Jump to content

Missing programe files after Trojan.Gen.2


Recommended Posts

Hi, I'm new to all this so I hope the following makes sense as I could really do with some help.

Last night Norton 360 popped up saying it had found and deleted the following:

Trojan.Gen.2

Under more info, Norton stated the following:

infected file: c:\program files\mozilla firefox\extensions\{ada1d258-4fa3-db1a-3139-28e69e24c4f3}\componentszjarboia.dll NO FIX ATTEMPTED

infected file: c:\program files\mozilla firefox\extensions\{ada1d258-4fa3-db1a-3139-28e69e24c4f3}\componentszjarboia.dll REMOVED

I then noticed that when I clicked on my windows start button and I click on programe files - loads of them are missing. Things like my accessories menu is still there but only contains 4 things. Programe files like openoffice have disapeared off the list. I can still access all my files if I use the search facility or if I go to 'my computer, c drive, programe files etc.

I followed the advise on here and ran Malwarebytes which came up as finding 'trojan.vundo' and I used Malwarebytes to delete this. Re-ran Malwarebytes and system comes up clean but still my files are missing.

Is there a way to get them back?

I have downloaded and run DDS and am copying and pasting the two logs below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Catherine at 12:54:53 on 2012-03-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1482 [GMT 0:00]

.

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Catherine\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Catherine\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://virginmedia.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

uSearch Page =

uSearch Bar =

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - c:\program files\premiumplay codec-c\Premiumplay Codec-C.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Codec-C Class: {26ab07e2-9562-409c-83f1-d68e0b79169e} - c:\programdata\codec-c\bhoclass.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [Akamai NetSession Interface] "c:\users\catherine\appdata\local\akamai\netsession_win.exe"

uRun: [Google Update] "c:\users\catherine\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [b2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NPSStartup]

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100

TCP: Interfaces\{31EF2FCA-9C2B-4D08-9B67-EC318C45DE63} : DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-31 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-31 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-20 820856]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120321.001\IDSvix86.sys [2012-3-22 368248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-31 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-1-31 331384]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-1-29 238952]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-26 365952]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-26 193840]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-1-29 36608]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-1-24 122984]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca1605de2dd513;Google Update Service (gupdate1ca1605de2dd513);c:\program files\google\update\GoogleUpdate.exe [2009-8-5 133104]

S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [2010-9-11 16896]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-5 133104]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2012-1-29 98432]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2012-1-29 14848]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2012-1-29 123648]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-22 11:39:08 -------- d-----w- c:\users\catherine\appdata\roaming\Malwarebytes

2012-03-22 11:38:51 -------- d-----w- c:\programdata\Malwarebytes

2012-03-22 11:38:50 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-22 11:38:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-22 01:22:28 -------- d-----w- c:\users\catherine\appdata\roaming\Tific

2012-03-21 13:03:36 -------- d-----w- c:\users\catherine\appdata\roaming\casualArts

2012-03-21 13:03:36 -------- d-----w- c:\programdata\casualArts

2012-03-21 13:01:35 -------- d-----w- c:\program files\Easter Eggztravaganza

2012-03-19 19:24:53 -------- d-----w- c:\program files\Nancy Drew - Secret of Shadow Ranch

2012-03-15 23:02:24 -------- d-----w- c:\programdata\Codec-C

2012-03-09 16:21:50 -------- d-----w- c:\users\catherine\appdata\roaming\DarkParablesBriarRoseSE_BFG

2012-03-07 11:34:38 -------- d-----w- c:\program files\Mystery Trackers - Black Isle Collector's Edition

2012-02-26 23:22:32 -------- d-----w- c:\program files\Depths of Betrayal Collector's Edition

2012-02-26 00:26:44 -------- d-----w- c:\users\catherine\appdata\roaming\Artogon

2012-02-23 10:51:54 -------- d-----w- c:\program files\The Surprising Adventures of Munchausen

.

==================== Find3M ====================

.

2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 12:55:19.66 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 14/06/2009 19:30:25

System Uptime: 22/03/2012 12:17:40 (0 hours ago)

.

Motherboard: Wistron | | 303C

Processor: AMD Athlon Dual-Core QL-65 | Socket A | 2100/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 137.496 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.764 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.1

Adobe Shockwave Player

Akamai NetSession Interface

Akamai NetSession Interface Service

Amazon Kindle

Amazon MP3 Downloader 1.0.9

Angry Birds

Angry Birds Rio

Angry Birds Seasons

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Big Fish Games: Game Manager

Bonjour

Burger Shop

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Codec-C

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CyberLink DVD Suite

CyberLink YouCam

D3DX10

Depths of Betrayal Collector's Edition

DivX Version Checker

DivX Web Player

Easter Eggztravaganza

ESU for Microsoft Vista

Eusing Free Registry Cleaner

Family Tree Maker 2011

Google Chrome

Google Earth

Google Update Helper

Google Updater

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Games

HP Help and Support

HP Quick Launch Buttons 6.40 H2

HP Total Care Advisor

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

HPTCSSetup

Hunting Unlimited 2008

Hunting Unlimited 2011

Infineon USB driver 1.0.0.6

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 29

Java 6 Update 7

LabelPrint

LG Bluetooth Drivers

LG USB Modem Driver

LightScribe System Software 1.14.17.1

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Microsoft WSE 3.0 Runtime

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

Mystery Trackers: Black Isle Collector's Edition

Nancy Drew: Secret of Shadow Ranch

NetWaiting

Norton 360

NVIDIA Control Panel 266.58

NVIDIA Drivers

NVIDIA Graphics Driver 266.58

NVIDIA HD Audio Driver 1.1.13.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

OGA Notifier 2.0.0048.0

OpenAL

OpenOffice.org 3.1

Power2Go

PowerDirector

Premiumplay Codec-C

PSD Viewer

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Royal Envoy 2

Samsung New PC Studio

SAMSUNG USB Driver for Mobile Phones

Sandlot Connect Version 1.2.6

SeaMonkey (2.4.1)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Segoe UI

Spybot - Search & Destroy

Super Granny 6 (remove only)

Synaptics Pointing Device Driver

System Requirements Lab

The Golden Years: Way Out West

The Scruffs: Return of the Duke

The Sims Medieval

The Surprising Adventures of Munchausen

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

USB Flash Port Driver

VC80CRTRedist - 8.0.50727.762

VoiceOver Kit

WildTangent Games

WildTangent ORB Game Console

Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Encoder 9 Series

WinRAR 4.01 (32-bit)

Xvid 1.2.1 final uninstall

Youda Camper

.

==== Event Viewer Messages From Past Week ========

.

22/03/2012 12:19:43, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

22/03/2012 10:22:21, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 00242C21227F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

21/03/2012 21:03:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

21/03/2012 10:39:38, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00242C21227F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

21/03/2012 06:17:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.

21/03/2012 06:17:48, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

21/03/2012 06:17:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

21/03/2012 06:14:58, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 00242C21227F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

19/03/2012 04:42:16, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 00242C21227F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

18/03/2012 11:26:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

17/03/2012 04:54:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

17/03/2012 04:54:26, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

17/03/2012 04:51:51, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 00242C21227F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

Hello cw888,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 4

Please download the following program to your Desktop >> Unhide <<

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

That will make it a bit easier for the next reports & our search for "your stuff".

Please do not make any changes on your own, always follow my guidance. Ask if you have questions.

Step 5

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 6

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt .

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Hi, Thanks so much for your help. I have done everything upto step 5. When I tried to run RDIT.exe it said that it was not compatable with the version of windows I am running. It said I need to check whether I need a x86 (32-bit) or a x64 (64-bit)

Can you help?

Link to post
Share on other sites

Catherine,

Sorry, my bad. Get this RSIT http://images.malwareremoval.com/random/RSIT.exe

Save it, then run it.

Do as much as you can.

If the infected computer cannot download, find a clean one nearby, do the downloads as needed, Save to a new-clean-USB-flash drive, or burn to CD , or DVD and then transport to infected system, and copy tools to Desktop of infected pc.

Link to post
Share on other sites

ok...here are the logs, First from RSIT:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Catherine at 2012-03-22 22:24:22

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 141 GB (62%) free of 228 GB

Total RAM: 2814 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:24:25, on 22/03/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Catherine\Desktop\RSIT.exe

C:\Program Files\trend micro\Catherine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: CrossriderApp0000435 - {11111111-1111-1111-1111-110011041135} - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Codec-C - {26AB07E2-9562-409C-83F1-D68E0B79169E} - C:\ProgramData\Codec-C\bhoclass.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe

O4 - HKLM\..\Run: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Catherine\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate1ca1605de2dd513) (gupdate1ca1605de2dd513) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10460 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2952540547-3902875564-2887180070-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2952540547-3902875564-2887180070-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}]

Premiumplay Codec-C - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll [2011-12-14 463872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26AB07E2-9562-409C-83F1-D68E0B79169E}]

Codec-C Class - C:\ProgramData\Codec-C\bhoclass.dll [2012-03-15 141312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-09-07 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll [2011-12-09 436152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL [2011-03-31 210872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-01-25 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll [2011-12-09 436152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]

"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-24 468264]

"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]

"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-07 210216]

"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]

"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]

"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]

"snp2uvc"=C:\Windows\vsnp2uvc.exe [2008-08-01 675840]

"B2C_AGENT"=C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [2010-09-11 391096]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-12-08 421736]

"NPSStartup"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

"Akamai NetSession Interface"=C:\Users\Catherine\AppData\Local\Akamai\netsession_win.exe [2012-03-13 3331872]

"Google Update"=C:\Users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 136176]

"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe [2011-11-15 247968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2011-12-08 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Real\RealPlayer\Update\realsched.exe [2011-09-07 273528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Catherine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"msacm.l3codecp"=l3codecp.acm

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux1"=wdmaud.drv

"vidc.XVID"=xvidvfw.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"vidc.VP60"=C:\Windows\system32\vp6vfw.dll

"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux2"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-22 22:12:55 ----D---- C:\Program Files\trend micro

2012-03-22 22:12:32 ----D---- C:\rsit

2012-03-22 19:01:51 ----D---- C:\Windows\ERDNT

2012-03-22 19:00:59 ----D---- C:\Program Files\ERUNT

2012-03-22 11:39:08 ----D---- C:\Users\Catherine\AppData\Roaming\Malwarebytes

2012-03-22 11:38:51 ----D---- C:\ProgramData\Malwarebytes

2012-03-22 11:38:50 ----A---- C:\Windows\system32\drivers\mbam.sys

2012-03-22 11:38:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-03-22 01:22:28 ----D---- C:\Users\Catherine\AppData\Roaming\Tific

2012-03-21 13:03:36 ----D---- C:\Users\Catherine\AppData\Roaming\casualArts

2012-03-21 13:03:36 ----D---- C:\ProgramData\casualArts

2012-03-21 13:01:35 ----D---- C:\Program Files\Easter Eggztravaganza

2012-03-19 19:24:53 ----D---- C:\Program Files\Nancy Drew - Secret of Shadow Ranch

2012-03-15 23:02:24 ----D---- C:\ProgramData\Codec-C

2012-03-09 16:21:50 ----D---- C:\Users\Catherine\AppData\Roaming\DarkParablesBriarRoseSE_BFG

2012-03-07 11:34:38 ----D---- C:\Program Files\Mystery Trackers - Black Isle Collector's Edition

2012-03-03 14:28:42 ----A---- C:\Windows\system32\msls31.dll

2012-03-03 14:28:41 ----A---- C:\Windows\system32\wininet.dll

2012-03-03 14:28:40 ----A---- C:\Windows\system32\jsproxy.dll

2012-03-03 14:28:39 ----A---- C:\Windows\system32\iertutil.dll

2012-03-03 14:28:38 ----A---- C:\Windows\system32\urlmon.dll

2012-03-03 14:28:38 ----A---- C:\Windows\system32\msrating.dll

2012-03-03 14:28:37 ----A---- C:\Windows\system32\SetIEInstalledDate.exe

2012-03-03 14:28:37 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2012-03-03 14:28:37 ----A---- C:\Windows\system32\mshtmler.dll

2012-03-03 14:28:37 ----A---- C:\Windows\system32\iesysprep.dll

2012-03-03 14:28:36 ----A---- C:\Windows\system32\ieui.dll

2012-03-03 14:28:35 ----A---- C:\Windows\system32\ieframe.dll

2012-03-03 14:28:33 ----A---- C:\Windows\system32\dxtrans.dll

2012-03-03 14:28:33 ----A---- C:\Windows\system32\dxtmsft.dll

2012-03-03 14:28:32 ----A---- C:\Windows\system32\iernonce.dll

2012-03-03 14:28:32 ----A---- C:\Windows\system32\ieapfltr.dll

2012-03-03 14:28:32 ----A---- C:\Windows\system32\ieapfltr.dat

2012-03-03 14:28:32 ----A---- C:\Windows\system32\ie4uinit.exe

2012-03-03 14:28:32 ----A---- C:\Windows\system32\icardie.dll

2012-03-03 14:28:31 ----A---- C:\Windows\system32\url.dll

2012-03-03 14:28:31 ----A---- C:\Windows\system32\iesetup.dll

2012-03-03 14:28:31 ----A---- C:\Windows\system32\iedkcs32.dll

2012-03-03 14:28:30 ----A---- C:\Windows\system32\webcheck.dll

2012-03-03 14:28:30 ----A---- C:\Windows\system32\licmgr10.dll

2012-03-03 14:28:29 ----A---- C:\Windows\system32\wextract.exe

2012-03-03 14:28:29 ----A---- C:\Windows\system32\mshtmled.dll

2012-03-03 14:28:29 ----A---- C:\Windows\system32\msfeeds.dll

2012-03-03 14:28:29 ----A---- C:\Windows\system32\inseng.dll

2012-03-03 14:28:29 ----A---- C:\Windows\system32\iexpress.exe

2012-03-03 14:28:28 ----A---- C:\Windows\system32\vbscript.dll

2012-03-03 14:28:27 ----A---- C:\Windows\system32\mshtml.dll

2012-03-03 14:28:26 ----A---- C:\Windows\system32\pngfilt.dll

2012-03-03 14:28:26 ----A---- C:\Windows\system32\occache.dll

2012-03-03 14:28:26 ----A---- C:\Windows\system32\mshta.exe

2012-03-03 14:28:26 ----A---- C:\Windows\system32\ieUnatt.exe

2012-03-03 14:28:26 ----A---- C:\Windows\system32\admparse.dll

2012-03-03 14:28:25 ----A---- C:\Windows\system32\jscript9.dll

2012-03-03 14:28:25 ----A---- C:\Windows\system32\ieakui.dll

2012-03-03 14:28:25 ----A---- C:\Windows\system32\ieaksie.dll

2012-03-03 14:28:24 ----A---- C:\Windows\system32\jscript.dll

2012-03-03 14:28:24 ----A---- C:\Windows\system32\imgutil.dll

2012-03-03 14:28:24 ----A---- C:\Windows\system32\iepeers.dll

2012-03-03 14:28:24 ----A---- C:\Windows\system32\advpack.dll

2012-03-03 14:28:23 ----A---- C:\Windows\system32\msfeedssync.exe

2012-03-03 14:28:23 ----A---- C:\Windows\system32\msfeedsbs.dll

2012-03-03 14:28:23 ----A---- C:\Windows\system32\IEAdvpack.dll

2012-03-03 14:28:22 ----A---- C:\Windows\system32\ieakeng.dll

2012-02-26 23:22:32 ----D---- C:\Program Files\Depths of Betrayal Collector's Edition

2012-02-26 00:26:44 ----D---- C:\Users\Catherine\AppData\Roaming\Artogon

2012-02-23 10:51:54 ----D---- C:\Program Files\The Surprising Adventures of Munchausen

======List of files/folders modified in the last 1 month======

2012-03-22 22:24:21 ----D---- C:\Windows\Temp

2012-03-22 22:12:55 ----RD---- C:\Program Files

2012-03-22 19:01:51 ----D---- C:\Windows

2012-03-22 12:35:44 ----D---- C:\Windows\system32\drivers

2012-03-22 12:20:41 ----A---- C:\ProgramData\hpqp.ini

2012-03-22 12:18:36 ----SHD---- C:\System Volume Information

2012-03-22 12:18:21 ----D---- C:\Program Files\Common Files\Akamai

2012-03-22 12:17:48 ----D---- C:\Windows\Help

2012-03-22 11:38:51 ----D---- C:\ProgramData

2012-03-21 13:07:34 ----AD---- C:\ProgramData\Temp

2012-03-21 12:57:07 ----D---- C:\BigFishGamesCache

2012-03-20 21:23:18 ----SHD---- C:\Windows\Installer

2012-03-19 19:31:57 ----D---- C:\Windows\system32\directx

2012-03-19 19:31:20 ----D---- C:\Windows\msdownld.tmp

2012-03-18 00:15:17 ----D---- C:\Windows\system32\Tasks

2012-03-18 00:14:57 ----D---- C:\ProgramData\InstallMate

2012-03-18 00:13:50 ----D---- C:\codec-info

2012-03-17 21:12:16 ----D---- C:\Windows\Tasks

2012-03-14 00:25:32 ----D---- C:\Windows\system32\catroot2

2012-03-13 23:45:52 ----D---- C:\Windows\system32\catroot

2012-03-13 23:45:48 ----D---- C:\Windows\winsxs

2012-03-07 11:45:10 ----D---- C:\Users\Catherine\AppData\Roaming\Elephant Games

2012-03-07 11:45:10 ----D---- C:\ProgramData\Elephant Games

2012-03-06 10:52:26 ----D---- C:\Users\Catherine\AppData\Roaming\Orneon

2012-03-03 17:11:15 ----D---- C:\Windows\rescache

2012-03-03 16:51:31 ----D---- C:\Program Files\Internet Explorer

2012-03-03 16:51:29 ----RD---- C:\Windows\Offline Web Pages

2012-03-03 16:51:28 ----D---- C:\Windows\system32\wbem

2012-03-03 16:51:28 ----D---- C:\Windows\system32\migration

2012-03-03 16:51:28 ----D---- C:\Windows\system32\en-US

2012-03-03 16:51:28 ----D---- C:\Windows\PolicyDefinitions

2012-03-03 16:51:25 ----D---- C:\Windows\System32

2012-03-03 16:51:19 ----SD---- C:\Windows\Downloaded Program Files

2012-03-03 14:15:48 ----D---- C:\ProgramData\Microsoft Help

2012-03-03 14:15:31 ----RSD---- C:\Windows\assembly

2012-03-03 14:09:35 ----D---- C:\Program Files\Common Files\microsoft shared

2012-02-23 10:56:12 ----D---- C:\Users\Catherine\AppData\Roaming\JoyBits

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS [2011-01-27 340088]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS [2011-03-15 744568]

R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-02 820856]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-02-04 374392]

R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120321.001\IDSvix86.sys [2012-03-06 368248]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS [2011-03-31 50168]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS [2011-01-27 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS [2011-04-21 331384]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2011-07-06 27888]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]

R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]

R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]

R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120322.003\NAVENG.SYS [2012-03-02 86136]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120322.003\NAVEX15.SYS [2012-03-02 1576312]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656]

R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2010-08-12 292712]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]

R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-23 64512]

R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-09 3482240]

R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS [2011-03-31 516216]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-05-22 126584]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S3 FlashUSB;FlashUSB; C:\Windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

S3 mbr;mbr; \??\C:\Users\CATHER~1\AppData\Local\Temp\mbr.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2010-08-12 292712]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]

S3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS []

S3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS []

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]

S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]

S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]

R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]

R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]

R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-12-08 821608]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate1ca1605de2dd513;Google Update Service (gupdate1ca1605de2dd513); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-15 194104]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-09-30 246520]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Link to post
Share on other sites

Second file from RSIT:

info.txt logfile of random's system information tool 1.09 2012-03-22 22:14:05

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files\HP Games\Candy Land - Dora the Explorer Edition\Uninstall.exe"

-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"

-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"

-->"C:\Program Files\HP Games\Scrabble Plus\Uninstall.exe"

-->"C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"

-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801

-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -maintain activex

Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}

Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}

Akamai NetSession Interface Service-->C:\Program Files\Common Files\Akamai\uninstall.exe

Amazon MP3 Downloader 1.0.9-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

Angry Birds Rio-->MsiExec.exe /I{E0B3F290-186B-46C8-BA95-F3D6542C2407}

Angry Birds Seasons-->MsiExec.exe /I{9240D97C-D575-465E-A681-21C0979EE5DF}

Angry Birds-->MsiExec.exe /I{73AD5A08-FCFE-44EA-9436-3F7BEAF60049}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009

Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

Burger Shop-->"C:\Program Files\HP Games\Burger Shop\uninstall\uninstaller.exe"

Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}

Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}

Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}

Codec-C-->C:\ProgramData\Codec-C\uninstall.exe -path=C:\ProgramData\Codec-C

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWAHerza.INF

CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall

CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Depths of Betrayal Collector's Edition-->"C:\Program Files\Depths of Betrayal Collector's Edition\Uninstall.exe"

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Easter Eggztravaganza-->"C:\Program Files\Easter Eggztravaganza\Uninstall.exe"

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}

Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG

Family Tree Maker 2011-->"C:\Program Files\InstallShield Installation Information\{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}\setup.exe" -runfromtemp -l0x0409 -removeonly

Family Tree Maker 2011-->MsiExec.exe /X{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}

Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly

HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}

HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall

HP Games-->"C:\Program Files\HP Games\Uninstall.exe"

HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}

HP Quick Launch Buttons 6.40 H2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst

HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}

HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}

HP User Guides 0118-->MsiExec.exe /I{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}

HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}

HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}

HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{846DDADA-0239-4B67-A6B1-33658863793B}\setup.exe" -l0x9 -removeonly

Hunting Unlimited 2008-->"C:\Program Files\HP Games\Hunting Unlimited 2008\uninstall\uninstaller.exe"

Hunting Unlimited 2011-->"C:\Program Files\HP Games\Hunting Unlimited 2011\uninstall\uninstaller.exe"

Infineon USB driver 1.0.0.6-->"C:\Program Files\infineon\FlashUtility\drivers\Infineon USB driver\V1.0.0.6\unins000.exe"

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

iTunes-->MsiExec.exe /I{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

LG Bluetooth Drivers-->MsiExec.exe /X{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}

LG USB Modem Driver-->"C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -runfromtemp -l0x0409 LG -removeonly

LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}

Mystery Trackers: Black Isle Collector's Edition-->"C:\Program Files\Mystery Trackers - Black Isle Collector's Edition\Uninstall.exe"

Nancy Drew: Secret of Shadow Ranch-->"C:\Program Files\Nancy Drew - Secret of Shadow Ranch\Uninstall.exe"

NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly

Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\2454B0AB\5.2.0.13\InstStub.exe /X /ARP

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA Graphics Driver 266.58-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA HD Audio Driver 1.1.13.1-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver

NVIDIA PhysX System Software 9.10.0514-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}

Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

Premiumplay Codec-C-->C:\Program Files\Premiumplay Codec-C\Uninstall.exe

PSD Viewer-->"C:\Program Files\PSDViewer\unins000.exe"

QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}

RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

RealPlayer-->C:\Program Files\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0

Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly

RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

Royal Envoy 2-->"C:\Program Files\Royal Envoy 2\Uninstall.exe"

Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0809 -removeonly

Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}

SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe

Sandlot Connect Version 1.2.6-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"

SeaMonkey (2.4.1)-->C:\Program Files\SeaMonkey\uninstall\helper.exe

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Extended

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Windows Media Encoder (KB2447961)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={6139D160-F916-4708-953E-68B213BE6B7A} /qb

Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Super Granny 6 (remove only)-->C:\Program Files\Sandlot Games\Super Granny 6\Uninstall.exe

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

The Golden Years: Way Out West-->"C:\Program Files\The Golden Years - Way Out West\Uninstall.exe"

The Scruffs: Return of the Duke-->"C:\Program Files\The Scruffs - Return of the Duke\Uninstall.exe"

The Sims Medieval-->"C:\Program Files\InstallShield Installation Information\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}\setup.exe" -runfromtemp -l0x0009 -removeonly

The Surprising Adventures of Munchausen-->"C:\Program Files\The Surprising Adventures of Munchausen\Uninstall.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Extended

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

USB Flash Port Driver-->MsiExec.exe /I{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VoiceOver Kit-->MsiExec.exe /I{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}

WildTangent Games-->"C:\Program Files\WildGames\Uninstall.exe"

WildTangent ORB Game Console-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"

Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\flashusb.inf_c8396fa4\flashusb.inf

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

WinRAR 4.01 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

Youda Camper-->"C:\Program Files\Youda Camper\Uninstall.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Catherine-PC

Event Code: 4374

Message: Windows Servicing identified that package KB2564958(Security Update) is not applicable for this system

Record Number: 247814

Source Name: Microsoft-Windows-Servicing

Time Written: 20111012194100.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Catherine-PC

Event Code: 4374

Message: Windows Servicing identified that package KB2564958(Security Update) is not applicable for this system

Record Number: 247813

Source Name: Microsoft-Windows-Servicing

Time Written: 20111012194100.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Catherine-PC

Event Code: 7011

Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

Record Number: 247708

Source Name: Service Control Manager

Time Written: 20111012101329.000000-000

Event Type: Error

User:

Computer Name: Catherine-PC

Event Code: 7

Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.

Record Number: 247693

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20111012082817.484000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Catherine-PC

Event Code: 7

Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.

Record Number: 247692

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20111012082817.484000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Catherine-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 3704150

Record Number: 115164

Source Name: Bonjour Service

Time Written: 20111024173613.000000-000

Event Type: Error

User:

Computer Name: Catherine-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 3704150

Record Number: 115163

Source Name: Bonjour Service

Time Written: 20111024173613.000000-000

Event Type: Error

User:

Computer Name: Catherine-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 115162

Source Name: Bonjour Service

Time Written: 20111024173613.000000-000

Event Type: Error

User:

Computer Name: Catherine-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 3703120

Record Number: 115161

Source Name: Bonjour Service

Time Written: 20111024173612.000000-000

Event Type: Error

User:

Computer Name: Catherine-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 3703120

Record Number: 115160

Source Name: Bonjour Service

Time Written: 20111024173612.000000-000

Event Type: Error

User:

Link to post
Share on other sites

Final log file from security check:

Results of screen317's Security Check version 0.99.24

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Eusing Free Registry Cleaner

Java 6 Update 29

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player ( 10.0.32.18) Flash Player Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

Link to post
Share on other sites

Catherine: Do the following.

While we are still on the hunt, do NOT do any websurfing. Just only this forum & the sites I guide you to.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member cw888 only. If you are a casual viewer, do NOT try this on your system!

If you are not cw888 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

Temporarily disable (turn off) Norton360 anti-virus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Right click on Combo-Fix.exe cf-icon.jpg & select Run as Administrator & follow the prompts.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Step 3

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of contents of latest MBAM scan log, and

C:\Combofix.txt

and tell me, How is your system ?

There will be more to do, amongst which, updating the Java runtime & Flash Player.

Link to post
Share on other sites

ok did exactly as you stated but have a problem. The Malwarebytes ran fine and I have attached the log. I then ran Combo-fix. At the end it popped up a notepad doc which was completely empty. I have been to c:\combo-fix file on computer but it only contains 2 files (pev.exe and snapshot.00.dat). Other than that Norton background scan just ran on my machine when I wasn't using it and said it found a virus which was combo-fix. It said it removed it. Computer is same as it was before still missing the files I said about.

Here is the Malware log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.22.05

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Catherine :: CATHERINE-PC [administrator]

23/03/2012 10:22:33

mbam-log-2012-03-23 (10-22-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204898

Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Sorry I meant to add that just before the combo fix notebook log appeared and was empty, I got a message on screen saying;

Cannot find c:\users\cather~\appdata\local\temp\log.txt file. Do you want to create a new file with a yes and a no box. I clicked yes and the txt log opened but was completely blank.

Link to post
Share on other sites

ok me again! found the combofax.txt file. went through all notepad files and there is was. Here it is:

ComboFix 12-03-22.01 - Catherine 23/03/2012 10:40:38.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1566 [GMT 0:00]

Running from: c:\users\Catherine\Desktop\Combo-Fix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Catherine\AppData\Roaming\Local

c:\users\Catherine\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Catherine\AppData\Roaming\Local\Temp\DDM\Settings\9.2602692.avi&b=161.ddr

c:\users\Catherine\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Catherine\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\9.2602692.avi&b=161

c:\users\Catherine\AppData\Roaming\log.txt

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))

.

.

2012-03-23 10:58 . 2012-03-23 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-22 22:12 . 2012-03-22 22:24 -------- d-----w- c:\program files\trend micro

2012-03-22 22:12 . 2012-03-22 22:14 -------- d-----w- C:\rsit

2012-03-22 19:00 . 2012-03-22 19:01 -------- d-----w- c:\program files\ERUNT

2012-03-22 11:39 . 2012-03-22 11:39 -------- d-----w- c:\users\Catherine\AppData\Roaming\Malwarebytes

2012-03-22 11:38 . 2012-03-22 11:38 -------- d-----w- c:\programdata\Malwarebytes

2012-03-22 11:38 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-22 11:38 . 2012-03-22 11:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-22 01:22 . 2012-03-22 01:22 -------- d-----w- c:\users\Catherine\AppData\Roaming\Tific

2012-03-21 13:03 . 2012-03-21 13:03 -------- d-----w- c:\users\Catherine\AppData\Roaming\casualArts

2012-03-21 13:03 . 2012-03-21 13:03 -------- d-----w- c:\programdata\casualArts

2012-03-21 13:01 . 2012-03-21 13:03 -------- d-----w- c:\program files\Easter Eggztravaganza

2012-03-19 19:24 . 2012-03-19 19:31 -------- d-----w- c:\program files\Nancy Drew - Secret of Shadow Ranch

2012-03-15 23:02 . 2012-03-15 23:03 -------- d-----w- c:\programdata\Codec-C

2012-03-09 16:21 . 2012-03-09 16:23 -------- d-----w- c:\users\Catherine\AppData\Roaming\DarkParablesBriarRoseSE_BFG

2012-03-07 11:34 . 2012-03-07 11:35 -------- d-----w- c:\program files\Mystery Trackers - Black Isle Collector's Edition

2012-02-26 23:22 . 2012-02-26 23:23 -------- d-----w- c:\program files\Depths of Betrayal Collector's Edition

2012-02-26 00:26 . 2012-02-26 00:26 -------- d-----w- c:\users\Catherine\AppData\Roaming\Artogon

2012-02-23 10:51 . 2012-02-23 10:52 -------- d-----w- c:\program files\The Surprising Adventures of Munchausen

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-12 19:52 . 2012-02-16 02:37 2044416 ----a-w- c:\windows\system32\win32k.sys

2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26AB07E2-9562-409C-83F1-D68E0B79169E}]

2012-03-15 18:52 141312 ----a-w- c:\programdata\Codec-C\bhoclass.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Akamai NetSession Interface"="c:\users\Catherine\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]

"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-09-11 391096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Catherine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 04:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-09-07 11:44 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Akamai REG_MULTI_SZ Akamai

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 21:02]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 19:49]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 19:49]

.

2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2952540547-3902875564-2887180070-1000Core.job

- c:\users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15 17:41]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2952540547-3902875564-2887180070-1000UA.job

- c:\users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15 17:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://virginmedia.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-NPSStartup - (no file)

MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-23 11:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-03-23 11:06:08

ComboFix-quarantined-files.txt 2012-03-23 11:05

.

Pre-Run: 147,098,574,848 bytes free

Post-Run: 147,245,703,168 bytes free

.

- - End Of File - - 031D1E4DB64037FA34AA98A53154D17B

Link to post
Share on other sites

You said this earlier

I then noticed that when I clicked on my windows start button and I click on programe files - loads of them are missing. Things like my accessories menu is still there but only contains 4 things. Programe files like openoffice have disapeared off the list. I can still access all my files if I use the search facility or if I go to 'my computer, c drive, programe files etc.

Did you run any sort of file cleaner recently?

Prior to your first post with this topic, Had you had help elsewhere or Did you run any other tools before?

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member cw888 only. If you are a casual viewer, do NOT try this on your system!

If you are not cw888 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Take your time, & don't let the list over-whelm you. It's all do-able & worthwhile. Have infinite patience.

These will allow me to see whether there's residual malware. These will not re-populate your program start-menus. (there's no magic cure for that)

Step 1

Your Java runtime & Flash player are out-of-date & pose security risks. You need to update them.

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

NEXT: Step 2

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!

Step 3

Check to insure that Spybot Tea Timer is OFF

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

For the time being, disable your antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Leave the firewall on

Step 4

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 5

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 6

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 7

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop

Step 8

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows firewall
  • System Restore
  • Security Center
  • Windows Update

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Step 9

RE-Enable your anti-virus program.

Reply with copy of contents of Stinger.txt

aswMBR log

TDSSKILLER log

RKreport.txt

FSS.txt

Link to post
Share on other sites

Hi, I will run all of the above instructions tonight but to answer your question I haven't run any sort of file cleaner recently or had help elsewhere. I simply got up in the morning and noticed that when I used the laptop the internet was opening separate windows for everything I clicked on and I also happened to notice that the link from the start menu to my calculator had disapeared. Later that day Norton notified me that it had found Trojan Gen 2 and it was then that I noticed all the missing things. I did try to register with the Norton community website to ask for help but never completed the registration because I found this website.

Thanks for all you have helped with so far, I will post results as soon as done.

Catherine

Link to post
Share on other sites

OK - here are the requested logs;

McAfee® Labs Stinger Version 10.2.0.555 built on Mar 22 2012

Copyright © 2011 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Mar 22 2012.

Ready to scan for 4198 viruses, trojans and variants.

Scan initiated on Fri Mar 23 20:24:37 2012

Rootkit scan result : Clean

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................2

Possibly Infected: ............0

Number of clean files: 29163

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-23 20:43:50

-----------------------------

20:43:50.616 OS Version: Windows 6.0.6002 Service Pack 2

20:43:50.617 Number of processors: 2 586 0x301

20:43:50.619 ComputerName: CATHERINE-PC UserName: Catherine

20:43:54.573 Initialize success

20:45:04.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4

20:45:04.477 Disk 0 Vendor: ST9250320AS HP07 Size: 238475MB BusType: 3

20:45:04.494 Disk 0 MBR read successfully

20:45:04.502 Disk 0 MBR scan

20:45:04.508 Disk 0 unknown MBR code

20:45:04.514 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227604 MB offset 63

20:45:04.566 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10867 MB offset 466135040

20:45:04.576 Disk 0 scanning sectors +488390656

20:45:04.643 Disk 0 scanning C:\Windows\system32\drivers

20:45:16.748 Service scanning

20:45:35.762 Modules scanning

20:45:45.360 Scan finished successfully

20:46:11.853 Disk 0 MBR has been saved successfully to "C:\Users\Catherine\Desktop\MBR.dat"

20:46:11.856 The log file has been saved successfully to "C:\Users\Catherine\Desktop\aswMBR.txt"

Link to post
Share on other sites

20:50:48.0288 1920 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

20:50:50.0067 1920 ============================================================

20:50:50.0067 1920 Current date / time: 2012/03/23 20:50:50.0067

20:50:50.0067 1920 SystemInfo:

20:50:50.0067 1920

20:50:50.0067 1920 OS Version: 6.0.6002 ServicePack: 2.0

20:50:50.0067 1920 Product type: Workstation

20:50:50.0068 1920 ComputerName: CATHERINE-PC

20:50:50.0068 1920 UserName: Catherine

20:50:50.0068 1920 Windows directory: C:\Windows

20:50:50.0068 1920 System windows directory: C:\Windows

20:50:50.0069 1920 Processor architecture: Intel x86

20:50:50.0069 1920 Number of processors: 2

20:50:50.0069 1920 Page size: 0x1000

20:50:50.0069 1920 Boot type: Normal boot

20:50:50.0069 1920 ============================================================

20:50:52.0489 1920 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:50:52.0494 1920 \Device\Harddisk0\DR0:

20:50:52.0495 1920 MBR used

20:50:52.0495 1920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC8A7C1

20:50:52.0495 1920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC8A800, BlocksNum 0x1539800

20:50:52.0611 1920 Initialize success

20:50:52.0611 1920 ============================================================

20:50:55.0409 5196 ============================================================

20:50:55.0409 5196 Scan started

20:50:55.0409 5196 Mode: Manual;

20:50:55.0409 5196 ============================================================

20:50:58.0901 5196 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

20:50:58.0910 5196 ACPI - ok

20:50:58.0968 5196 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

20:50:58.0981 5196 adp94xx - ok

20:50:59.0017 5196 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

20:50:59.0023 5196 adpahci - ok

20:50:59.0057 5196 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

20:50:59.0059 5196 adpu160m - ok

20:50:59.0081 5196 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

20:50:59.0085 5196 adpu320 - ok

20:50:59.0144 5196 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

20:50:59.0147 5196 AeLookupSvc - ok

20:50:59.0235 5196 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

20:50:59.0241 5196 AFD - ok

20:50:59.0294 5196 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

20:50:59.0296 5196 agp440 - ok

20:50:59.0333 5196 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:50:59.0335 5196 aic78xx - ok

20:50:59.0555 5196 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files\common files\akamai/netsession_win_7de0ed9.dll

20:50:59.0555 5196 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4

20:50:59.0572 5196 Akamai ( HiddenFile.Multi.Generic ) - warning

20:50:59.0572 5196 Akamai - detected HiddenFile.Multi.Generic (1)

20:50:59.0681 5196 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

20:50:59.0686 5196 ALG - ok

20:50:59.0740 5196 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys

20:50:59.0742 5196 aliide - ok

20:50:59.0802 5196 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

20:50:59.0804 5196 amdagp - ok

20:50:59.0829 5196 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys

20:50:59.0831 5196 amdide - ok

20:50:59.0871 5196 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

20:50:59.0873 5196 AmdK7 - ok

20:50:59.0903 5196 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

20:50:59.0905 5196 AmdK8 - ok

20:51:00.0014 5196 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

20:51:00.0015 5196 Appinfo - ok

20:51:00.0237 5196 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:51:00.0240 5196 Apple Mobile Device - ok

20:51:00.0724 5196 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

20:51:00.0726 5196 arc - ok

20:51:00.0776 5196 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

20:51:00.0779 5196 arcsas - ok

20:51:00.0925 5196 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

20:51:00.0927 5196 aspnet_state - ok

20:51:01.0022 5196 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

20:51:01.0023 5196 AsyncMac - ok

20:51:01.0062 5196 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

20:51:01.0064 5196 atapi - ok

20:51:01.0182 5196 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys

20:51:01.0228 5196 athr - ok

20:51:01.0306 5196 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

20:51:01.0317 5196 AudioEndpointBuilder - ok

20:51:01.0334 5196 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

20:51:01.0340 5196 Audiosrv - ok

20:51:01.0412 5196 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

20:51:01.0413 5196 Beep - ok

20:51:01.0522 5196 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

20:51:01.0534 5196 BFE - ok

20:51:01.0730 5196 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120317.002\BHDrvx86.sys

20:51:01.0742 5196 BHDrvx86 - ok

20:51:01.0859 5196 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

20:51:01.0892 5196 BITS - ok

20:51:01.0952 5196 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

20:51:01.0954 5196 blbdrive - ok

20:51:02.0088 5196 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

20:51:02.0095 5196 Bonjour Service - ok

20:51:02.0193 5196 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

20:51:02.0195 5196 bowser - ok

20:51:02.0242 5196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:51:02.0243 5196 BrFiltLo - ok

20:51:02.0265 5196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:51:02.0266 5196 BrFiltUp - ok

20:51:02.0307 5196 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

20:51:02.0312 5196 Browser - ok

20:51:02.0378 5196 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:51:02.0380 5196 Brserid - ok

20:51:02.0420 5196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:51:02.0422 5196 BrSerWdm - ok

20:51:02.0467 5196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:51:02.0468 5196 BrUsbMdm - ok

20:51:02.0492 5196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:51:02.0493 5196 BrUsbSer - ok

20:51:02.0546 5196 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:51:02.0547 5196 BTHMODEM - ok

20:51:02.0688 5196 catchme - ok

20:51:02.0782 5196 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

20:51:02.0783 5196 cdfs - ok

20:51:02.0844 5196 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

20:51:02.0847 5196 cdrom - ok

20:51:02.0905 5196 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

20:51:02.0908 5196 CertPropSvc - ok

20:51:02.0964 5196 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

20:51:02.0966 5196 circlass - ok

20:51:03.0006 5196 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

20:51:03.0015 5196 CLFS - ok

20:51:03.0084 5196 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:51:03.0088 5196 clr_optimization_v2.0.50727_32 - ok

20:51:03.0200 5196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:51:03.0203 5196 clr_optimization_v4.0.30319_32 - ok

20:51:03.0324 5196 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

20:51:03.0326 5196 CmBatt - ok

20:51:03.0353 5196 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys

20:51:03.0354 5196 cmdide - ok

20:51:03.0425 5196 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys

20:51:03.0432 5196 CnxtHdAudService - ok

20:51:03.0523 5196 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

20:51:03.0527 5196 Com4QLBEx - ok

20:51:03.0676 5196 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

20:51:03.0679 5196 Compbatt - ok

20:51:03.0692 5196 COMSysApp - ok

20:51:03.0713 5196 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

20:51:03.0715 5196 crcdisk - ok

20:51:03.0752 5196 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

20:51:03.0753 5196 Crusoe - ok

20:51:03.0813 5196 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

20:51:03.0818 5196 CryptSvc - ok

20:51:03.0897 5196 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

20:51:03.0919 5196 DcomLaunch - ok

20:51:03.0986 5196 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

20:51:03.0989 5196 DfsC - ok

20:51:04.0120 5196 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

20:51:04.0150 5196 DFSR - ok

20:51:04.0223 5196 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

20:51:04.0228 5196 Dhcp - ok

20:51:04.0279 5196 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

20:51:04.0280 5196 disk - ok

20:51:04.0322 5196 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

20:51:04.0326 5196 Dnscache - ok

20:51:04.0375 5196 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

20:51:04.0380 5196 dot3svc - ok

20:51:04.0441 5196 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

20:51:04.0445 5196 DPS - ok

20:51:04.0504 5196 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

20:51:04.0505 5196 drmkaud - ok

20:51:04.0551 5196 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

20:51:04.0561 5196 DXGKrnl - ok

20:51:04.0608 5196 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:51:04.0610 5196 E1G60 - ok

20:51:04.0684 5196 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

20:51:04.0688 5196 EapHost - ok

20:51:04.0768 5196 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

20:51:04.0773 5196 Ecache - ok

20:51:04.0916 5196 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

20:51:04.0923 5196 eeCtrl - ok

20:51:05.0016 5196 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

20:51:05.0025 5196 ehRecvr - ok

20:51:05.0044 5196 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

20:51:05.0050 5196 ehSched - ok

20:51:05.0064 5196 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

20:51:05.0066 5196 ehstart - ok

20:51:05.0141 5196 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

20:51:05.0152 5196 elxstor - ok

20:51:05.0216 5196 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

20:51:05.0238 5196 EMDMgmt - ok

20:51:05.0373 5196 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:51:05.0375 5196 EraserUtilRebootDrv - ok

20:51:05.0501 5196 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

20:51:05.0502 5196 ErrDev - ok

20:51:05.0579 5196 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

20:51:05.0589 5196 EventSystem - ok

20:51:05.0773 5196 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

20:51:05.0842 5196 exfat - ok

20:51:06.0139 5196 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll

20:51:06.0144 5196 ezSharedSvc - ok

20:51:06.0401 5196 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

20:51:06.0468 5196 fastfat - ok

20:51:06.0723 5196 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

20:51:06.0725 5196 fdc - ok

20:51:07.0008 5196 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

20:51:07.0012 5196 fdPHost - ok

20:51:07.0188 5196 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

20:51:07.0195 5196 FDResPub - ok

20:51:07.0461 5196 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

20:51:07.0463 5196 FileInfo - ok

20:51:07.0667 5196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

20:51:07.0669 5196 Filetrace - ok

20:51:07.0879 5196 FlashUSB (e044b5c7cd5cea728d13d30d431b13e0) C:\Windows\system32\DRIVERS\FlashUSB.sys

20:51:07.0881 5196 FlashUSB - ok

20:51:08.0168 5196 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:51:08.0170 5196 flpydisk - ok

20:51:08.0452 5196 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

20:51:08.0457 5196 FltMgr - ok

20:51:08.0836 5196 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

20:51:08.0991 5196 FontCache - ok

20:51:09.0256 5196 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:51:09.0302 5196 FontCache3.0.0.0 - ok

20:51:09.0581 5196 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS

20:51:09.0585 5196 FsUsbExDisk - ok

20:51:09.0848 5196 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\Windows\system32\FsUsbExService.Exe

20:51:09.0854 5196 FsUsbExService - ok

20:51:10.0148 5196 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

20:51:10.0149 5196 Fs_Rec - ok

20:51:10.0408 5196 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

20:51:10.0410 5196 gagp30kx - ok

20:51:10.0745 5196 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

20:51:10.0829 5196 GameConsoleService - ok

20:51:11.0292 5196 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:51:11.0294 5196 GEARAspiWDM - ok

20:51:11.0734 5196 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

20:51:11.0827 5196 gpsvc - ok

20:51:12.0173 5196 gupdate1ca1605de2dd513 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

20:51:12.0245 5196 gupdate1ca1605de2dd513 - ok

20:51:12.0352 5196 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

20:51:12.0355 5196 gupdatem - ok

20:51:12.0846 5196 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:51:12.0850 5196 gusvc - ok

20:51:13.0368 5196 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

20:51:13.0436 5196 HdAudAddService - ok

20:51:13.0776 5196 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:51:13.0937 5196 HDAudBus - ok

20:51:14.0125 5196 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

20:51:14.0184 5196 HidBth - ok

20:51:14.0408 5196 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

20:51:14.0410 5196 HidIr - ok

20:51:14.0689 5196 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

20:51:14.0725 5196 hidserv - ok

20:51:14.0960 5196 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

20:51:14.0962 5196 HidUsb - ok

20:51:15.0134 5196 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

20:51:15.0139 5196 hkmsvc - ok

20:51:15.0394 5196 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

20:51:15.0397 5196 HP Health Check Service - ok

20:51:15.0722 5196 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

20:51:15.0724 5196 HpCISSs - ok

20:51:15.0759 5196 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

20:51:15.0761 5196 HpqKbFiltr - ok

20:51:15.0896 5196 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

20:51:15.0900 5196 hpqwmiex - ok

20:51:16.0183 5196 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

20:51:16.0216 5196 HSF_DPV - ok

20:51:16.0248 5196 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

20:51:16.0253 5196 HSXHWAZL - ok

20:51:16.0311 5196 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

20:51:16.0324 5196 HTTP - ok

20:51:16.0365 5196 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

20:51:16.0367 5196 i2omp - ok

20:51:16.0797 5196 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

20:51:16.0799 5196 i8042prt - ok

20:51:16.0830 5196 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

20:51:16.0837 5196 iaStorV - ok

20:51:16.0932 5196 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:51:16.0935 5196 IDriverT - ok

20:51:17.0050 5196 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:51:17.0082 5196 idsvc - ok

20:51:17.0276 5196 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120322.002\IDSvix86.sys

20:51:17.0286 5196 IDSVix86 - ok

20:51:17.0358 5196 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:51:17.0359 5196 iirsp - ok

20:51:17.0406 5196 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

20:51:17.0423 5196 IKEEXT - ok

20:51:17.0458 5196 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys

20:51:17.0459 5196 intelide - ok

20:51:17.0512 5196 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

20:51:17.0513 5196 intelppm - ok

20:51:17.0559 5196 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

20:51:17.0563 5196 IPBusEnum - ok

20:51:17.0604 5196 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:51:17.0606 5196 IpFilterDriver - ok

20:51:17.0680 5196 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll

20:51:17.0686 5196 iphlpsvc - ok

20:51:17.0712 5196 IpInIp - ok

20:51:17.0797 5196 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

20:51:17.0799 5196 IPMIDRV - ok

20:51:17.0836 5196 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

20:51:17.0838 5196 IPNAT - ok

20:51:17.0943 5196 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

20:51:17.0955 5196 iPod Service - ok

20:51:18.0083 5196 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

20:51:18.0085 5196 IRENUM - ok

20:51:18.0110 5196 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

20:51:18.0113 5196 isapnp - ok

20:51:18.0176 5196 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

20:51:18.0182 5196 iScsiPrt - ok

20:51:18.0216 5196 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:51:18.0217 5196 iteatapi - ok

20:51:18.0233 5196 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:51:18.0235 5196 iteraid - ok

20:51:18.0264 5196 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:51:18.0267 5196 kbdclass - ok

20:51:18.0283 5196 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

20:51:18.0285 5196 kbdhid - ok

20:51:18.0337 5196 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

20:51:18.0340 5196 KeyIso - ok

20:51:18.0402 5196 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

20:51:18.0415 5196 KSecDD - ok

20:51:18.0478 5196 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

20:51:18.0491 5196 KtmRm - ok

20:51:18.0535 5196 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

20:51:18.0543 5196 LanmanServer - ok

20:51:18.0581 5196 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

20:51:18.0592 5196 LanmanWorkstation - ok

20:51:18.0665 5196 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys

20:51:18.0667 5196 LgBttPort - ok

20:51:18.0754 5196 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys

20:51:18.0756 5196 lgbusenum - ok

20:51:18.0797 5196 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys

20:51:18.0799 5196 LGVMODEM - ok

20:51:18.0903 5196 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

20:51:18.0905 5196 LightScribeService - ok

20:51:18.0994 5196 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

20:51:18.0996 5196 lltdio - ok

20:51:19.0039 5196 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

20:51:19.0048 5196 lltdsvc - ok

20:51:19.0080 5196 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

20:51:19.0084 5196 lmhosts - ok

20:51:19.0118 5196 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

20:51:19.0121 5196 LSI_FC - ok

20:51:19.0146 5196 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

20:51:19.0148 5196 LSI_SAS - ok

20:51:19.0174 5196 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

20:51:19.0177 5196 LSI_SCSI - ok

20:51:19.0199 5196 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

20:51:19.0201 5196 luafv - ok

20:51:19.0280 5196 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

20:51:19.0284 5196 Mcx2Svc - ok

20:51:19.0358 5196 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

20:51:19.0359 5196 mdmxsdk - ok

20:51:19.0391 5196 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

20:51:19.0392 5196 megasas - ok

20:51:19.0443 5196 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

20:51:19.0450 5196 MegaSR - ok

20:51:19.0479 5196 mfehidk - ok

20:51:19.0499 5196 mferkdet - ok

20:51:19.0518 5196 mfevtp - ok

20:51:19.0551 5196 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

20:51:19.0555 5196 MMCSS - ok

20:51:19.0579 5196 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

20:51:19.0580 5196 Modem - ok

20:51:19.0605 5196 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

20:51:19.0650 5196 monitor - ok

20:51:19.0689 5196 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

20:51:19.0691 5196 mouclass - ok

20:51:19.0717 5196 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

20:51:19.0719 5196 mouhid - ok

20:51:19.0773 5196 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

20:51:19.0777 5196 MountMgr - ok

20:51:19.0832 5196 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

20:51:19.0838 5196 mpio - ok

20:51:19.0864 5196 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

20:51:19.0866 5196 mpsdrv - ok

20:51:19.0919 5196 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

20:51:19.0942 5196 MpsSvc - ok

20:51:19.0964 5196 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:51:19.0966 5196 Mraid35x - ok

20:51:20.0005 5196 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

20:51:20.0008 5196 MRxDAV - ok

20:51:20.0069 5196 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:51:20.0072 5196 mrxsmb - ok

20:51:20.0134 5196 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:51:20.0141 5196 mrxsmb10 - ok

20:51:20.0165 5196 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:51:20.0168 5196 mrxsmb20 - ok

20:51:20.0213 5196 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys

20:51:20.0214 5196 msahci - ok

20:51:20.0239 5196 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

20:51:20.0240 5196 msdsm - ok

20:51:20.0291 5196 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

20:51:20.0296 5196 MSDTC - ok

20:51:20.0347 5196 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

20:51:20.0348 5196 Msfs - ok

20:51:20.0385 5196 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

20:51:20.0386 5196 msisadrv - ok

20:51:20.0426 5196 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

20:51:20.0431 5196 MSiSCSI - ok

20:51:20.0441 5196 msiserver - ok

20:51:20.0514 5196 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

20:51:20.0516 5196 MSKSSRV - ok

20:51:20.0550 5196 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

20:51:20.0552 5196 MSPCLOCK - ok

20:51:20.0576 5196 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

20:51:20.0578 5196 MSPQM - ok

20:51:20.0747 5196 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

20:51:20.0753 5196 MsRPC - ok

20:51:20.0861 5196 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

20:51:20.0863 5196 mssmbios - ok

20:51:20.0888 5196 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

20:51:20.0889 5196 MSTEE - ok

20:51:20.0945 5196 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

20:51:20.0947 5196 Mup - ok

20:51:21.0031 5196 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe

20:51:21.0034 5196 N360 - ok

20:51:21.0147 5196 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

20:51:21.0163 5196 napagent - ok

20:51:21.0249 5196 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

20:51:21.0255 5196 NativeWifiP - ok

20:51:21.0454 5196 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120322.019\NAVENG.SYS

20:51:21.0458 5196 NAVENG - ok

20:51:21.0574 5196 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120322.019\NAVEX15.SYS

20:51:21.0637 5196 NAVEX15 - ok

20:51:21.0929 5196 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

20:51:21.0940 5196 NDIS - ok

20:51:21.0973 5196 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

20:51:21.0974 5196 NdisTapi - ok

20:51:22.0005 5196 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

20:51:22.0007 5196 Ndisuio - ok

20:51:22.0111 5196 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:51:22.0114 5196 NdisWan - ok

20:51:22.0145 5196 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

20:51:22.0147 5196 NDProxy - ok

20:51:22.0173 5196 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

20:51:22.0175 5196 NetBIOS - ok

20:51:22.0229 5196 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

20:51:22.0235 5196 netbt - ok

20:51:22.0290 5196 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

20:51:22.0292 5196 Netlogon - ok

20:51:22.0349 5196 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

20:51:22.0361 5196 Netman - ok

20:51:22.0454 5196 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:51:22.0458 5196 NetMsmqActivator - ok

20:51:22.0467 5196 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:51:22.0469 5196 NetPipeActivator - ok

20:51:22.0532 5196 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

20:51:22.0542 5196 netprofm - ok

20:51:22.0666 5196 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:51:22.0669 5196 NetTcpActivator - ok

20:51:22.0688 5196 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:51:22.0692 5196 NetTcpPortSharing - ok

20:51:22.0935 5196 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys

20:51:23.0000 5196 NETw3v32 - ok

20:51:23.0029 5196 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:51:23.0031 5196 nfrd960 - ok

20:51:23.0071 5196 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

20:51:23.0081 5196 NlaSvc - ok

20:51:23.0112 5196 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

20:51:23.0114 5196 Npfs - ok

20:51:23.0150 5196 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

20:51:23.0157 5196 nsi - ok

20:51:23.0187 5196 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

20:51:23.0189 5196 nsiproxy - ok

20:51:23.0265 5196 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

20:51:23.0296 5196 Ntfs - ok

20:51:23.0331 5196 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:51:23.0332 5196 ntrigdigi - ok

20:51:23.0367 5196 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

20:51:23.0369 5196 Null - ok

20:51:23.0413 5196 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys

20:51:23.0421 5196 NVENETFD - ok

20:51:23.0460 5196 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys

20:51:23.0463 5196 NVHDA - ok

20:51:23.0887 5196 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:51:24.0131 5196 nvlddmkm - ok

20:51:24.0288 5196 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys

20:51:24.0291 5196 NVNET - ok

20:51:24.0326 5196 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

20:51:24.0329 5196 nvraid - ok

20:51:24.0392 5196 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys

20:51:24.0393 5196 nvsmu - ok

20:51:24.0412 5196 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

20:51:24.0414 5196 nvstor - ok

20:51:24.0459 5196 nvsvc (538a52e480c816d1990579a8faaffa20) C:\Windows\system32\nvvsvc.exe

20:51:24.0466 5196 nvsvc - ok

20:51:24.0511 5196 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

20:51:24.0514 5196 nv_agp - ok

20:51:24.0529 5196 NwlnkFlt - ok

20:51:24.0544 5196 NwlnkFwd - ok

20:51:24.0736 5196 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:51:24.0744 5196 odserv - ok

20:51:25.0002 5196 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

20:51:25.0004 5196 ohci1394 - ok

20:51:25.0071 5196 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:51:25.0075 5196 ose - ok

20:51:25.0189 5196 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:51:25.0222 5196 p2pimsvc - ok

20:51:25.0256 5196 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:51:25.0269 5196 p2psvc - ok

20:51:25.0314 5196 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:51:25.0316 5196 Parport - ok

20:51:25.0352 5196 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

20:51:25.0353 5196 partmgr - ok

20:51:25.0381 5196 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:51:25.0382 5196 Parvdm - ok

20:51:25.0420 5196 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

20:51:25.0423 5196 PcaSvc - ok

20:51:25.0484 5196 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

20:51:25.0488 5196 pci - ok

20:51:25.0540 5196 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

20:51:25.0541 5196 pciide - ok

20:51:25.0575 5196 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:51:25.0579 5196 pcmcia - ok

20:51:25.0649 5196 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:51:25.0694 5196 PEAUTH - ok

20:51:25.0865 5196 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

20:51:25.0919 5196 pla - ok

20:51:25.0962 5196 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

20:51:25.0975 5196 PlugPlay - ok

20:51:26.0044 5196 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:51:26.0057 5196 PNRPAutoReg - ok

20:51:26.0100 5196 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

20:51:26.0113 5196 PNRPsvc - ok

20:51:26.0170 5196 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

20:51:26.0182 5196 PolicyAgent - ok

20:51:26.0242 5196 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

20:51:26.0244 5196 PptpMiniport - ok

20:51:26.0267 5196 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

20:51:26.0271 5196 Processor - ok

20:51:26.0321 5196 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

20:51:26.0329 5196 ProfSvc - ok

20:51:26.0377 5196 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

20:51:26.0381 5196 ProtectedStorage - ok

20:51:26.0464 5196 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

20:51:26.0467 5196 PSched - ok

20:51:26.0577 5196 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

20:51:26.0610 5196 ql2300 - ok

20:51:26.0652 5196 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:51:26.0655 5196 ql40xx - ok

20:51:26.0701 5196 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

20:51:26.0771 5196 QWAVE - ok

20:51:26.0857 5196 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

20:51:26.0859 5196 QWAVEdrv - ok

20:51:26.0882 5196 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

20:51:26.0884 5196 RasAcd - ok

20:51:26.0918 5196 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

20:51:26.0954 5196 RasAuto - ok

20:51:27.0254 5196 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:51:27.0256 5196 Rasl2tp - ok

20:51:27.0305 5196 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

20:51:27.0318 5196 RasMan - ok

20:51:27.0358 5196 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

20:51:27.0360 5196 RasPppoe - ok

20:51:27.0410 5196 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

20:51:27.0413 5196 RasSstp - ok

20:51:27.0469 5196 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

20:51:27.0477 5196 rdbss - ok

20:51:27.0511 5196 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:51:27.0513 5196 RDPCDD - ok

20:51:27.0558 5196 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

20:51:27.0566 5196 rdpdr - ok

20:51:27.0584 5196 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

20:51:27.0586 5196 RDPENCDD - ok

20:51:27.0662 5196 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

20:51:27.0669 5196 RDPWD - ok

20:51:27.0806 5196 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe

20:51:27.0812 5196 Recovery Service for Windows - ok

20:51:27.0921 5196 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

20:51:27.0926 5196 RemoteAccess - ok

20:51:27.0971 5196 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

20:51:27.0981 5196 RemoteRegistry - ok

20:51:28.0057 5196 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe

20:51:28.0062 5196 RichVideo - ok

20:51:28.0149 5196 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

20:51:28.0153 5196 RpcLocator - ok

20:51:28.0207 5196 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

20:51:28.0220 5196 RpcSs - ok

20:51:28.0270 5196 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

20:51:28.0272 5196 rspndr - ok

20:51:28.0310 5196 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS

20:51:28.0312 5196 RTSTOR - ok

20:51:28.0365 5196 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

20:51:28.0369 5196 SamSs - ok

20:51:28.0440 5196 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:51:28.0443 5196 sbp2port - ok

20:51:28.0503 5196 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

20:51:28.0512 5196 SCardSvr - ok

20:51:28.0572 5196 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

20:51:28.0604 5196 Schedule - ok

20:51:28.0658 5196 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

20:51:28.0660 5196 SCPolicySvc - ok

20:51:28.0793 5196 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

20:51:28.0796 5196 sdbus - ok

20:51:28.0882 5196 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

20:51:28.0891 5196 SDRSVC - ok

20:51:28.0930 5196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:51:28.0931 5196 secdrv - ok

20:51:28.0960 5196 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

20:51:28.0967 5196 seclogon - ok

20:51:28.0999 5196 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

20:51:29.0005 5196 SENS - ok

20:51:29.0037 5196 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:51:29.0039 5196 Serenum - ok

20:51:29.0096 5196 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:51:29.0099 5196 Serial - ok

20:51:29.0121 5196 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

20:51:29.0123 5196 sermouse - ok

20:51:29.0190 5196 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

20:51:29.0198 5196 SessionEnv - ok

20:51:29.0224 5196 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

20:51:29.0225 5196 sffdisk - ok

20:51:29.0252 5196 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

20:51:29.0254 5196 sffp_mmc - ok

20:51:29.0283 5196 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

20:51:29.0285 5196 sffp_sd - ok

20:51:29.0310 5196 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:51:29.0311 5196 sfloppy - ok

20:51:29.0354 5196 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

20:51:29.0365 5196 SharedAccess - ok

20:51:29.0405 5196 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

20:51:29.0413 5196 ShellHWDetection - ok

20:51:29.0456 5196 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

20:51:29.0457 5196 sisagp - ok

20:51:29.0484 5196 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

20:51:29.0485 5196 SiSRaid2 - ok

20:51:29.0510 5196 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

20:51:29.0511 5196 SiSRaid4 - ok

20:51:29.0629 5196 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

20:51:29.0656 5196 slsvc - ok

20:51:29.0755 5196 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

20:51:29.0761 5196 SLUINotify - ok

20:51:29.0859 5196 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

20:51:29.0862 5196 Smb - ok

20:51:29.0911 5196 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

20:51:29.0917 5196 SNMPTRAP - ok

20:51:30.0073 5196 SNP2UVC (5140166bbcafe1393d4669353a1f8c0a) C:\Windows\system32\DRIVERS\snp2uvc.sys

20:51:30.0170 5196 SNP2UVC - ok

20:51:30.0198 5196 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

20:51:30.0200 5196 spldr - ok

20:51:30.0249 5196 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

20:51:30.0256 5196 Spooler - ok

20:51:30.0382 5196 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS

20:51:30.0399 5196 SRTSP - ok

20:51:30.0452 5196 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS

20:51:30.0455 5196 SRTSPX - ok

20:51:30.0515 5196 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

20:51:30.0524 5196 srv - ok

20:51:30.0576 5196 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

20:51:30.0582 5196 srv2 - ok

20:51:30.0698 5196 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

20:51:30.0701 5196 srvnet - ok

20:51:30.0792 5196 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

20:51:30.0801 5196 SSDPSRV - ok

20:51:30.0911 5196 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

20:51:30.0921 5196 SstpSvc - ok

20:51:30.0998 5196 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys

20:51:31.0000 5196 ss_bbus - ok

20:51:31.0047 5196 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys

20:51:31.0049 5196 ss_bmdfl - ok

20:51:31.0109 5196 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys

20:51:31.0112 5196 ss_bmdm - ok

20:51:31.0190 5196 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

20:51:31.0214 5196 stisvc - ok

20:51:31.0259 5196 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

20:51:31.0261 5196 swenum - ok

20:51:31.0308 5196 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

20:51:31.0321 5196 swprv - ok

20:51:31.0349 5196 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:51:31.0352 5196 Symc8xx - ok

20:51:31.0475 5196 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS

20:51:31.0480 5196 SymDS - ok

20:51:31.0560 5196 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS

20:51:31.0566 5196 SymEFA - ok

20:51:31.0733 5196 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

20:51:31.0737 5196 SymEvent - ok

20:51:31.0868 5196 SYMFW - ok

20:51:32.0010 5196 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS

20:51:32.0012 5196 SymIRON - ok

20:51:32.0072 5196 SYMNDISV - ok

20:51:32.0180 5196 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS

20:51:32.0184 5196 SYMTDIv - ok

20:51:32.0223 5196 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:51:32.0224 5196 Sym_hi - ok

20:51:32.0246 5196 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:51:32.0249 5196 Sym_u3 - ok

20:51:32.0308 5196 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys

20:51:32.0313 5196 SynTP - ok

20:51:32.0397 5196 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

20:51:32.0427 5196 SysMain - ok

20:51:32.0457 5196 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

20:51:32.0466 5196 TabletInputService - ok

20:51:32.0512 5196 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

20:51:32.0525 5196 TapiSrv - ok

20:51:32.0549 5196 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

20:51:32.0556 5196 TBS - ok

20:51:32.0715 5196 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

20:51:32.0801 5196 Tcpip - ok

20:51:32.0935 5196 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

20:51:32.0948 5196 Tcpip6 - ok

20:51:33.0039 5196 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

20:51:33.0041 5196 tcpipreg - ok

20:51:33.0118 5196 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

20:51:33.0120 5196 TDPIPE - ok

20:51:33.0159 5196 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

20:51:33.0161 5196 TDTCP - ok

20:51:33.0221 5196 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

20:51:33.0224 5196 tdx - ok

20:51:33.0268 5196 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

20:51:33.0270 5196 TermDD - ok

20:51:33.0315 5196 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

20:51:33.0326 5196 TermService - ok

20:51:33.0370 5196 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

20:51:33.0374 5196 Themes - ok

20:51:33.0422 5196 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

20:51:33.0424 5196 THREADORDER - ok

20:51:33.0452 5196 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

20:51:33.0455 5196 TrkWks - ok

20:51:33.0506 5196 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

20:51:33.0508 5196 TrustedInstaller - ok

20:51:33.0575 5196 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:51:33.0576 5196 tssecsrv - ok

20:51:33.0625 5196 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

20:51:33.0627 5196 tunmp - ok

20:51:33.0647 5196 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

20:51:33.0649 5196 tunnel - ok

20:51:33.0694 5196 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

20:51:33.0696 5196 uagp35 - ok

20:51:33.0821 5196 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

20:51:33.0829 5196 udfs - ok

20:51:33.0914 5196 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

20:51:33.0922 5196 UI0Detect - ok

20:51:33.0978 5196 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

20:51:33.0981 5196 uliagpkx - ok

20:51:34.0018 5196 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

20:51:34.0026 5196 uliahci - ok

20:51:34.0046 5196 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:51:34.0049 5196 UlSata - ok

20:51:34.0072 5196 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:51:34.0076 5196 ulsata2 - ok

20:51:34.0107 5196 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

20:51:34.0109 5196 umbus - ok

20:51:34.0163 5196 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

20:51:34.0170 5196 upnphost - ok

20:51:34.0242 5196 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

20:51:34.0244 5196 USBAAPL - ok

20:51:34.0358 5196 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

20:51:34.0360 5196 usbaudio - ok

20:51:34.0500 5196 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\Windows\system32\DRIVERS\lgusbbus.sys

20:51:34.0502 5196 usbbus - ok

20:51:34.0545 5196 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

20:51:34.0547 5196 usbccgp - ok

20:51:34.0601 5196 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:51:34.0604 5196 usbcir - ok

20:51:34.0680 5196 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\Windows\system32\DRIVERS\lgusbdiag.sys

20:51:34.0682 5196 UsbDiag - ok

20:51:34.0840 5196 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

20:51:34.0842 5196 usbehci - ok

20:51:34.0892 5196 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

20:51:34.0899 5196 usbhub - ok

20:51:34.0943 5196 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\Windows\system32\DRIVERS\lgusbmodem.sys

20:51:34.0945 5196 USBModem - ok

20:51:34.0976 5196 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

20:51:34.0978 5196 usbohci - ok

20:51:35.0033 5196 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

20:51:35.0035 5196 usbprint - ok

20:51:35.0107 5196 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:51:35.0109 5196 USBSTOR - ok

20:51:35.0145 5196 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

20:51:35.0147 5196 usbuhci - ok

20:51:35.0203 5196 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

20:51:35.0208 5196 usbvideo - ok

20:51:35.0271 5196 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

20:51:35.0277 5196 UxSms - ok

20:51:35.0341 5196 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

20:51:35.0364 5196 vds - ok

20:51:35.0417 5196 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

20:51:35.0419 5196 vga - ok

20:51:35.0446 5196 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

20:51:35.0448 5196 VgaSave - ok

20:51:35.0478 5196 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

20:51:35.0480 5196 viaagp - ok

20:51:35.0520 5196 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

20:51:35.0522 5196 ViaC7 - ok

20:51:35.0558 5196 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys

20:51:35.0559 5196 viaide - ok

20:51:35.0588 5196 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

20:51:35.0591 5196 volmgr - ok

20:51:35.0666 5196 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

20:51:35.0675 5196 volmgrx - ok

20:51:35.0786 5196 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

20:51:35.0792 5196 volsnap - ok

20:51:35.0863 5196 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

20:51:35.0865 5196 vsmraid - ok

20:51:35.0926 5196 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

20:51:35.0960 5196 VSS - ok

20:51:35.0984 5196 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

20:51:35.0996 5196 W32Time - ok

20:51:36.0054 5196 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:51:36.0056 5196 WacomPen - ok

20:51:36.0080 5196 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:51:36.0081 5196 Wanarp - ok

20:51:36.0090 5196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:51:36.0092 5196 Wanarpv6 - ok

20:51:36.0149 5196 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

20:51:36.0161 5196 wcncsvc - ok

20:51:36.0187 5196 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

20:51:36.0195 5196 WcsPlugInService - ok

20:51:36.0247 5196 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

20:51:36.0249 5196 Wd - ok

20:51:36.0296 5196 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

20:51:36.0311 5196 Wdf01000 - ok

20:51:36.0360 5196 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

20:51:36.0370 5196 WdiServiceHost - ok

20:51:36.0379 5196 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

20:51:36.0387 5196 WdiSystemHost - ok

20:51:36.0452 5196 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

20:51:36.0463 5196 WebClient - ok

20:51:36.0506 5196 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

20:51:36.0517 5196 Wecsvc - ok

20:51:36.0554 5196 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

20:51:36.0561 5196 wercplsupport - ok

20:51:36.0603 5196 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

20:51:36.0647 5196 WerSvc - ok

20:51:36.0863 5196 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

20:51:36.0873 5196 winachsf - ok

20:51:36.0932 5196 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

20:51:36.0943 5196 WinDefend - ok

20:51:36.0966 5196 WinHttpAutoProxySvc - ok

20:51:37.0073 5196 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

20:51:37.0080 5196 Winmgmt - ok

20:51:37.0167 5196 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

20:51:37.0211 5196 WinRM - ok

20:51:37.0308 5196 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

20:51:37.0415 5196 Wlansvc - ok

20:51:37.0793 5196 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:51:37.0817 5196 wlidsvc - ok

20:51:37.0957 5196 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:51:37.0961 5196 WmiAcpi - ok

20:51:38.0037 5196 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

20:51:38.0043 5196 wmiApSrv - ok

20:51:38.0112 5196 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

20:51:38.0127 5196 WMPNetworkSvc - ok

20:51:38.0213 5196 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

20:51:38.0226 5196 WPCSvc - ok

20:51:38.0281 5196 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

20:51:38.0289 5196 WPDBusEnum - ok

20:51:38.0338 5196 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

20:51:38.0339 5196 WpdUsb - ok

20:51:38.0474 5196 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:51:38.0481 5196 WPFFontCache_v0400 - ok

20:51:38.0549 5196 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

20:51:38.0550 5196 ws2ifsl - ok

20:51:38.0602 5196 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

20:51:38.0609 5196 wscsvc - ok

20:51:38.0627 5196 WSearch - ok

20:51:38.0757 5196 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

20:51:38.0868 5196 wuauserv - ok

20:51:38.0916 5196 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:51:38.0919 5196 WUDFRd - ok

20:51:38.0953 5196 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

20:51:38.0962 5196 wudfsvc - ok

20:51:38.0996 5196 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

20:51:38.0998 5196 XAudio - ok

20:51:39.0040 5196 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

20:51:39.0048 5196 XAudioService - ok

20:51:39.0170 5196 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys

20:51:39.0177 5196 yukonwlh - ok

20:51:39.0210 5196 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0

20:51:39.0261 5196 \Device\Harddisk0\DR0 - ok

20:51:39.0270 5196 Boot (0x1200) (a58e3923b536cc8ef7980b615a3d01eb) \Device\Harddisk0\DR0\Partition0

20:51:39.0272 5196 \Device\Harddisk0\DR0\Partition0 - ok

20:51:39.0373 5196 Boot (0x1200) (ab06ad29fdcf6311d100b56ae8551f6f) \Device\Harddisk0\DR0\Partition1

20:51:39.0376 5196 \Device\Harddisk0\DR0\Partition1 - ok

20:51:39.0383 5196 ============================================================

20:51:39.0383 5196 Scan finished

20:51:39.0383 5196 ============================================================

20:51:39.0411 1672 Detected object count: 1

20:51:39.0411 1672 Actual detected object count: 1

20:51:55.0514 1672 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

20:51:55.0515 1672 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Catherine [Admin rights]

Mode: Scan -- Date: 03/23/2012 20:59:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x824DD53D -> HOOKED (Unknown @ 0x89E34C50)

SSDT[14] : NtAlertThread @ 0x82456255 -> HOOKED (Unknown @ 0x89E34D30)

SSDT[18] : NtAllocateVirtualMemory @ 0x824924FB -> HOOKED (Unknown @ 0x991B4F78)

SSDT[21] : NtAlpcConnectPort @ 0x82434887 -> HOOKED (Unknown @ 0x87080108)

SSDT[42] : NtAssignProcessToJobObject @ 0x82407B43 -> HOOKED (Unknown @ 0x885530F8)

SSDT[67] : NtCreateMutant @ 0x8246A80C -> HOOKED (Unknown @ 0x89DED9B8)

SSDT[77] : NtCreateSymbolicLinkObject @ 0x8240A35A -> HOOKED (Unknown @ 0x961FF398)

SSDT[78] : NtCreateThread @ 0x824DBBB4 -> HOOKED (Unknown @ 0x967EBEF0)

SSDT[116] : NtDebugActiveProcess @ 0x824AED22 -> HOOKED (Unknown @ 0x885531D8)

SSDT[129] : NtDuplicateObject @ 0x82442551 -> HOOKED (Unknown @ 0x983D3E60)

SSDT[147] : NtFreeVirtualMemory @ 0x822CEF5D -> HOOKED (Unknown @ 0x991B4DB8)

SSDT[156] : NtImpersonateAnonymousToken @ 0x82404F12 -> HOOKED (Unknown @ 0x89DEDAA8)

SSDT[158] : NtImpersonateThread @ 0x8241A54F -> HOOKED (Unknown @ 0x89DEDB88)

SSDT[165] : NtLoadDriver @ 0x823B5DEE -> HOOKED (Unknown @ 0x878172F8)

SSDT[177] : NtMapViewOfSection @ 0x8245A89A -> HOOKED (Unknown @ 0x89DEFF50)

SSDT[184] : NtOpenEvent @ 0x82443DCF -> HOOKED (Unknown @ 0x89DED8D8)

SSDT[194] : NtOpenProcess @ 0x8246AFA8 -> HOOKED (Unknown @ 0x983D3FC0)

SSDT[195] : NtOpenProcessToken @ 0x8244BA2E -> HOOKED (Unknown @ 0x983D3DA0)

SSDT[197] : NtOpenSection @ 0x8245B66D -> HOOKED (Unknown @ 0x88553400)

SSDT[201] : NtOpenThread @ 0x824664FA -> HOOKED (Unknown @ 0x983D3F30)

SSDT[210] : NtProtectVirtualMemory @ 0x824642DD -> HOOKED (Unknown @ 0x961FF588)

SSDT[282] : NtResumeThread @ 0x82465B45 -> HOOKED (Unknown @ 0x89E34E10)

SSDT[289] : NtSetContextThread @ 0x824DC883 -> HOOKED (Unknown @ 0x89DEFCA0)

SSDT[305] : NtSetInformationProcess @ 0x8245E8C8 -> HOOKED (Unknown @ 0x89DEFD80)

SSDT[317] : NtSetSystemInformation @ 0x82430EEB -> HOOKED (Unknown @ 0x885532B8)

SSDT[330] : NtSuspendProcess @ 0x824DD477 -> HOOKED (Unknown @ 0x89DED7F8)

SSDT[331] : NtSuspendThread @ 0x823E492B -> HOOKED (Unknown @ 0x89E34EF0)

SSDT[334] : NtTerminateProcess @ 0x8243B143 -> HOOKED (Unknown @ 0x967EBFD0)

SSDT[335] : NtTerminateThread @ 0x8246652F -> HOOKED (Unknown @ 0x89E34FD0)

SSDT[348] : NtUnmapViewOfSection @ 0x8245AB5D -> HOOKED (Unknown @ 0x89DEFE70)

SSDT[358] : NtWriteVirtualMemory @ 0x8245792D -> HOOKED (Unknown @ 0x991B4EA8)

SSDT[382] : NtCreateThreadEx @ 0x82465FE4 -> HOOKED (Unknown @ 0x961FF488)

S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x9C612BF8)

S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x9D9B2560)

S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x9D9B24A0)

S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x9D9B2CD8)

S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x9D9B26A8)

S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x9C61EE60)

S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x9C61EFC0)

S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x9C61EF30)

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x9D9B2800)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x9D9B88D8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250320AS ATA Device +++++

--- User ---

[MBR] 3ba5a594f5689e4c2d28b6926493b721

[bSP] b90e997a9db954e5ec97ff0327b5191f : Toshiba tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 227604 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 466135040 | Size: 10867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Farbar Service Scanner Version: 01-03-2012

Ran by Catherine (administrator) on 23-03-2012 at 21:04:09

Running from "C:\Users\Catherine\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

I need for you to do a new run of RogueKiller, and aftwerwards, get & run a new tool.

First, Logoff and Restart Windows fresh. Then, do this

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes. :excl:
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Again, disable your antivirus How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Re-enable your antivirus.

Copy & Paste contents of RKReport & the GMER log.

Link to post
Share on other sites

Ok, did a scan which showed 2 things in the registry so I pressed delete - the log is pasted below.

The other program which I downloaded and saved into new fold ARK - having problems. When I run the program it runs for a couple of minutes and then states:

Iv439p47.exe has stopped working. A problems caused the program to stop working correctly. windows will close the program and notify you if a solution is available.

Here's the first log though;

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Catherine [Admin rights]

Mode: Remove -- Date: 03/23/2012 22:53:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x824D753D -> HOOKED (Unknown @ 0x89E87DB0)

SSDT[14] : NtAlertThread @ 0x82450255 -> HOOKED (Unknown @ 0x89E87E90)

SSDT[18] : NtAllocateVirtualMemory @ 0x8248C4FB -> HOOKED (Unknown @ 0x88817C88)

SSDT[21] : NtAlpcConnectPort @ 0x8242E887 -> HOOKED (Unknown @ 0x87385108)

SSDT[42] : NtAssignProcessToJobObject @ 0x82401B43 -> HOOKED (Unknown @ 0x89E62F90)

SSDT[67] : NtCreateMutant @ 0x8246480C -> HOOKED (Unknown @ 0x8881A008)

SSDT[77] : NtCreateSymbolicLinkObject @ 0x8240435A -> HOOKED (Unknown @ 0x89E62CB0)

SSDT[78] : NtCreateThread @ 0x824D5BB4 -> HOOKED (Unknown @ 0x993B4E28)

SSDT[116] : NtDebugActiveProcess @ 0x824A8D22 -> HOOKED (Unknown @ 0x8881A0B8)

SSDT[129] : NtDuplicateObject @ 0x8243C551 -> HOOKED (Unknown @ 0x88817DE0)

SSDT[147] : NtFreeVirtualMemory @ 0x822C8F5D -> HOOKED (Unknown @ 0x89E69EF0)

SSDT[156] : NtImpersonateAnonymousToken @ 0x823FEF12 -> HOOKED (Unknown @ 0x89E87BF0)

SSDT[158] : NtImpersonateThread @ 0x8241454F -> HOOKED (Unknown @ 0x89E87CD0)

SSDT[165] : NtLoadDriver @ 0x823AFDEE -> HOOKED (Unknown @ 0x870FD2C8)

SSDT[177] : NtMapViewOfSection @ 0x8245489A -> HOOKED (Unknown @ 0x89E69E10)

SSDT[184] : NtOpenEvent @ 0x8243DDCF -> HOOKED (Unknown @ 0x8881A4A0)

SSDT[194] : NtOpenProcess @ 0x82464FA8 -> HOOKED (Unknown @ 0x88817F80)

SSDT[195] : NtOpenProcessToken @ 0x82445A2E -> HOOKED (Unknown @ 0x993B4D60)

SSDT[197] : NtOpenSection @ 0x8245566D -> HOOKED (Unknown @ 0x8881A2E0)

SSDT[201] : NtOpenThread @ 0x824604FA -> HOOKED (Unknown @ 0x88817EB0)

SSDT[210] : NtProtectVirtualMemory @ 0x8245E2DD -> HOOKED (Unknown @ 0x89E62EA0)

SSDT[282] : NtResumeThread @ 0x8245FB45 -> HOOKED (Unknown @ 0x89E87F70)

SSDT[289] : NtSetContextThread @ 0x824D6883 -> HOOKED (Unknown @ 0x89E69B40)

SSDT[305] : NtSetInformationProcess @ 0x824588C8 -> HOOKED (Unknown @ 0x89E69C60)

SSDT[317] : NtSetSystemInformation @ 0x8242AEEB -> HOOKED (Unknown @ 0x8881A198)

SSDT[330] : NtSuspendProcess @ 0x824D7477 -> HOOKED (Unknown @ 0x8881A3C0)

SSDT[331] : NtSuspendThread @ 0x823DE92B -> HOOKED (Unknown @ 0x89EAF160)

SSDT[334] : NtTerminateProcess @ 0x82435143 -> HOOKED (Unknown @ 0x993B4F08)

SSDT[335] : NtTerminateThread @ 0x8246052F -> HOOKED (Unknown @ 0x89EAF240)

SSDT[348] : NtUnmapViewOfSection @ 0x82454B5D -> HOOKED (Unknown @ 0x89E69D50)

SSDT[358] : NtWriteVirtualMemory @ 0x8245192D -> HOOKED (Unknown @ 0x89E69FC0)

SSDT[382] : NtCreateThreadEx @ 0x8245FFE4 -> HOOKED (Unknown @ 0x89E62DA0)

S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x810498E0)

S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x8104C728)

S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x8102E820)

S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x8116AF60)

S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x8102E9F0)

S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8102E550)

S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8102E730)

S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8102E640)

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8104E950)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8104EAC8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250320AS ATA Device +++++

--- User ---

[MBR] 3ba5a594f5689e4c2d28b6926493b721

[bSP] b90e997a9db954e5ec97ff0327b5191f : Toshiba tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 227604 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 466135040 | Size: 10867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Okay, first time I've had a chance to get on computer today. Managed to run Gmer - this time I unplug the internet, turned off norton completely and ran it and it worked fine.

Here is the log;

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-03-24 23:13:42

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST9250320AS rev.HP07

Running: lv439p47.exe; Driver: C:\Users\CATHER~1\AppData\Local\Temp\uflcyuoc.sys

---- System - GMER 1.0.15 ----

SSDT 979FD6A8 ZwAlertResumeThread

SSDT 89EBDB28 ZwAlertThread

SSDT 995493C8 ZwAllocateVirtualMemory

SSDT 87B0E2C0 ZwAlpcConnectPort

SSDT 89E92C88 ZwAssignProcessToJobObject

SSDT 979FD3B8 ZwCreateMutant

SSDT 89E929A8 ZwCreateSymbolicLinkObject

SSDT 89EF5318 ZwCreateThread

SSDT 89E92D68 ZwDebugActiveProcess

SSDT 99549518 ZwDuplicateObject

SSDT 99549208 ZwFreeVirtualMemory

SSDT 979FD4A8 ZwImpersonateAnonymousToken

SSDT 979FD588 ZwImpersonateThread

SSDT 87B1F2E0 ZwLoadDriver

SSDT 89FA54F8 ZwMapViewOfSection

SSDT 979FD138 ZwOpenEvent

SSDT 89EF5200 ZwOpenProcess

SSDT 99549498 ZwOpenProcessToken

SSDT 89E92F90 ZwOpenSection

SSDT 89EF5130 ZwOpenThread

SSDT 89E92B98 ZwProtectVirtualMemory

SSDT 89EBDE68 ZwResumeThread

SSDT 89FA5248 ZwSetContextThread

SSDT 89FA5328 ZwSetInformationProcess

SSDT 89E92E48 ZwSetSystemInformation

SSDT 979FD058 ZwSuspendProcess

SSDT 89EBDF48 ZwSuspendThread

SSDT 89EF53F8 ZwTerminateProcess

SSDT 89FA5168 ZwTerminateThread

SSDT 89FA5418 ZwUnmapViewOfSection

SSDT 995492F8 ZwWriteVirtualMemory

SSDT 89E92A98 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822B58A0 8 Bytes [A8, D6, 9F, 97, 28, DB, EB, ...] {TEST AL, 0xd6; LAHF ; XCHG EDI, EAX; SUB BL, BL; JMP 0xffffffffffffff91}

.text ntkrnlpa.exe!KeSetEvent + 131 822B58B4 4 Bytes [C8, 93, 54, 99] {ENTER 0x5493, 0x99}

.text ntkrnlpa.exe!KeSetEvent + 13D 822B58C0 4 Bytes [C0, E2, B0, 87]

.text ntkrnlpa.exe!KeSetEvent + 191 822B5914 4 Bytes [88, 2C, E9, 89]

.text ntkrnlpa.exe!KeSetEvent + 1F5 822B5978 4 Bytes [b8, D3, 9F, 97]

.text ...

---- Files - GMER 1.0.15 ----

File C:\Windows\assembly\NativeImages_v4.0.30319_32\index53e.dat 0 bytes

File C:\Windows\assembly\NativeImages_v4.0.30319_32\index53f.dat 0 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.