:26:13.0561 41052 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe 18:26:13.0564 41052 UI0Detect - ok 18:26:13.0590 41052 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 18:26:13.0592 41052 uliagpkx - ok 18:26:13.0623 41052 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 18:26:13.0629 41052 uliahci - ok 18:26:13.0657 41052 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 18:26:13.0668 41052 UlSata - ok 18:26:13.0691 41052 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 18:26:13.0701 41052 ulsata2 - ok 18:26:13.0714 41052 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 18:26:13.0716 41052 umbus - ok 18:26:13.0743 41052 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll 18:26:13.0757 41052 upnphost - ok 18:26:13.0786 41052 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 18:26:13.0788 41052 USBAAPL64 - ok 18:26:13.0822 41052 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 18:26:13.0827 41052 usbaudio - ok 18:26:13.0860 41052 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 18:26:13.0863 41052 usbccgp - ok 18:26:13.0885 41052 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 18:26:13.0887 41052 usbcir - ok 18:26:13.0914 41052 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 18:26:13.0916 41052 usbehci - ok 18:26:13.0950 41052 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 18:26:13.0957 41052 usbhub - ok 18:26:13.0974 41052 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys 18:26:13.0975 41052 usbohci - ok 18:26:13.0995 41052 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 18:26:13.0997 41052 usbprint - ok 18:26:14.0036 41052 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 18:26:14.0038 41052 usbscan - ok 18:26:14.0058 41052 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:26:14.0060 41052 USBSTOR - ok 18:26:14.0074 41052 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 18:26:14.0076 41052 usbuhci - ok 18:26:14.0122 41052 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys 18:26:14.0132 41052 usbvideo - ok 18:26:14.0181 41052 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll 18:26:14.0183 41052 UxSms - ok 18:26:14.0230 41052 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe 18:26:14.0265 41052 vds - ok 18:26:14.0283 41052 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 18:26:14.0284 41052 vga - ok 18:26:14.0300 41052 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 18:26:14.0302 41052 VgaSave - ok 18:26:14.0318 41052 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 18:26:14.0320 41052 viaide - ok 18:26:14.0339 41052 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 18:26:14.0341 41052 volmgr - ok 18:26:14.0388 41052 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 18:26:14.0440 41052 volmgrx - ok 18:26:14.0485 41052 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 18:26:14.0507 41052 volsnap - ok 18:26:14.0530 41052 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 18:26:14.0541 41052 vsmraid - ok 18:26:15.0004 41052 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe 18:26:15.0047 41052 VSS - ok 18:26:15.0407 41052 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll 18:26:15.0445 41052 W32Time - ok 18:26:15.0541 41052 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 18:26:15.0543 41052 WacomPen - ok 18:26:15.0578 41052 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 18:26:15.0583 41052 Wanarp - ok 18:26:15.0588 41052 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 18:26:15.0589 41052 Wanarpv6 - ok 18:26:15.0633 41052 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll 18:26:15.0652 41052 wcncsvc - ok 18:26:15.0683 41052 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll 18:26:15.0686 41052 WcsPlugInService - ok 18:26:15.0697 41052 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 18:26:15.0698 41052 Wd - ok 18:26:15.0729 41052 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys 18:26:15.0730 41052 WDC_SAM - ok 18:26:15.0819 41052 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 18:26:15.0835 41052 Wdf01000 - ok 18:26:15.0854 41052 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 18:26:15.0859 41052 WdiServiceHost - ok 18:26:15.0863 41052 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 18:26:15.0866 41052 WdiSystemHost - ok 18:26:15.0900 41052 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll 18:26:15.0926 41052 WebClient - ok 18:26:15.0970 41052 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll 18:26:16.0011 41052 Wecsvc - ok 18:26:16.0029 41052 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll 18:26:16.0033 41052 wercplsupport - ok 18:26:16.0047 41052 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll 18:26:16.0051 41052 WerSvc - ok 18:26:16.0422 41052 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 18:26:16.0448 41052 winachsf - ok 18:26:16.0483 41052 WinDefend - ok 18:26:16.0493 41052 WinHttpAutoProxySvc - ok 18:26:17.0274 41052 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll 18:26:17.0296 41052 Winmgmt - ok 18:26:17.0485 41052 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll 18:26:17.0552 41052 WinRM - ok 18:26:18.0216 41052 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll 18:26:18.0246 41052 Wlansvc - ok 18:26:18.0409 41052 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 18:26:18.0410 41052 WmiAcpi - ok 18:26:18.0471 41052 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe 18:26:18.0497 41052 wmiApSrv - ok 18:26:18.0643 41052 WMPNetworkSvc - ok 18:26:19.0079 41052 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll 18:26:19.0090 41052 WPCSvc - ok 18:26:19.0173 41052 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll 18:26:19.0235 41052 WPDBusEnum - ok 18:26:19.0273 41052 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 18:26:19.0275 41052 WpdUsb - ok 18:26:19.0428 41052 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 18:26:19.0452 41052 WPFFontCache_v0400 - ok 18:26:19.0486 41052 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 18:26:19.0488 41052 ws2ifsl - ok 18:26:19.0519 41052 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll 18:26:19.0532 41052 wscsvc - ok 18:26:19.0536 41052 WSearch - ok 18:26:21.0427 41052 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 18:26:21.0505 41052 wuauserv - ok 18:26:21.0610 41052 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:26:21.0663 41052 WUDFRd - ok 18:26:21.0927 41052 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll 18:26:21.0937 41052 wudfsvc - ok 18:26:21.0963 41052 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys 18:26:21.0964 41052 XAudio - ok 18:26:22.0009 41052 XAudioService (510652a925b5d6c3892379d263a87f00) C:\Windows\system32\DRIVERS\xaudio64.exe 18:26:22.0020 41052 XAudioService - ok 18:26:22.0437 41052 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 18:26:22.0448 41052 YahooAUService - ok 18:26:22.0452 41052 yksvc - ok 18:26:22.0646 41052 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys 18:26:22.0664 41052 yukonx64 - ok 18:26:22.0692 41052 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0 18:26:25.0790 41052 \Device\Harddisk0\DR0 - ok 18:26:25.0795 41052 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1 18:26:25.0801 41052 \Device\Harddisk1\DR1 - ok 18:26:26.0354 41052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6 18:26:26.0359 41052 \Device\Harddisk6\DR6 - ok 18:26:26.0365 41052 MBR (0x1B8) (31cfc50fbd443daeec9a5c7ae8da8f6d) \Device\Harddisk7\DR7 18:26:41.0417 41052 \Device\Harddisk7\DR7 - ok 18:26:41.0432 41052 Boot (0x1200) (4095eb59d8b26087687d26edc79b90c5) \Device\Harddisk0\DR0\Partition0 18:26:41.0434 41052 \Device\Harddisk0\DR0\Partition0 - ok 18:26:41.0439 41052 Boot (0x1200) (8d4488fe63027fa039c6b8112d8bd108) \Device\Harddisk1\DR1\Partition0 18:26:41.0813 41052 \Device\Harddisk1\DR1\Partition0 - ok 18:26:42.0374 41052 Boot (0x1200) (561173cbcbb415f3d048e76ae60094bd) \Device\Harddisk6\DR6\Partition0 18:26:42.0405 41052 \Device\Harddisk6\DR6\Partition0 - ok 18:26:42.0410 41052 Boot (0x1200) (b5c2a5fae437632f43a2d997ba3bfe93) \Device\Harddisk7\DR7\Partition0 18:26:42.0412 41052 \Device\Harddisk7\DR7\Partition0 - ok 18:26:42.0412 41052 ============================================================ 18:26:42.0412 41052 Scan finished 18:26:42.0412 41052 ============================================================ 18:26:42.0426 40608 Detected object count: 1 18:26:42.0426 40608 Actual detected object count: 1 18:40:51.0225 40608 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 18:40:51.0242 40608 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 18:40:51.0259 40608 HKLM\SYSTEM\controlset002\services\sptd - will be deleted on reboot 18:40:51.0461 40608 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot 18:40:51.0461 40608 sptd ( LockedFile.Multi.Generic ) - User select action: Delete 18:40:57.0140 38216 Deinitialize success
  5. I understand. Besides you're trying to help me so I have no reason to get upset.
  6. Usually it starts up quickly then it slows down on I believe C drive output. Briefly a something pops up that has to lines of differing colors but it comes on screen and is gone very quickly.
  7. One second it seems to be running fine, then it slows down considerably and then it's just done with no notification or anything. Here's another look at my C drive if you need to see it.
  8. I tried your instructions. It seemed to go through okay.
  9. The exact error says Error opening file for writing: C:\32788R22FWJFw\License\iexplore.exe Click Abort to stop the installation Retry to try again or Ignore to skip this file
  10. Combofix continues to hit an error on a file. I tell it to ignore the file and it continues to run. Unfortunately it has not produced a log for me.
  11. Sorry it's taking this long. Combofix has been hitting an error on a particular file.
  12. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by tim at 20:16:37 on 2012-07-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1284 [GMT -4:00] . AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\MHotKey.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agr64svc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\RUNDLL32.EXE C:\Windows\ChiFuncExt.exe C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\RAVCpl64.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\CNYHKey.exe C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Windows\ModLedKey.exe C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\consent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\msiexec.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\notepad.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bgol.us/board/forumdisplay.php?f=41&order=desc mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0109&m=dx4200-09 uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll uWindows: Load=C:\Users\tim\LOCALS~1\Temp\mscikzd.bat BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [LchDrvKey] LchDrvKey.exe mRun: [LedKey] CNYHKey.exe mRun: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A mRun: [eRecoveryService] mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [WD Button Manager] WDBtnMgr.exe mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" mRun: [<NO NAME>] mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" mRun: [Prolific_OneButton] C:\Program Files (x86)\USBFast\OneBtn.exe mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mExplorerRun: [15129] C:\PROGRA~3\LOCALS~1\Temp\msnrjo.exe StartupFolder: C:\Users\tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WDANYW~1.LNK - C:\Users\tim\AppData\Roaming\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {05BA0540-AFBA-4046-AB45-6FF554DFB9A2} - {B42BB49F-1437-447D-998C-7566DFF8AC83} - C:\Program Files (x86)\Advanced IE History Bar\AdvHistoryBar.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DAF42361-B95B-444F-B664-47AF6257FC2F} : DhcpNameServer = 192.168.1.1 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll BHO-X64: AskBar BHO - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll BHO-X64: facemoods Helper - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll TB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [LchDrvKey] LchDrvKey.exe mRun-x64: [LedKey] CNYHKey.exe mRun-x64: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A mRun-x64: [eRecoveryService] mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [WD Button Manager] WDBtnMgr.exe mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun-x64: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" mRun-x64: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" mRun-x64: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" mRun-x64: [Prolific_OneButton] C:\Program Files (x86)\USBFast\OneBtn.exe mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\f34b32ao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://www.bgol.us/board/forumdisplay.php?f=41&order=desc FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216] R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?] R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111223.001\IDSviA64.sys [2011-12-23 488568] R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?] R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?] R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?] R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?] R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?] R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?] R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?] R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?] R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?] R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-1-21 24576] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-30 654408] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-11-4 126400] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592] R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?] S1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate1ca6d577e060a90;Google Update Service (gupdate1ca6d577e060a90);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-24 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-13 138360] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-24 133104] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-28 113120] S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\MRVW24C.sys --> C:\Windows\system32\DRIVERS\MRVW24C.sys [?] S3 MSHUSBVideo;NX3000/NX6000/VX5000/VX5500/VX2000/VX7000 Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 PLTurbh;Prolific turbo filter driver for hdd;C:\Windows\system32\drivers\plturbh.sys --> C:\Windows\system32\drivers\plturbh.sys [?] S3 PLTurbo;Prolific turbo filter driver for odd;C:\Windows\system32\drivers\plturbo.sys --> C:\Windows\system32\drivers\plturbo.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-31 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-07-09 09:27:19 -------- d-----w- C:\Windows\SysWow64\?? 2012-07-07 10:18:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-06 10:04:25 98816 ----a-w- C:\Windows\sed.exe 2012-07-06 10:04:25 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-06 10:04:25 256000 ----a-w- C:\Windows\PEV.exe 2012-07-06 10:04:25 208896 ----a-w- C:\Windows\MBR.exe 2012-07-06 10:03:42 -------- d-s---w- C:\ComboFix 2012-07-05 21:16:35 -------- d-----w- C:\Users\tim\AppData\Roaming\Tific 2012-06-30 00:19:46 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-30 00:19:46 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-28 05:17:03 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-28 05:16:58 624608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-06-28 05:16:58 43488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-06-28 05:16:58 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-28 05:16:58 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-25 19:37:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-25 19:36:41 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-25 19:36:41 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll 2012-06-25 19:36:10 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-25 19:36:10 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2012-06-25 19:36:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-25 19:36:10 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2012-06-24 02:24:14 -------- d-----w- C:\Users\tim\AppData\Local\Macromedia 2012-06-12 23:16:56 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-12 23:16:54 2767360 ----a-w- C:\Windows\System32\win32k.sys 2012-06-12 23:16:38 1267200 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-12 23:16:37 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-12 23:16:37 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-12 23:16:37 174592 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-12 23:16:37 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-12 23:16:37 132096 ----a-w- C:\Windows\System32\cryptnet.dll . ==================== Find3M ==================== . 2012-06-24 00:09:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-24 00:09:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 20:20:07.00 ===============
  13. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.09.14 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 tim :: TIM-PC [administrator] Protection: Enabled 7/9/2012 8:05:18 PM mbam-log-2012-07-09 (20-11-00)8-15 Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 233378 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\tim\LOCALS~1\Temp\mscikzd.bat -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|15129 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msnrjo.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected)
  14. My computer started to act funny a couple of days ago and it appears that trojans have invaded my system. The particular trojans are bc miner as well as ransom trojan and an agent trojan that are both in the registry. What should I do in order to get rid of the infections?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.