Jump to content

JWW1 Infected


Recommended Posts

Welcome to Malwarebytes JWW1,

The log shows a likely ZAcess bootkit/rootkit infection. Please hold off on making any changes there for now, unless we discuss them here first. Let's check a few other diagnostic scan to see what all is involved there.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Link to post
Share on other sites

I have run GMER. Here are the results:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-05-05 20:55:06

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160823ASG rev.3.ADD

Running: scjf2dwt[1].exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypog.sys

---- Kernel code sections - GMER 1.0.15 ----

.data C:\WINDOWS\system32\DRIVERS\cdrom.sys unknown last section [0xF76F8000, 0xE3D, 0xC8000040]

? C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious PE modification

? C:\DOCUME~1\jerryw\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B8E61D20

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) BA505000-BA517000 (73728 bytes)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB43642$\655626357 0 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627 0 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\@ 2048 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\cfg.ini 170 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\Desktop.ini 4608 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\L 0 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\L\iahonoel 62976 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\oemid 233 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\U 0 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000001.@ 2048 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000002.@ 224768 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000004.@ 1024 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000000.@ 66560 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000004.@ 1024 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000032.@ 115712 bytes

File C:\WINDOWS\$NtUninstallKB43642$\697926627\version 1268 bytes

---- EOF - GMER 1.0.15 ----

I am now downloading aswMBR....

Thanks!!

Link to post
Share on other sites

The contents of aswMBR.txt are:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-05 21:05:07

-----------------------------

21:05:07.453 OS Version: Windows 5.1.2600 Service Pack 3

21:05:07.453 Number of processors: 2 586 0xF0B

21:05:07.453 ComputerName: JERRYW08 UserName: jerryw

21:05:08.843 Initialize success

21:07:26.390 AVAST engine defs: 12050501

21:08:47.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

21:08:47.906 Disk 0 Vendor: ST9160823ASG 3.ADD Size: 152627MB BusType: 3

21:08:48.140 Disk 0 MBR read successfully

21:08:48.171 Disk 0 MBR scan

21:08:48.234 Disk 0 Windows XP default MBR code

21:08:48.296 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63

21:08:48.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 176715

21:08:48.421 Disk 0 scanning sectors +312576705

21:08:48.687 Disk 0 scanning C:\WINDOWS\system32\drivers

21:09:03.234 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]

21:09:40.781 Disk 0 trace - called modules:

21:09:40.812 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b01dfd0]<<

21:09:40.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b13bab8]

21:09:40.812 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8b1224c0]

21:09:40.812 \Driver\00000394[0x8b122030] -> IRP_MJ_CREATE -> 0x8b01dfd0

21:09:41.546 AVAST engine scan C:\WINDOWS

21:11:19.234 AVAST engine scan C:\WINDOWS\system32

21:30:23.015 AVAST engine scan C:\WINDOWS\system32\drivers

21:30:42.109 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]

21:32:52.984 AVAST engine scan C:\Documents and Settings\jerryw

00:57:53.312 AVAST engine scan C:\Documents and Settings\All Users

01:03:13.765 Scan finished successfully

16:29:07.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jerryw\Desktop\MBR.dat"

16:29:07.812 The log file has been saved successfully to "C:\Documents and Settings\jerryw\Desktop\aswMBR.txt"

What next?

aswMBR.txt

Link to post
Share on other sites

Coincidence - had just checked in here. That also picks up the bootkit.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Run aswMBR again. If after the scan completes, the Fix button is hilighted (not the FixMBR button), click that, and follow all promots, including any reboot requirements. Then do the next step, regardless.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

Then run Gmer and aswMBR again, and post those logs as well please.

Link to post
Share on other sites

I ran aswMBR again and after the scan finished selected Fix. I hope it runs almost immediatly, because there was nothing to indicate it was finished. I saved the log and then rebooted. The I got back on the forum to check what to do next. A browser poped up: "Registry Defender Recommended"

I have NOT done anything with this - is it yours? or something related to the virus?

I am closing everything down again and running 'Larry.com'.

Thanks!! :)

Link to post
Share on other sites

I ran Kaspersky's TDSSKiller as Larry.com results are attached.

Then, ran Gmer and aswMBR again per instructions.

Results from Gmer are attached.

Got an error running aswMBR - screen shot of error is attached. It's giving me a bad feeling as it's nearly the same message as I was receiving that started this whole thing!

Do I try running aswMBR again?

Also, I would appreciate feedback on the "Registry Defender Recommended" question.

Thanks!

TDSSKiller.2.7.34.0_07.05.2012_11.55.40_log.txt

aswMBR-Error.bmp

GMER - 20120507.log

Link to post
Share on other sites

Registry Defender is not a recommended program, so not part of what we are doing here, other than ridding that system of what might be suggesting it. If you would, please post the current logs like you have been. Nearly impossible to do a decent web search of the info otherwise.

Except the bmp file, which I did take a look at. Not real sure of that aswMBR error right off. You are running it from the desktop, yes?

Link to post
Share on other sites

Yes, I am running from the desktop. (Why would it matter where?)

Following is the text from the logs.

Do I try running aswMBR again?

Thanks

TDSSKiller.2.7.34.0_07.05.2012_11.55.40_log.txt:

11:55:40.0640 0112 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

11:55:40.0937 0112 ============================================================

11:55:40.0937 0112 Current date / time: 2012/05/07 11:55:40.0937

11:55:40.0937 0112 SystemInfo:

11:55:40.0937 0112

11:55:40.0937 0112 OS Version: 5.1.2600 ServicePack: 3.0

11:55:40.0937 0112 Product type: Workstation

11:55:40.0937 0112 ComputerName: JERRYW08

11:55:40.0937 0112 UserName: jerryw

11:55:40.0937 0112 Windows directory: C:\WINDOWS

11:55:40.0937 0112 System windows directory: C:\WINDOWS

11:55:40.0937 0112 Processor architecture: Intel x86

11:55:40.0937 0112 Number of processors: 2

11:55:40.0937 0112 Page size: 0x1000

11:55:40.0937 0112 Boot type: Safe boot with network

11:55:40.0937 0112 ============================================================

11:55:42.0859 0112 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:55:42.0859 0112 Drive \Device\Harddisk1\DR3 - Size: 0x15D4EF00000 (1397.23 Gb), SectorSize: 0x200, Cylinders: 0x2C87D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:55:43.0265 0112 ============================================================

11:55:43.0265 0112 \Device\Harddisk0\DR0:

11:55:43.0312 0112 MBR partitions:

11:55:43.0312 0112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876

11:55:43.0312 0112 \Device\Harddisk1\DR3:

11:55:43.0312 0112 MBR partitions:

11:55:43.0312 0112 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA77000

11:55:43.0312 0112 ============================================================

11:55:43.0375 0112 C: <-> \Device\Harddisk0\DR0\Partition0

11:55:43.0421 0112 F: <-> \Device\Harddisk1\DR3\Partition0

11:55:43.0421 0112 ============================================================

11:55:43.0421 0112 Initialize success

11:55:43.0421 0112 ============================================================

12:02:18.0703 2012 ============================================================

12:02:18.0703 2012 Scan started

12:02:18.0703 2012 Mode: Manual;

12:02:18.0703 2012 ============================================================

12:02:23.0953 2012 Abiosdsk - ok

12:02:24.0046 2012 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

12:02:24.0046 2012 abp480n5 - ok

12:02:24.0203 2012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:02:24.0218 2012 ACPI - ok

12:02:24.0250 2012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:02:24.0250 2012 ACPIEC - ok

12:02:24.0500 2012 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:02:24.0515 2012 AdobeFlashPlayerUpdateSvc - ok

12:02:24.0750 2012 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

12:02:24.0750 2012 adpu160m - ok

12:02:25.0046 2012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:02:25.0046 2012 aec - ok

12:02:25.0093 2012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

12:02:25.0093 2012 AFD - ok

12:02:25.0125 2012 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

12:02:25.0125 2012 agp440 - ok

12:02:25.0156 2012 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

12:02:25.0156 2012 agpCPQ - ok

12:02:25.0187 2012 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

12:02:25.0187 2012 Aha154x - ok

12:02:25.0218 2012 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

12:02:25.0218 2012 aic78u2 - ok

12:02:25.0250 2012 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

12:02:25.0250 2012 aic78xx - ok

12:02:25.0296 2012 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

12:02:25.0312 2012 Alerter - ok

12:02:25.0359 2012 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

12:02:25.0359 2012 ALG - ok

12:02:25.0375 2012 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

12:02:25.0375 2012 AliIde - ok

12:02:25.0421 2012 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

12:02:25.0421 2012 alim1541 - ok

12:02:25.0437 2012 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

12:02:25.0437 2012 amdagp - ok

12:02:25.0468 2012 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

12:02:25.0468 2012 amsint - ok

12:02:25.0515 2012 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

12:02:25.0515 2012 ApfiltrService - ok

12:02:25.0562 2012 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

12:02:25.0562 2012 APPDRV - ok

12:02:25.0593 2012 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

12:02:25.0593 2012 AppMgmt - ok

12:02:25.0625 2012 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

12:02:25.0625 2012 Arp1394 - ok

12:02:25.0656 2012 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

12:02:25.0656 2012 asc - ok

12:02:25.0671 2012 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

12:02:25.0671 2012 asc3350p - ok

12:02:25.0703 2012 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

12:02:25.0703 2012 asc3550 - ok

12:02:25.0796 2012 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

12:02:25.0796 2012 ASFIPmon - ok

12:02:25.0968 2012 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

12:02:26.0078 2012 aspnet_state - ok

12:02:26.0109 2012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:02:26.0109 2012 AsyncMac - ok

12:02:26.0125 2012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:02:26.0125 2012 atapi - ok

12:02:26.0156 2012 Atdisk - ok

12:02:26.0234 2012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:02:26.0234 2012 Atmarpc - ok

12:02:26.0296 2012 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

12:02:26.0296 2012 AudioSrv - ok

12:02:26.0328 2012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:02:26.0328 2012 audstub - ok

12:02:26.0359 2012 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

12:02:26.0359 2012 b57w2k - ok

12:02:26.0437 2012 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

12:02:26.0453 2012 BASFND - ok

12:02:26.0562 2012 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

12:02:26.0625 2012 BCM43XX - ok

12:02:26.0703 2012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:02:26.0703 2012 Beep - ok

12:02:26.0750 2012 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

12:02:27.0000 2012 BITS - ok

12:02:27.0078 2012 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

12:02:27.0078 2012 Browser - ok

12:02:27.0125 2012 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

12:02:27.0125 2012 cbidf - ok

12:02:27.0140 2012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:02:27.0140 2012 cbidf2k - ok

12:02:27.0187 2012 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

12:02:27.0203 2012 cd20xrnt - ok

12:02:27.0250 2012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:02:27.0250 2012 Cdaudio - ok

12:02:27.0296 2012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:02:27.0296 2012 Cdfs - ok

12:02:27.0343 2012 Cdrom (42ea425b642bbff960cee77a687e9a36) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:02:27.0343 2012 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 42ea425b642bbff960cee77a687e9a36, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe

12:02:27.0343 2012 Cdrom ( Virus.Win32.ZAccess.k ) - infected

12:02:27.0343 2012 Cdrom - detected Virus.Win32.ZAccess.k (0)

12:02:27.0359 2012 Changer - ok

12:02:27.0406 2012 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

12:02:27.0406 2012 CiSvc - ok

12:02:27.0437 2012 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

12:02:27.0437 2012 ClipSrv - ok

12:02:27.0562 2012 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:02:27.0765 2012 clr_optimization_v2.0.50727_32 - ok

12:02:27.0828 2012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:02:28.0218 2012 clr_optimization_v4.0.30319_32 - ok

12:02:28.0250 2012 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:02:28.0250 2012 CmBatt - ok

12:02:28.0281 2012 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

12:02:28.0281 2012 CmdIde - ok

12:02:28.0312 2012 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:02:28.0312 2012 Compbatt - ok

12:02:28.0328 2012 COMSysApp - ok

12:02:28.0390 2012 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

12:02:28.0390 2012 Cpqarray - ok

12:02:28.0453 2012 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

12:02:28.0453 2012 CryptSvc - ok

12:02:28.0484 2012 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

12:02:28.0484 2012 ctxusbm - ok

12:02:28.0531 2012 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

12:02:28.0531 2012 CVirtA - ok

12:02:28.0703 2012 CVPND (d4a26b0926171dc4f969955d157d1311) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

12:02:28.0765 2012 CVPND - ok

12:02:28.0921 2012 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

12:02:28.0937 2012 CVPNDRVA - ok

12:02:28.0968 2012 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

12:02:28.0984 2012 dac2w2k - ok

12:02:29.0000 2012 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

12:02:29.0000 2012 dac960nt - ok

12:02:29.0031 2012 dashsvc - ok

12:02:29.0093 2012 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:02:29.0109 2012 DcomLaunch - ok

12:02:29.0156 2012 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

12:02:29.0156 2012 Dhcp - ok

12:02:29.0187 2012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:02:29.0187 2012 Disk - ok

12:02:29.0218 2012 dmadmin - ok

12:02:29.0281 2012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:02:29.0296 2012 dmboot - ok

12:02:29.0312 2012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:02:29.0312 2012 dmio - ok

12:02:29.0343 2012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:02:29.0343 2012 dmload - ok

12:02:29.0390 2012 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

12:02:29.0406 2012 dmserver - ok

12:02:29.0437 2012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:02:29.0437 2012 DMusic - ok

12:02:29.0468 2012 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

12:02:29.0468 2012 DNE - ok

12:02:29.0500 2012 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

12:02:29.0500 2012 Dnscache - ok

12:02:29.0531 2012 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

12:02:29.0531 2012 Dot3svc - ok

12:02:29.0578 2012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

12:02:29.0578 2012 dpti2o - ok

12:02:29.0609 2012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:02:29.0609 2012 drmkaud - ok

12:02:29.0656 2012 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

12:02:29.0656 2012 DXEC01 - ok

12:02:29.0703 2012 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

12:02:29.0703 2012 E100B - ok

12:02:29.0734 2012 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

12:02:29.0765 2012 EapHost - ok

12:02:29.0796 2012 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

12:02:29.0796 2012 ERSvc - ok

12:02:29.0828 2012 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:02:29.0875 2012 Eventlog - ok

12:02:29.0921 2012 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

12:02:29.0937 2012 EventSystem - ok

12:02:29.0968 2012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:02:29.0984 2012 Fastfat - ok

12:02:30.0015 2012 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:02:30.0015 2012 FastUserSwitchingCompatibility - ok

12:02:30.0062 2012 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

12:02:30.0078 2012 Fax - ok

12:02:30.0109 2012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:02:30.0109 2012 Fdc - ok

12:02:30.0140 2012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:02:30.0156 2012 Fips - ok

12:02:30.0187 2012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

12:02:30.0187 2012 Flpydisk - ok

12:02:30.0218 2012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:02:30.0234 2012 FltMgr - ok

12:02:30.0328 2012 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:02:30.0343 2012 FontCache3.0.0.0 - ok

12:02:30.0375 2012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:02:30.0375 2012 Fs_Rec - ok

12:02:30.0421 2012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:02:30.0421 2012 Ftdisk - ok

12:02:30.0484 2012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:02:30.0484 2012 Gpc - ok

12:02:30.0515 2012 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

12:02:30.0515 2012 guardian2 - ok

12:02:30.0562 2012 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:02:30.0578 2012 HDAudBus - ok

12:02:30.0640 2012 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:02:30.0640 2012 helpsvc - ok

12:02:30.0671 2012 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

12:02:30.0671 2012 HidServ - ok

12:02:30.0718 2012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:02:30.0718 2012 HidUsb - ok

12:02:30.0750 2012 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

12:02:30.0750 2012 hkmsvc - ok

12:02:30.0812 2012 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

12:02:30.0828 2012 HP Port Resolver - ok

12:02:30.0843 2012 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

12:02:30.0843 2012 HP Status Server - ok

12:02:30.0890 2012 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

12:02:30.0890 2012 hpn - ok

12:02:30.0937 2012 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

12:02:30.0953 2012 HSFHWAZL - ok

12:02:31.0031 2012 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

12:02:31.0062 2012 HSF_DPV - ok

12:02:31.0109 2012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:02:31.0125 2012 HTTP - ok

12:02:31.0156 2012 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

12:02:31.0156 2012 HTTPFilter - ok

12:02:31.0218 2012 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

12:02:31.0218 2012 i2omgmt - ok

12:02:31.0250 2012 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

12:02:31.0250 2012 i2omp - ok

12:02:31.0265 2012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:02:31.0265 2012 i8042prt - ok

12:02:31.0296 2012 ibmpmsvc - ok

12:02:31.0421 2012 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:02:31.0468 2012 idsvc - ok

12:02:31.0515 2012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:02:31.0515 2012 Imapi - ok

12:02:31.0546 2012 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

12:02:31.0562 2012 ImapiService - ok

12:02:31.0593 2012 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

12:02:31.0593 2012 ini910u - ok

12:02:31.0640 2012 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

12:02:31.0640 2012 IntelIde - ok

12:02:31.0671 2012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:02:31.0671 2012 intelppm - ok

12:02:31.0687 2012 iolo_srv - ok

12:02:31.0718 2012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:02:31.0718 2012 Ip6Fw - ok

12:02:31.0750 2012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:02:31.0750 2012 IpFilterDriver - ok

12:02:31.0781 2012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:02:31.0781 2012 IpInIp - ok

12:02:31.0828 2012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:02:31.0828 2012 IpNat - ok

12:02:31.0859 2012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:02:31.0859 2012 IPSec - ok

12:02:31.0906 2012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:02:31.0906 2012 IRENUM - ok

12:02:31.0953 2012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:02:31.0953 2012 isapnp - ok

12:02:32.0000 2012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:02:32.0000 2012 Kbdclass - ok

12:02:32.0031 2012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:02:32.0031 2012 kbdhid - ok

12:02:32.0078 2012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:02:32.0093 2012 kmixer - ok

12:02:32.0109 2012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:02:32.0109 2012 KSecDD - ok

12:02:32.0171 2012 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

12:02:32.0171 2012 lanmanserver - ok

12:02:32.0203 2012 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

12:02:32.0218 2012 lanmanworkstation - ok

12:02:32.0234 2012 lbrtfdc - ok

12:02:32.0296 2012 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

12:02:32.0296 2012 LmHosts - ok

12:02:32.0312 2012 LVVI500A - ok

12:02:32.0375 2012 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

12:02:32.0375 2012 mdmxsdk - ok

12:02:32.0406 2012 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

12:02:32.0421 2012 Messenger - ok

12:02:32.0531 2012 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

12:02:32.0593 2012 Microsoft Office Groove Audit Service - ok

12:02:32.0625 2012 MicrosoftDynamicsNAVServer$NAV2 - ok

12:02:32.0671 2012 MicrosoftDynamicsNAVServer$NAV3 - ok

12:02:32.0687 2012 MicrosoftDynamicsNAVServer$NAV4 - ok

12:02:32.0750 2012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:02:32.0750 2012 mnmdd - ok

12:02:32.0781 2012 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

12:02:32.0781 2012 mnmsrvc - ok

12:02:32.0812 2012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:02:32.0812 2012 Modem - ok

12:02:32.0859 2012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:02:32.0859 2012 Mouclass - ok

12:02:32.0875 2012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:02:32.0875 2012 mouhid - ok

12:02:32.0921 2012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:02:32.0921 2012 MountMgr - ok

12:02:32.0953 2012 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

12:02:32.0953 2012 mraid35x - ok

12:02:32.0984 2012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:02:33.0000 2012 MRxDAV - ok

12:02:33.0046 2012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:02:33.0062 2012 MRxSmb - ok

12:02:33.0093 2012 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

12:02:33.0093 2012 MSDTC - ok

12:02:33.0140 2012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:02:33.0140 2012 Msfs - ok

12:02:33.0187 2012 MSIServer - ok

12:02:33.0203 2012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:02:33.0203 2012 MSKSSRV - ok

12:02:33.0250 2012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:02:33.0250 2012 MSPCLOCK - ok

12:02:33.0265 2012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:02:33.0265 2012 MSPQM - ok

12:02:33.0328 2012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:02:33.0328 2012 mssmbios - ok

12:02:33.0390 2012 MSSQLSERVER - ok

12:02:33.0437 2012 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

12:02:33.0468 2012 MSSQLServerADHelper - ok

12:02:33.0500 2012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:02:33.0515 2012 Mup - ok

12:02:33.0546 2012 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

12:02:33.0562 2012 napagent - ok

12:02:33.0593 2012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:02:33.0609 2012 NDIS - ok

12:02:33.0671 2012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:02:33.0687 2012 NdisTapi - ok

12:02:33.0734 2012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:02:33.0734 2012 Ndisuio - ok

12:02:33.0765 2012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:02:33.0765 2012 NdisWan - ok

12:02:33.0796 2012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:02:33.0796 2012 NDProxy - ok

12:02:33.0828 2012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:02:33.0828 2012 NetBIOS - ok

12:02:33.0859 2012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:02:33.0875 2012 NetBT - ok

12:02:33.0921 2012 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:02:33.0921 2012 NetDDE - ok

12:02:33.0937 2012 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:02:33.0937 2012 NetDDEdsdm - ok

12:02:33.0984 2012 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:02:33.0984 2012 Netlogon - ok

12:02:34.0046 2012 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

12:02:34.0046 2012 Netman - ok

12:02:34.0187 2012 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:02:34.0328 2012 NetTcpPortSharing - ok

12:02:34.0343 2012 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

12:02:34.0343 2012 NIC1394 - ok

12:02:34.0484 2012 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

12:02:34.0515 2012 NICCONFIGSVC - ok

12:02:34.0562 2012 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

12:02:34.0578 2012 Nla - ok

12:02:34.0609 2012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:02:34.0609 2012 Npfs - ok

12:02:34.0640 2012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:02:34.0671 2012 Ntfs - ok

12:02:34.0718 2012 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:02:34.0718 2012 NtLmSsp - ok

12:02:34.0765 2012 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

12:02:34.0781 2012 NtmsSvc - ok

12:02:34.0812 2012 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

12:02:34.0812 2012 NuidFltr - ok

12:02:34.0843 2012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:02:34.0843 2012 Null - ok

12:02:35.0125 2012 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:02:35.0312 2012 nv - ok

12:02:35.0390 2012 NVSvc (7ee6243758619a391491148eabf0e7b7) C:\WINDOWS\system32\nvsvc32.exe

12:02:35.0406 2012 NVSvc - ok

12:02:35.0437 2012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:02:35.0437 2012 NwlnkFlt - ok

12:02:35.0453 2012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:02:35.0453 2012 NwlnkFwd - ok

12:02:35.0578 2012 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:02:35.0593 2012 odserv - ok

12:02:35.0625 2012 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

12:02:35.0625 2012 ohci1394 - ok

12:02:35.0671 2012 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:02:35.0671 2012 ose - ok

12:02:35.0718 2012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:02:35.0718 2012 Parport - ok

12:02:35.0750 2012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:02:35.0750 2012 PartMgr - ok

12:02:35.0781 2012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:02:35.0781 2012 ParVdm - ok

12:02:35.0796 2012 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

12:02:35.0796 2012 PBADRV - ok

12:02:35.0828 2012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:02:35.0828 2012 PCI - ok

12:02:35.0859 2012 PCIDump - ok

12:02:35.0890 2012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:02:35.0890 2012 PCIIde - ok

12:02:35.0937 2012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

12:02:35.0937 2012 Pcmcia - ok

12:02:35.0968 2012 PDCOMP - ok

12:02:35.0984 2012 PDFRAME - ok

12:02:36.0015 2012 PDRELI - ok

12:02:36.0046 2012 PDRFRAME - ok

12:02:36.0125 2012 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

12:02:36.0125 2012 perc2 - ok

12:02:36.0171 2012 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

12:02:36.0171 2012 perc2hib - ok

12:02:36.0250 2012 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:02:36.0265 2012 PlugPlay - ok

12:02:36.0296 2012 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe

12:02:36.0296 2012 Pml Driver HPZ12 - ok

12:02:36.0328 2012 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:02:36.0328 2012 PolicyAgent - ok

12:02:36.0359 2012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:02:36.0359 2012 PptpMiniport - ok

12:02:36.0375 2012 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:02:36.0375 2012 ProtectedStorage - ok

12:02:36.0406 2012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:02:36.0406 2012 PSched - ok

12:02:36.0468 2012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:02:36.0468 2012 Ptilink - ok

12:02:36.0500 2012 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

12:02:36.0515 2012 ql1080 - ok

12:02:36.0531 2012 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

12:02:36.0531 2012 Ql10wnt - ok

12:02:36.0562 2012 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

12:02:36.0562 2012 ql12160 - ok

12:02:36.0593 2012 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

12:02:36.0593 2012 ql1240 - ok

12:02:36.0625 2012 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

12:02:36.0625 2012 ql1280 - ok

12:02:36.0656 2012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:02:36.0656 2012 RasAcd - ok

12:02:36.0703 2012 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

12:02:36.0734 2012 RasAuto - ok

12:02:36.0781 2012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:02:36.0781 2012 Rasl2tp - ok

12:02:36.0812 2012 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

12:02:36.0812 2012 RasMan - ok

12:02:36.0843 2012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:02:36.0843 2012 RasPppoe - ok

12:02:36.0859 2012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:02:36.0859 2012 Raspti - ok

12:02:36.0921 2012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:02:36.0937 2012 Rdbss - ok

12:02:36.0953 2012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:02:36.0953 2012 RDPCDD - ok

12:02:37.0031 2012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:02:37.0031 2012 rdpdr - ok

12:02:37.0093 2012 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

12:02:37.0093 2012 RDPWD - ok

12:02:37.0140 2012 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

12:02:37.0140 2012 RDSessMgr - ok

12:02:37.0203 2012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:02:37.0203 2012 redbook - ok

12:02:37.0234 2012 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

12:02:37.0234 2012 RemoteAccess - ok

12:02:37.0281 2012 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

12:02:37.0281 2012 RemoteRegistry - ok

12:02:37.0296 2012 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

12:02:37.0296 2012 RpcLocator - ok

12:02:37.0359 2012 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:02:37.0375 2012 RpcSs - ok

12:02:37.0390 2012 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

12:02:37.0421 2012 RSVP - ok

12:02:37.0468 2012 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:02:37.0468 2012 SamSs - ok

12:02:37.0500 2012 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

12:02:37.0546 2012 SCardSvr - ok

12:02:37.0578 2012 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

12:02:37.0593 2012 Schedule - ok

12:02:37.0656 2012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:02:37.0656 2012 Secdrv - ok

12:02:37.0687 2012 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

12:02:37.0687 2012 seclogon - ok

12:02:37.0812 2012 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

12:02:37.0828 2012 SecureStorageService - ok

12:02:37.0859 2012 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

12:02:37.0859 2012 SENS - ok

12:02:37.0890 2012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:02:37.0890 2012 serenum - ok

12:02:37.0937 2012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:02:37.0937 2012 Serial - ok

12:02:38.0078 2012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:02:38.0078 2012 Sfloppy - ok

12:02:38.0109 2012 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

12:02:38.0125 2012 SharedAccess - ok

12:02:38.0171 2012 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:02:38.0171 2012 ShellHWDetection - ok

12:02:38.0187 2012 Shockprf - ok

12:02:38.0218 2012 Simbad - ok

12:02:38.0265 2012 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

12:02:38.0265 2012 sisagp - ok

12:02:38.0359 2012 SONICWALL_NetExtender (692082a7fdcab0ef31bda8a4d03f747f) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe

12:02:38.0375 2012 SONICWALL_NetExtender - ok

12:02:38.0437 2012 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

12:02:38.0437 2012 SONYPVU1 - ok

12:02:38.0500 2012 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

12:02:38.0515 2012 Sparrow - ok

12:02:38.0531 2012 spcflt - ok

12:02:38.0578 2012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:02:38.0578 2012 splitter - ok

12:02:38.0609 2012 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

12:02:38.0609 2012 Spooler - ok

12:02:38.0734 2012 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

12:02:38.0750 2012 SQLBrowser - ok

12:02:38.0781 2012 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

12:02:38.0781 2012 SQLWriter - ok

12:02:38.0812 2012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:02:38.0812 2012 sr - ok

12:02:38.0843 2012 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

12:02:38.0859 2012 srservice - ok

12:02:38.0906 2012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:02:38.0921 2012 Srv - ok

12:02:38.0953 2012 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

12:02:38.0953 2012 SSDPSRV - ok

12:02:38.0984 2012 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys

12:02:38.0984 2012 SSLDrv - ok

12:02:39.0046 2012 STacSV (686fa4acfdcb4e16b7f0230b88f6d17e) C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

12:02:39.0046 2012 STacSV - ok

12:02:39.0281 2012 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys

12:02:39.0640 2012 STHDA - ok

12:02:39.0703 2012 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

12:02:39.0703 2012 StillCam - ok

12:02:39.0750 2012 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

12:02:39.0765 2012 stisvc - ok

12:02:39.0812 2012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:02:39.0812 2012 swenum - ok

12:02:39.0875 2012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:02:39.0890 2012 swmidi - ok

12:02:39.0906 2012 SwPrv - ok

12:02:39.0953 2012 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

12:02:39.0953 2012 symc810 - ok

12:02:39.0984 2012 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

12:02:39.0984 2012 symc8xx - ok

12:02:40.0015 2012 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

12:02:40.0015 2012 sym_hi - ok

12:02:40.0046 2012 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

12:02:40.0046 2012 sym_u3 - ok

12:02:40.0093 2012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:02:40.0093 2012 sysaudio - ok

12:02:40.0140 2012 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

12:02:40.0140 2012 SysmonLog - ok

12:02:40.0171 2012 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

12:02:40.0187 2012 TapiSrv - ok

12:02:40.0234 2012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:02:40.0250 2012 Tcpip - ok

12:02:40.0375 2012 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

12:02:40.0437 2012 tcsd_win32.exe - ok

12:02:40.0578 2012 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

12:02:40.0609 2012 TdmService - ok

12:02:40.0859 2012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:02:40.0859 2012 TDPIPE - ok

12:02:40.0921 2012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:02:40.0921 2012 TDTCP - ok

12:02:40.0953 2012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:02:40.0953 2012 TermDD - ok

12:02:41.0000 2012 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

12:02:41.0015 2012 TermService - ok

12:02:41.0046 2012 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:02:41.0046 2012 Themes - ok

12:02:41.0062 2012 tlnrj - ok

12:02:41.0156 2012 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

12:02:41.0156 2012 TlntSvr - ok

12:02:41.0203 2012 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

12:02:41.0203 2012 TosIde - ok

12:02:41.0265 2012 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

12:02:41.0265 2012 TrkWks - ok

12:02:41.0312 2012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:02:41.0312 2012 Udfs - ok

12:02:41.0375 2012 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

12:02:41.0390 2012 ultra - ok

12:02:41.0453 2012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:02:41.0468 2012 Update - ok

12:02:41.0500 2012 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

12:02:41.0546 2012 upnphost - ok

12:02:41.0625 2012 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

12:02:41.0640 2012 UPS - ok

12:02:41.0718 2012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:02:41.0718 2012 usbccgp - ok

12:02:41.0750 2012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:02:41.0750 2012 usbehci - ok

12:02:41.0796 2012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:02:41.0796 2012 usbhub - ok

12:02:41.0843 2012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:02:41.0843 2012 usbprint - ok

12:02:41.0875 2012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:02:41.0875 2012 USBSTOR - ok

12:02:41.0921 2012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:02:41.0921 2012 usbuhci - ok

12:02:41.0937 2012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:02:41.0937 2012 VgaSave - ok

12:02:41.0984 2012 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

12:02:41.0984 2012 viaagp - ok

12:02:42.0015 2012 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

12:02:42.0015 2012 ViaIde - ok

12:02:42.0062 2012 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys

12:02:42.0078 2012 vmm - ok

12:02:42.0109 2012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:02:42.0109 2012 VolSnap - ok

12:02:42.0156 2012 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

12:02:42.0156 2012 VPCNetS2 - ok

12:02:42.0281 2012 vpnagent (816366044657795ffce1d66f113f93c2) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

12:02:42.0296 2012 vpnagent - ok

12:02:42.0328 2012 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys

12:02:42.0328 2012 vpnva - ok

12:02:42.0421 2012 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

12:02:42.0453 2012 vsdatant - ok

12:02:42.0484 2012 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

12:02:42.0500 2012 VSS - ok

12:02:42.0609 2012 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

12:02:42.0625 2012 w32time - ok

12:02:42.0671 2012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:02:42.0671 2012 Wanarp - ok

12:02:42.0687 2012 Wave UCSPlus - ok

12:02:43.0343 2012 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

12:02:43.0359 2012 WaveEnrollmentService - ok

12:02:43.0390 2012 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

12:02:43.0390 2012 WaveFDE - ok

12:02:43.0421 2012 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

12:02:43.0437 2012 WavxDMgr - ok

12:02:43.0484 2012 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

12:02:43.0484 2012 WDC_SAM - ok

12:02:43.0531 2012 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

12:02:43.0546 2012 Wdf01000 - ok

12:02:43.0578 2012 WDICA - ok

12:02:43.0625 2012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:02:43.0625 2012 wdmaud - ok

12:02:43.0671 2012 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

12:02:43.0671 2012 WebClient - ok

12:02:43.0843 2012 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

12:02:43.0859 2012 winachsf - ok

12:02:44.0171 2012 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

12:02:44.0171 2012 winmgmt - ok

12:02:44.0234 2012 wltrysvc - ok

12:02:44.0281 2012 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

12:02:44.0281 2012 WmdmPmSN - ok

12:02:44.0359 2012 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

12:02:44.0390 2012 Wmi - ok

12:02:44.0515 2012 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

12:02:44.0531 2012 WmiAcpi - ok

12:02:44.0578 2012 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:02:44.0593 2012 WmiApSrv - ok

12:02:44.0718 2012 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

12:02:44.0734 2012 WMPNetworkSvc - ok

12:02:45.0093 2012 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:02:45.0187 2012 WPFFontCache_v0400 - ok

12:02:45.0281 2012 WSearch - ok

12:02:45.0328 2012 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

12:02:45.0343 2012 wuauserv - ok

12:02:45.0421 2012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:02:45.0421 2012 WudfPf - ok

12:02:45.0453 2012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:02:45.0453 2012 WudfRd - ok

12:02:45.0484 2012 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

12:02:45.0500 2012 WudfSvc - ok

12:02:45.0765 2012 WYNIT (71fd245a4dca081d570eeeeff0f4d45f) C:\Navision\2009 SP1\Application Server\nassql.exe

12:02:45.0843 2012 WYNIT - ok

12:02:46.0312 2012 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

12:02:46.0328 2012 WZCSVC - ok

12:02:46.0375 2012 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

12:02:46.0375 2012 xmlprov - ok

12:02:46.0500 2012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:02:46.0656 2012 \Device\Harddisk0\DR0 - ok

12:02:46.0671 2012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

12:02:46.0671 2012 \Device\Harddisk1\DR3 - ok

12:02:46.0687 2012 Boot (0x1200) (ff4f97aa9f8e4394fbaf9eb0d198a6c0) \Device\Harddisk0\DR0\Partition0

12:02:46.0687 2012 \Device\Harddisk0\DR0\Partition0 - ok

12:02:46.0718 2012 Boot (0x1200) (f7aa2af5924cdda0bbd13a2472ae584a) \Device\Harddisk1\DR3\Partition0

12:02:46.0718 2012 \Device\Harddisk1\DR3\Partition0 - ok

12:02:46.0734 2012 ============================================================

12:02:46.0734 2012 Scan finished

12:02:46.0734 2012 ============================================================

12:02:46.0781 1900 Detected object count: 1

12:02:46.0781 1900 Actual detected object count: 1

12:03:25.0546 1900 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine

12:03:27.0390 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\@ - copied to quarantine

12:03:27.0390 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\cfg.ini - copied to quarantine

12:03:27.0390 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\Desktop.ini - copied to quarantine

12:03:27.0406 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\L\iahonoel - copied to quarantine

12:03:27.0437 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\oemid - copied to quarantine

12:03:27.0625 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000001.@ - copied to quarantine

12:03:27.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000002.@ - copied to quarantine

12:03:27.0734 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000004.@ - copied to quarantine

12:03:27.0765 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000000.@ - copied to quarantine

12:03:27.0781 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000004.@ - copied to quarantine

12:03:27.0843 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000032.@ - copied to quarantine

12:03:27.0843 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\version - copied to quarantine

12:03:35.0500 1900 Backup copy found, using it..

12:03:35.0546 1900 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot

12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\655626357 - will be deleted on reboot

12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\@ - will be deleted on reboot

12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\cfg.ini - will be deleted on reboot

12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\Desktop.ini - will be deleted on reboot

12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\oemid - will be deleted on reboot

12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000001.@ - will be deleted on reboot

12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000002.@ - will be deleted on reboot

12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000004.@ - will be deleted on reboot

12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000000.@ - will be deleted on reboot

12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000004.@ - will be deleted on reboot

12:03:38.0718 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000032.@ - will be deleted on reboot

12:03:38.0718 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\version - will be deleted on reboot

12:03:38.0718 1900 Cdrom ( Virus.Win32.ZAccess.k ) - User select action: Cure

12:03:45.0843 0692 Deinitialize success

GMER.log:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-05-07 19:38:38

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160823ASG rev.3.ADD

Running: qoogsktl[1].exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypog.sys

---- Kernel code sections - GMER 1.0.15 ----

? 36713168.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B8860D20

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

I rebooted and tried scanning with aswMBR again. I saw that there were infected files identified - but before it finished, an error came up like the one I put in the .BMP that I uploaded previously.

At this point, I don't know what to do. - - So, I'm just going to wait to see what you suggest...

Thanks!

Link to post
Share on other sites

I usually can't assist until after work. TDSSKiller picked out the bootkit and the bootkit's hidden file system, but Gmer still shows an unknown driver loading there.

If you haven't yet, please reboot and run TDSSKiller and then Gmer again and post those logs.

Also I would like a second Gmer log to check.

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Link to post
Share on other sites

Please do not think that I'm not satisfied with your response time. I do know that this is a volunteer thing. And - Thanks for that! :)

Contents of TDSSKiller:

16:14:38.0984 0800 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

16:14:39.0375 0800 ============================================================

16:14:39.0375 0800 Current date / time: 2012/05/08 16:14:39.0375

16:14:39.0375 0800 SystemInfo:

16:14:39.0375 0800

16:14:39.0375 0800 OS Version: 5.1.2600 ServicePack: 3.0

16:14:39.0375 0800 Product type: Workstation

16:14:39.0375 0800 ComputerName: JERRYW08

16:14:39.0375 0800 UserName: jerryw

16:14:39.0375 0800 Windows directory: C:\WINDOWS

16:14:39.0375 0800 System windows directory: C:\WINDOWS

16:14:39.0375 0800 Processor architecture: Intel x86

16:14:39.0375 0800 Number of processors: 2

16:14:39.0375 0800 Page size: 0x1000

16:14:39.0375 0800 Boot type: Safe boot with network

16:14:39.0375 0800 ============================================================

16:14:43.0531 0800 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

16:14:43.0531 0800 Drive \Device\Harddisk1\DR3 - Size: 0x15D4EF00000 (1397.23 Gb), SectorSize: 0x200, Cylinders: 0x2C87D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:14:43.0531 0800 ============================================================

16:14:43.0531 0800 \Device\Harddisk0\DR0:

16:14:43.0531 0800 MBR partitions:

16:14:43.0531 0800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876

16:14:43.0531 0800 \Device\Harddisk1\DR3:

16:14:43.0531 0800 MBR partitions:

16:14:43.0531 0800 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA77000

16:14:43.0531 0800 ============================================================

16:14:43.0625 0800 C: <-> \Device\Harddisk0\DR0\Partition0

16:14:43.0671 0800 F: <-> \Device\Harddisk1\DR3\Partition0

16:14:43.0671 0800 ============================================================

16:14:43.0671 0800 Initialize success

16:14:43.0671 0800 ============================================================

16:14:54.0250 1044 ============================================================

16:14:54.0250 1044 Scan started

16:14:54.0250 1044 Mode: Manual;

16:14:54.0250 1044 ============================================================

16:14:55.0171 1044 Abiosdsk - ok

16:14:55.0234 1044 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

16:14:55.0234 1044 abp480n5 - ok

16:14:55.0296 1044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:14:55.0296 1044 ACPI - ok

16:14:55.0328 1044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

16:14:55.0328 1044 ACPIEC - ok

16:14:55.0421 1044 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:14:55.0437 1044 AdobeFlashPlayerUpdateSvc - ok

16:14:55.0468 1044 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

16:14:55.0468 1044 adpu160m - ok

16:14:55.0500 1044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:14:55.0515 1044 aec - ok

16:14:55.0562 1044 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:14:55.0562 1044 AFD - ok

16:14:55.0593 1044 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

16:14:55.0609 1044 agp440 - ok

16:14:55.0625 1044 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

16:14:55.0625 1044 agpCPQ - ok

16:14:55.0656 1044 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

16:14:55.0656 1044 Aha154x - ok

16:14:55.0687 1044 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

16:14:55.0687 1044 aic78u2 - ok

16:14:55.0703 1044 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

16:14:55.0703 1044 aic78xx - ok

16:14:55.0765 1044 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

16:14:55.0781 1044 Alerter - ok

16:14:55.0812 1044 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

16:14:55.0828 1044 ALG - ok

16:14:55.0843 1044 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

16:14:55.0843 1044 AliIde - ok

16:14:55.0875 1044 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

16:14:55.0875 1044 alim1541 - ok

16:14:55.0906 1044 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

16:14:55.0906 1044 amdagp - ok

16:14:55.0937 1044 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

16:14:55.0953 1044 amsint - ok

16:14:55.0984 1044 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

16:14:55.0984 1044 ApfiltrService - ok

16:14:56.0031 1044 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

16:14:56.0031 1044 APPDRV - ok

16:14:56.0078 1044 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

16:14:56.0078 1044 AppMgmt - ok

16:14:56.0093 1044 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:14:56.0093 1044 Arp1394 - ok

16:14:56.0156 1044 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

16:14:56.0156 1044 asc - ok

16:14:56.0171 1044 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

16:14:56.0171 1044 asc3350p - ok

16:14:56.0203 1044 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

16:14:56.0203 1044 asc3550 - ok

16:14:56.0296 1044 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

16:14:56.0296 1044 ASFIPmon - ok

16:14:56.0468 1044 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

16:14:56.0578 1044 aspnet_state - ok

16:14:56.0593 1044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:14:56.0593 1044 AsyncMac - ok

16:14:56.0640 1044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:14:56.0640 1044 atapi - ok

16:14:56.0656 1044 Atdisk - ok

16:14:56.0718 1044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:14:56.0718 1044 Atmarpc - ok

16:14:56.0765 1044 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

16:14:56.0765 1044 AudioSrv - ok

16:14:56.0812 1044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:14:56.0812 1044 audstub - ok

16:14:56.0828 1044 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

16:14:56.0828 1044 b57w2k - ok

16:14:56.0859 1044 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

16:14:56.0859 1044 BASFND - ok

16:14:56.0937 1044 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

16:14:56.0968 1044 BCM43XX - ok

16:14:57.0015 1044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:14:57.0015 1044 Beep - ok

16:14:57.0062 1044 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

16:14:57.0203 1044 BITS - ok

16:14:57.0265 1044 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

16:14:57.0265 1044 Browser - ok

16:14:57.0312 1044 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

16:14:57.0312 1044 cbidf - ok

16:14:57.0328 1044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:14:57.0328 1044 cbidf2k - ok

16:14:57.0359 1044 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

16:14:57.0359 1044 cd20xrnt - ok

16:14:57.0390 1044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:14:57.0390 1044 Cdaudio - ok

16:14:57.0421 1044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:14:57.0437 1044 Cdfs - ok

16:14:57.0453 1044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:14:57.0453 1044 Cdrom - ok

16:14:57.0468 1044 Changer - ok

16:14:57.0515 1044 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

16:14:57.0531 1044 CiSvc - ok

16:14:57.0562 1044 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

16:14:57.0562 1044 ClipSrv - ok

16:14:57.0656 1044 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:14:57.0875 1044 clr_optimization_v2.0.50727_32 - ok

16:14:57.0968 1044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:14:58.0218 1044 clr_optimization_v4.0.30319_32 - ok

16:14:58.0265 1044 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:14:58.0265 1044 CmBatt - ok

16:14:58.0296 1044 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

16:14:58.0296 1044 CmdIde - ok

16:14:58.0328 1044 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:14:58.0328 1044 Compbatt - ok

16:14:58.0343 1044 COMSysApp - ok

16:14:58.0406 1044 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

16:14:58.0406 1044 Cpqarray - ok

16:14:58.0453 1044 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

16:14:58.0453 1044 CryptSvc - ok

16:14:58.0484 1044 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

16:14:58.0484 1044 ctxusbm - ok

16:14:58.0515 1044 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

16:14:58.0515 1044 CVirtA - ok

16:14:58.0671 1044 CVPND (d4a26b0926171dc4f969955d157d1311) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

16:14:58.0734 1044 CVPND - ok

16:14:58.0875 1044 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

16:14:58.0890 1044 CVPNDRVA - ok

16:14:58.0921 1044 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

16:14:58.0937 1044 dac2w2k - ok

16:14:58.0953 1044 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

16:14:58.0953 1044 dac960nt - ok

16:14:58.0984 1044 dashsvc - ok

16:14:59.0046 1044 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

16:14:59.0062 1044 DcomLaunch - ok

16:14:59.0093 1044 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

16:14:59.0109 1044 Dhcp - ok

16:14:59.0125 1044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:14:59.0125 1044 Disk - ok

16:14:59.0140 1044 dmadmin - ok

16:14:59.0234 1044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:14:59.0265 1044 dmboot - ok

16:14:59.0296 1044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:14:59.0296 1044 dmio - ok

16:14:59.0328 1044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:14:59.0328 1044 dmload - ok

16:14:59.0375 1044 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

16:14:59.0375 1044 dmserver - ok

16:14:59.0406 1044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:14:59.0421 1044 DMusic - ok

16:14:59.0453 1044 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

16:14:59.0453 1044 DNE - ok

16:14:59.0515 1044 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

16:14:59.0515 1044 Dnscache - ok

16:14:59.0546 1044 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

16:14:59.0562 1044 Dot3svc - ok

16:14:59.0593 1044 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

16:14:59.0593 1044 dpti2o - ok

16:14:59.0625 1044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:14:59.0625 1044 drmkaud - ok

16:14:59.0671 1044 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

16:14:59.0687 1044 DXEC01 - ok

16:14:59.0718 1044 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

16:14:59.0718 1044 E100B - ok

16:14:59.0765 1044 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

16:14:59.0765 1044 EapHost - ok

16:14:59.0812 1044 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

16:14:59.0812 1044 ERSvc - ok

16:14:59.0843 1044 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

16:14:59.0890 1044 Eventlog - ok

16:14:59.0921 1044 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

16:14:59.0937 1044 EventSystem - ok

16:14:59.0984 1044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:14:59.0984 1044 Fastfat - ok

16:15:00.0031 1044 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

16:15:00.0046 1044 FastUserSwitchingCompatibility - ok

16:15:00.0078 1044 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

16:15:00.0109 1044 Fax - ok

16:15:00.0156 1044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:15:00.0156 1044 Fdc - ok

16:15:00.0187 1044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:15:00.0187 1044 Fips - ok

16:15:00.0218 1044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:15:00.0234 1044 Flpydisk - ok

16:15:00.0328 1044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:15:00.0343 1044 FltMgr - ok

16:15:00.0437 1044 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:15:00.0437 1044 FontCache3.0.0.0 - ok

16:15:00.0515 1044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:15:00.0515 1044 Fs_Rec - ok

16:15:00.0562 1044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:15:00.0562 1044 Ftdisk - ok

16:15:00.0593 1044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:15:00.0593 1044 Gpc - ok

16:15:00.0640 1044 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

16:15:00.0640 1044 guardian2 - ok

16:15:00.0656 1044 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:15:00.0656 1044 HDAudBus - ok

16:15:00.0734 1044 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:15:00.0734 1044 helpsvc - ok

16:15:00.0781 1044 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

16:15:00.0781 1044 HidServ - ok

16:15:00.0812 1044 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:15:00.0812 1044 HidUsb - ok

16:15:00.0843 1044 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

16:15:00.0843 1044 hkmsvc - ok

16:15:00.0921 1044 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

16:15:00.0921 1044 HP Port Resolver - ok

16:15:00.0937 1044 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

16:15:00.0937 1044 HP Status Server - ok

16:15:00.0984 1044 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

16:15:00.0984 1044 hpn - ok

16:15:01.0031 1044 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

16:15:01.0046 1044 HSFHWAZL - ok

16:15:01.0109 1044 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

16:15:01.0140 1044 HSF_DPV - ok

16:15:01.0203 1044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:15:01.0218 1044 HTTP - ok

16:15:01.0250 1044 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

16:15:01.0265 1044 HTTPFilter - ok

16:15:01.0296 1044 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

16:15:01.0296 1044 i2omgmt - ok

16:15:01.0312 1044 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

16:15:01.0312 1044 i2omp - ok

16:15:01.0343 1044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:15:01.0343 1044 i8042prt - ok

16:15:01.0406 1044 ibmpmsvc - ok

16:15:01.0546 1044 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:15:01.0578 1044 idsvc - ok

16:15:01.0609 1044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:15:01.0609 1044 Imapi - ok

16:15:01.0656 1044 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

16:15:01.0656 1044 ImapiService - ok

16:15:01.0703 1044 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

16:15:01.0703 1044 ini910u - ok

16:15:01.0765 1044 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

16:15:01.0765 1044 IntelIde - ok

16:15:01.0796 1044 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:15:01.0796 1044 intelppm - ok

16:15:01.0812 1044 iolo_srv - ok

16:15:01.0859 1044 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:15:01.0859 1044 Ip6Fw - ok

16:15:01.0890 1044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:15:01.0890 1044 IpFilterDriver - ok

16:15:01.0906 1044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:15:01.0906 1044 IpInIp - ok

16:15:01.0953 1044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:15:01.0953 1044 IpNat - ok

16:15:01.0984 1044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:15:01.0984 1044 IPSec - ok

16:15:02.0015 1044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:15:02.0015 1044 IRENUM - ok

16:15:02.0062 1044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:15:02.0062 1044 isapnp - ok

16:15:02.0109 1044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:15:02.0109 1044 Kbdclass - ok

16:15:02.0140 1044 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:15:02.0140 1044 kbdhid - ok

16:15:02.0156 1044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:15:02.0171 1044 kmixer - ok

16:15:02.0187 1044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:15:02.0187 1044 KSecDD - ok

16:15:02.0234 1044 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

16:15:02.0234 1044 lanmanserver - ok

16:15:02.0281 1044 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

16:15:02.0281 1044 lanmanworkstation - ok

16:15:02.0296 1044 lbrtfdc - ok

16:15:02.0390 1044 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

16:15:02.0390 1044 LmHosts - ok

16:15:02.0406 1044 LVVI500A - ok

16:15:02.0453 1044 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:15:02.0453 1044 mdmxsdk - ok

16:15:02.0484 1044 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

16:15:02.0500 1044 Messenger - ok

16:15:02.0609 1044 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

16:15:02.0687 1044 Microsoft Office Groove Audit Service - ok

16:15:02.0718 1044 MicrosoftDynamicsNAVServer$NAV2 - ok

16:15:02.0750 1044 MicrosoftDynamicsNAVServer$NAV3 - ok

16:15:02.0796 1044 MicrosoftDynamicsNAVServer$NAV4 - ok

16:15:02.0843 1044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:15:02.0843 1044 mnmdd - ok

16:15:02.0875 1044 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

16:15:02.0875 1044 mnmsrvc - ok

16:15:02.0906 1044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:15:02.0906 1044 Modem - ok

16:15:02.0921 1044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:15:02.0921 1044 Mouclass - ok

16:15:02.0953 1044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:15:02.0953 1044 mouhid - ok

16:15:02.0984 1044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:15:02.0984 1044 MountMgr - ok

16:15:03.0031 1044 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

16:15:03.0031 1044 mraid35x - ok

16:15:03.0046 1044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:15:03.0046 1044 MRxDAV - ok

16:15:03.0125 1044 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:15:03.0140 1044 MRxSmb - ok

16:15:03.0171 1044 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

16:15:03.0171 1044 MSDTC - ok

16:15:03.0234 1044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:15:03.0234 1044 Msfs - ok

16:15:03.0250 1044 MSIServer - ok

16:15:03.0296 1044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:15:03.0296 1044 MSKSSRV - ok

16:15:03.0312 1044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:15:03.0312 1044 MSPCLOCK - ok

16:15:03.0343 1044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:15:03.0343 1044 MSPQM - ok

16:15:03.0390 1044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:15:03.0390 1044 mssmbios - ok

16:15:03.0453 1044 MSSQLSERVER - ok

16:15:03.0515 1044 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

16:15:03.0546 1044 MSSQLServerADHelper - ok

16:15:03.0578 1044 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:15:03.0593 1044 Mup - ok

16:15:03.0625 1044 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

16:15:03.0640 1044 napagent - ok

16:15:03.0671 1044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:15:03.0687 1044 NDIS - ok

16:15:03.0703 1044 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:15:03.0703 1044 NdisTapi - ok

16:15:03.0734 1044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:15:03.0734 1044 Ndisuio - ok

16:15:03.0765 1044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:15:03.0765 1044 NdisWan - ok

16:15:03.0796 1044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:15:03.0796 1044 NDProxy - ok

16:15:03.0828 1044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:15:03.0828 1044 NetBIOS - ok

16:15:03.0859 1044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:15:03.0859 1044 NetBT - ok

16:15:03.0906 1044 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

16:15:03.0921 1044 NetDDE - ok

16:15:03.0937 1044 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

16:15:03.0937 1044 NetDDEdsdm - ok

16:15:03.0984 1044 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:15:03.0984 1044 Netlogon - ok

16:15:04.0015 1044 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

16:15:04.0031 1044 Netman - ok

16:15:04.0140 1044 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

16:15:04.0234 1044 NetTcpPortSharing - ok

16:15:04.0281 1044 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:15:04.0281 1044 NIC1394 - ok

16:15:04.0390 1044 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

16:15:04.0406 1044 NICCONFIGSVC - ok

16:15:04.0453 1044 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

16:15:04.0468 1044 Nla - ok

16:15:04.0500 1044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:15:04.0500 1044 Npfs - ok

16:15:04.0531 1044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:15:04.0546 1044 Ntfs - ok

16:15:04.0593 1044 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:15:04.0593 1044 NtLmSsp - ok

16:15:04.0625 1044 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

16:15:04.0640 1044 NtmsSvc - ok

16:15:04.0671 1044 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

16:15:04.0671 1044 NuidFltr - ok

16:15:04.0718 1044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:15:04.0718 1044 Null - ok

16:15:04.0937 1044 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

16:15:05.0109 1044 nv - ok

16:15:05.0203 1044 NVSvc (7ee6243758619a391491148eabf0e7b7) C:\WINDOWS\system32\nvsvc32.exe

16:15:05.0203 1044 NVSvc - ok

16:15:05.0281 1044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:15:05.0281 1044 NwlnkFlt - ok

16:15:05.0296 1044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:15:05.0296 1044 NwlnkFwd - ok

16:15:05.0421 1044 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:15:05.0437 1044 odserv - ok

16:15:05.0468 1044 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:15:05.0468 1044 ohci1394 - ok

16:15:05.0515 1044 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:15:05.0578 1044 ose - ok

16:15:05.0625 1044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

16:15:05.0625 1044 Parport - ok

16:15:05.0640 1044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:15:05.0640 1044 PartMgr - ok

16:15:05.0687 1044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:15:05.0687 1044 ParVdm - ok

16:15:05.0703 1044 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

16:15:05.0703 1044 PBADRV - ok

16:15:05.0734 1044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:15:05.0734 1044 PCI - ok

16:15:05.0765 1044 PCIDump - ok

16:15:05.0796 1044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:15:05.0796 1044 PCIIde - ok

16:15:05.0843 1044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:15:05.0843 1044 Pcmcia - ok

16:15:05.0875 1044 PDCOMP - ok

16:15:05.0890 1044 PDFRAME - ok

16:15:05.0921 1044 PDRELI - ok

16:15:05.0953 1044 PDRFRAME - ok

16:15:06.0015 1044 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

16:15:06.0015 1044 perc2 - ok

16:15:06.0062 1044 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

16:15:06.0062 1044 perc2hib - ok

16:15:06.0140 1044 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

16:15:06.0140 1044 PlugPlay - ok

16:15:06.0171 1044 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe

16:15:06.0171 1044 Pml Driver HPZ12 - ok

16:15:06.0203 1044 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:15:06.0218 1044 PolicyAgent - ok

16:15:06.0250 1044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:15:06.0250 1044 PptpMiniport - ok

16:15:06.0265 1044 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:15:06.0265 1044 ProtectedStorage - ok

16:15:06.0296 1044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:15:06.0296 1044 PSched - ok

16:15:06.0343 1044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:15:06.0343 1044 Ptilink - ok

16:15:06.0375 1044 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

16:15:06.0375 1044 ql1080 - ok

16:15:06.0390 1044 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

16:15:06.0406 1044 Ql10wnt - ok

16:15:06.0421 1044 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

16:15:06.0421 1044 ql12160 - ok

16:15:06.0453 1044 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

16:15:06.0453 1044 ql1240 - ok

16:15:06.0500 1044 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

16:15:06.0500 1044 ql1280 - ok

16:15:06.0515 1044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:15:06.0515 1044 RasAcd - ok

16:15:06.0546 1044 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

16:15:06.0562 1044 RasAuto - ok

16:15:06.0593 1044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:15:06.0593 1044 Rasl2tp - ok

16:15:06.0625 1044 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

16:15:06.0640 1044 RasMan - ok

16:15:06.0656 1044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:15:06.0671 1044 RasPppoe - ok

16:15:06.0687 1044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:15:06.0687 1044 Raspti - ok

16:15:06.0734 1044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:15:06.0734 1044 Rdbss - ok

16:15:06.0765 1044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:15:06.0765 1044 RDPCDD - ok

16:15:06.0828 1044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:15:06.0828 1044 rdpdr - ok

16:15:06.0875 1044 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

16:15:06.0890 1044 RDPWD - ok

16:15:06.0921 1044 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

16:15:06.0937 1044 RDSessMgr - ok

16:15:06.0968 1044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:15:06.0968 1044 redbook - ok

16:15:07.0015 1044 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

16:15:07.0015 1044 RemoteAccess - ok

16:15:07.0062 1044 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

16:15:07.0062 1044 RemoteRegistry - ok

16:15:07.0093 1044 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

16:15:07.0093 1044 RpcLocator - ok

16:15:07.0140 1044 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

16:15:07.0140 1044 RpcSs - ok

16:15:07.0171 1044 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

16:15:07.0171 1044 RSVP - ok

16:15:07.0234 1044 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:15:07.0234 1044 SamSs - ok

16:15:07.0265 1044 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

16:15:07.0265 1044 SCardSvr - ok

16:15:07.0312 1044 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

16:15:07.0312 1044 Schedule - ok

16:15:07.0390 1044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:15:07.0390 1044 Secdrv - ok

16:15:07.0406 1044 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

16:15:07.0421 1044 seclogon - ok

16:15:07.0531 1044 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

16:15:07.0546 1044 SecureStorageService - ok

16:15:07.0578 1044 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

16:15:07.0593 1044 SENS - ok

16:15:07.0625 1044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:15:07.0625 1044 serenum - ok

16:15:07.0640 1044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

16:15:07.0640 1044 Serial - ok

16:15:07.0765 1044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:15:07.0765 1044 Sfloppy - ok

16:15:07.0796 1044 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

16:15:07.0812 1044 SharedAccess - ok

16:15:07.0859 1044 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

16:15:07.0859 1044 ShellHWDetection - ok

16:15:07.0890 1044 Shockprf - ok

16:15:07.0921 1044 Simbad - ok

16:15:07.0953 1044 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

16:15:07.0953 1044 sisagp - ok

16:15:08.0062 1044 SONICWALL_NetExtender (692082a7fdcab0ef31bda8a4d03f747f) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe

16:15:08.0078 1044 SONICWALL_NetExtender - ok

16:15:08.0109 1044 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

16:15:08.0109 1044 SONYPVU1 - ok

16:15:08.0140 1044 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

16:15:08.0140 1044 Sparrow - ok

16:15:08.0171 1044 spcflt - ok

16:15:08.0203 1044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:15:08.0203 1044 splitter - ok

16:15:08.0250 1044 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

16:15:08.0250 1044 Spooler - ok

16:15:08.0343 1044 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

16:15:08.0359 1044 SQLBrowser - ok

16:15:08.0406 1044 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

16:15:08.0406 1044 SQLWriter - ok

16:15:08.0437 1044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:15:08.0437 1044 sr - ok

16:15:08.0468 1044 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

16:15:08.0484 1044 srservice - ok

16:15:08.0546 1044 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:15:08.0562 1044 Srv - ok

16:15:08.0593 1044 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

16:15:08.0593 1044 SSDPSRV - ok

16:15:08.0625 1044 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys

16:15:08.0625 1044 SSLDrv - ok

16:15:08.0718 1044 STacSV (686fa4acfdcb4e16b7f0230b88f6d17e) C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

16:15:08.0718 1044 STacSV - ok

16:15:08.0781 1044 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys

16:15:08.0828 1044 STHDA - ok

16:15:08.0843 1044 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

16:15:08.0859 1044 StillCam - ok

16:15:08.0890 1044 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

16:15:08.0906 1044 stisvc - ok

16:15:08.0953 1044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:15:08.0953 1044 swenum - ok

16:15:08.0968 1044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:15:08.0968 1044 swmidi - ok

16:15:08.0984 1044 SwPrv - ok

16:15:09.0046 1044 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

16:15:09.0046 1044 symc810 - ok

16:15:09.0078 1044 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

16:15:09.0078 1044 symc8xx - ok

16:15:09.0109 1044 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

16:15:09.0109 1044 sym_hi - ok

16:15:09.0125 1044 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

16:15:09.0125 1044 sym_u3 - ok

16:15:09.0171 1044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:15:09.0171 1044 sysaudio - ok

16:15:09.0218 1044 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

16:15:09.0218 1044 SysmonLog - ok

16:15:09.0281 1044 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

16:15:09.0296 1044 TapiSrv - ok

16:15:09.0343 1044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:15:09.0359 1044 Tcpip - ok

16:15:09.0468 1044 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

16:15:09.0515 1044 tcsd_win32.exe - ok

16:15:09.0593 1044 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

16:15:09.0640 1044 TdmService - ok

16:15:09.0781 1044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:15:09.0781 1044 TDPIPE - ok

16:15:09.0812 1044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:15:09.0812 1044 TDTCP - ok

16:15:09.0843 1044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:15:09.0843 1044 TermDD - ok

16:15:09.0890 1044 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

16:15:09.0906 1044 TermService - ok

16:15:09.0937 1044 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

16:15:09.0937 1044 Themes - ok

16:15:09.0953 1044 tlnrj - ok

16:15:10.0000 1044 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

16:15:10.0000 1044 TlntSvr - ok

16:15:10.0031 1044 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

16:15:10.0031 1044 TosIde - ok

16:15:10.0078 1044 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

16:15:10.0109 1044 TrkWks - ok

16:15:10.0156 1044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:15:10.0156 1044 Udfs - ok

16:15:10.0203 1044 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

16:15:10.0203 1044 ultra - ok

16:15:10.0281 1044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:15:10.0281 1044 Update - ok

16:15:10.0328 1044 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

16:15:10.0328 1044 upnphost - ok

16:15:10.0375 1044 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

16:15:10.0375 1044 UPS - ok

16:15:10.0437 1044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:15:10.0437 1044 usbccgp - ok

16:15:10.0484 1044 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:15:10.0484 1044 usbehci - ok

16:15:10.0515 1044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:15:10.0515 1044 usbhub - ok

16:15:10.0546 1044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:15:10.0546 1044 usbprint - ok

16:15:10.0578 1044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:15:10.0578 1044 USBSTOR - ok

16:15:10.0609 1044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:15:10.0625 1044 usbuhci - ok

16:15:10.0640 1044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:15:10.0640 1044 VgaSave - ok

16:15:10.0671 1044 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

16:15:10.0687 1044 viaagp - ok

16:15:10.0703 1044 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

16:15:10.0703 1044 ViaIde - ok

16:15:10.0750 1044 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys

16:15:10.0750 1044 vmm - ok

16:15:10.0781 1044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:15:10.0781 1044 VolSnap - ok

16:15:10.0828 1044 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

16:15:10.0828 1044 VPCNetS2 - ok

16:15:10.0937 1044 vpnagent (816366044657795ffce1d66f113f93c2) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

16:15:10.0953 1044 vpnagent - ok

16:15:10.0984 1044 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys

16:15:10.0984 1044 vpnva - ok

16:15:11.0062 1044 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

16:15:11.0093 1044 vsdatant - ok

16:15:11.0156 1044 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

16:15:11.0171 1044 VSS - ok

16:15:11.0203 1044 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

16:15:11.0218 1044 w32time - ok

16:15:11.0296 1044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:15:11.0296 1044 Wanarp - ok

16:15:11.0312 1044 Wave UCSPlus - ok

16:15:11.0453 1044 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

16:15:11.0468 1044 WaveEnrollmentService - ok

16:15:11.0500 1044 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

16:15:11.0500 1044 WaveFDE - ok

16:15:11.0531 1044 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

16:15:11.0546 1044 WavxDMgr - ok

16:15:11.0578 1044 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

16:15:11.0578 1044 WDC_SAM - ok

16:15:11.0625 1044 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

16:15:11.0640 1044 Wdf01000 - ok

16:15:11.0656 1044 WDICA - ok

16:15:11.0718 1044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:15:11.0718 1044 wdmaud - ok

16:15:11.0750 1044 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

16:15:11.0750 1044 WebClient - ok

16:15:11.0812 1044 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:15:11.0843 1044 winachsf - ok

16:15:11.0968 1044 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

16:15:11.0968 1044 winmgmt - ok

16:15:12.0031 1044 wltrysvc - ok

16:15:12.0078 1044 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

16:15:12.0078 1044 WmdmPmSN - ok

16:15:12.0125 1044 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

16:15:12.0140 1044 Wmi - ok

16:15:12.0234 1044 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:15:12.0234 1044 WmiAcpi - ok

16:15:12.0296 1044 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:15:12.0312 1044 WmiApSrv - ok

16:15:12.0390 1044 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

16:15:12.0421 1044 WMPNetworkSvc - ok

16:15:12.0718 1044 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:15:12.0812 1044 WPFFontCache_v0400 - ok

16:15:12.0859 1044 WSearch - ok

16:15:12.0921 1044 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

16:15:12.0937 1044 wuauserv - ok

16:15:13.0015 1044 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:15:13.0031 1044 WudfPf - ok

16:15:13.0062 1044 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:15:13.0078 1044 WudfRd - ok

16:15:13.0125 1044 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

16:15:13.0125 1044 WudfSvc - ok

16:15:13.0312 1044 WYNIT (71fd245a4dca081d570eeeeff0f4d45f) C:\Navision\2009 SP1\Application Server\nassql.exe

16:15:13.0390 1044 WYNIT - ok

16:15:13.0531 1044 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

16:15:13.0593 1044 WZCSVC - ok

16:15:13.0828 1044 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

16:15:13.0843 1044 xmlprov - ok

16:15:13.0953 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

16:15:14.0109 1044 \Device\Harddisk0\DR0 - ok

16:15:14.0125 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

16:15:14.0125 1044 \Device\Harddisk1\DR3 - ok

16:15:14.0156 1044 Boot (0x1200) (ff4f97aa9f8e4394fbaf9eb0d198a6c0) \Device\Harddisk0\DR0\Partition0

16:15:14.0156 1044 \Device\Harddisk0\DR0\Partition0 - ok

16:15:14.0187 1044 Boot (0x1200) (f7aa2af5924cdda0bbd13a2472ae584a) \Device\Harddisk1\DR3\Partition0

16:15:14.0187 1044 \Device\Harddisk1\DR3\Partition0 - ok

16:15:14.0187 1044 ============================================================

16:15:14.0187 1044 Scan finished

16:15:14.0187 1044 ============================================================

16:15:14.0234 1084 Detected object count: 0

16:15:14.0234 1084 Actual detected object count: 0

16:15:30.0265 0792 Deinitialize success

GMER - first run:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-05-09 01:34:12

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160823ASG rev.3.ADD

Running: jypgrepg.exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypob.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B9143D20

---- EOF - GMER 1.0.15 ----

GMER - second run:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-05-09 01:38:40

Windows 5.1.2600 Service Pack 3

Running: jypgrepg.exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypob.sys

---- Modules - GMER 1.0.15 ----

Module PBADRV.sys (PBA Support Driver/Dell Inc) F7647000-F7652000 (45056 bytes)

Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) BA679000-BA6A1000 (163840 bytes)

Module \SystemRoot\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corp.) BA566000-BA679000 (1126400 bytes)

Module \SystemRoot\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) BA53B000-BA566000 (176128 bytes)

Module \SystemRoot\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.) BA517000-BA53B000 (147456 bytes)

Module \SystemRoot\system32\DRIVERS\dne2000.sys (Deterministic Network Enhancer/Deterministic Networks, Inc.) BA49C000-BA4BB000 (126976 bytes)

Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F77A7000-F77AC000 (20480 bytes)

Module \SystemRoot\system32\DRIVERS\SSLDrv.sys (SonicWALL SSL-VPN NetExtender driver for Windows./SonicWALL Inc.) BA7B6000-BA7BA000 (16384 bytes)

Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF012000-BF059000 (290816 bytes)

Module \??\C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypob.sys (GMER) B9160000-B9179000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Documents and Settings\jerryw\Desktop\jypgrepg.exe 808

Library C:\Documents and Settings\jerryw\Desktop\jypgrepg.exe 0x00400000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1400

Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x01B30000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 1676

Library C:\WINDOWS\system32\wvauth.dll (Authentication Package/Wave Systems Corp.) 0x10000000

Library C:\WINDOWS\system32\biolsp.dll (BioLsp/Wave Systems Corp.) 0x00960000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.2 r202/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc

Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] AliIde

Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [DISABLED] amdagp

Service C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.) [MANUAL] ApfiltrService

Service C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (App Support Driver/Dell Inc) [sYSTEM] APPDRV

Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [DISABLED] asc

Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [DISABLED] asc3550

Service C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom ASF IP and SMBIOS Mailbox Monitor/Broadcom Corporation) [AUTO] ASFIPmon

Service ATSWPDRV

Service C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) [MANUAL] b57w2k

Service C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom NetDetect Driver./Broadcom Corporation) [AUTO] BASFND

Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corp.) [MANUAL] BCM43XX

Service BCMLogon

Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] CmdIde

Service C:\WINDOWS\system32\DRIVERS\ctxusbm.sys (Citrix USB Filter Driver/Citrix Systems, Inc.) [sYSTEM] ctxusbm

Service C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems VPN Adapter/Cisco Systems, Inc.) [MANUAL] CVirtA

Service C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems VPN Client/Cisco Systems, Inc.) [AUTO] CVPND

Service C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems VPN Client IPSec Driver/Cisco Systems, Inc.) [AUTO] CVPNDRVA

Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [DISABLED] dac2w2k

Service C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Network Enhancer/Deterministic Networks, Inc.) [MANUAL] DNE

Service DTSPipeline

Service C:\WINDOWS\system32\drivers\dxec01.sys (dxec01.sys/Knowles Acoustics) [MANUAL] DXEC01

Service C:\WINDOWS\system32\DRIVERS\e100b325.sys (NDIS 5 driver/Intel Corporation) [MANUAL] E100B

Service C:\WINDOWS\System32\Drivers\oz776.sys (O2Micro USB CCID SmartCard Reader/O2Micro) [MANUAL] guardian2

Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus

Service C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE (PortResolver Module/Hewlett-Packard Company) [MANUAL] HP Port Resolver

Service C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (HP Status Server Module/Hewlett-Packard Company) [MANUAL] HP Status Server

Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL

Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV

Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk

Service C:\Navision\2009 [AUTO] MicrosoftDynamicsNAVServer$NAV2

Service C:\Navision\2009 [AUTO] MicrosoftDynamicsNAVServer$NAV3

Service C:\Navision\2009 [AUTO] MicrosoftDynamicsNAVServer$NAV4

Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [DISABLED] mraid35x

Service MSDTC Bridge 3.0.0.0

Service MSDTC Bridge 4.0.0.0

Service C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Internal Network Card Power Management Service/Dell Inc.) [AUTO] NICCONFIGSVC

Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.19 /NVIDIA Corporation) [MANUAL] nv

Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 101.19/NVIDIA Corporation) [AUTO] NVSvc

Service Outlook

Service C:\WINDOWS\system32\DRIVERS\PBADRV.sys (PBA Support Driver/Dell Inc) [bOOT] PBADRV

Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink

Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1080

Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql12160

Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv

Service C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Secure Storage Service/Wave Systems Corp.) [MANUAL] SecureStorageService

Service ServiceModelEndpoint 3.0.0.0

Service ServiceModelEndpoint 4.0.0.0

Service ServiceModelOperation 3.0.0.0

Service ServiceModelOperation 4.0.0.0

Service ServiceModelService 3.0.0.0

Service ServiceModelService 4.0.0.0

Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [DISABLED] sisagp

Service SMSvcHost 3.0.0.0

Service SMSvcHost 4.0.0.0

Service C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL NetExtender Windows NT Service/SonicWALL Inc.) [AUTO] SONICWALL_NetExtender

Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation) [MANUAL] SONYPVU1

Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [DISABLED] Sparrow

Service C:\WINDOWS\system32\DRIVERS\SSLDrv.sys (SonicWALL SSL-VPN NetExtender driver for Windows./SonicWALL Inc.) [MANUAL] SSLDrv

Service C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe (STacSV Module/SigmaTel, Inc.) [AUTO] STacSV

Service C:\WINDOWS\system32\drivers\sthda.sys (NDRC/SigmaTel, Inc.) [MANUAL] STHDA

Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [DISABLED] symc810

Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] symc8xx

Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] sym_hi

Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [DISABLED] sym_u3

Service C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [AUTO] tcsd_win32.exe

Service TcUsb

Service C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Tdm Service/Wave Systems Corp.) [AUTO] TdmService

Service System32\drivers\ober.sys [bOOT] tlnrj

Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) [DISABLED] ultra

Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] ViaIde

Service C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (VPN Agent Service/Cisco Systems, Inc.) [AUTO] vpnagent

Service C:\WINDOWS\system32\DRIVERS\vpnva.sys (Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows/Cisco Systems, Inc.) [MANUAL] vpnva

Service C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) [MANUAL] vsdatant

Service C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (WaveEnrollemntService/Wave Systems Corp.) [MANUAL] WaveEnrollmentService

Service C:\WINDOWS\system32\DRIVERS\WaveFDE.sys (WaveFDE Device Driver/Windows ® Codename Longhorn DDK provider) [MANUAL] WaveFDE

Service C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys (WavX Document Manager Filter Driver/Wave Systems Corp.) [AUTO] WavxDMgr

Service C:\WINDOWS\system32\DRIVERS\wdcsam.sys (WD SCSI Architecture Model (SAM) driver/Western Digital Technologies) [MANUAL] WDC_SAM

Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf

Service Windows Workflow Foundation 3.0.0.0

Service Windows Workflow Foundation 4.0.0.0

Service C:\WINDOWS\System32\WLTRYSVC.EXE [AUTO] wltrysvc

Service WSearchIdxPi

---- EOF - GMER 1.0.15 ----

THANKS! :)

Link to post
Share on other sites

No, I was sure you understood, so was just helping with time issues.

The mystery driver seems to not show now, so it's looks safe to run an aggressive repair scan. Doing good there so far.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

Link to post
Share on other sites

Here are the results of the scan. I hope that I didn't do the wrong thing. I have quite a few things in my startup and when the PC was coming up after the last reboot they were starting, so I exited from them as I could. So, at those times I was touching the mouse/keyboard. How are we looking?

BTW - Thanks again and again! :)

ComboFix 12-05-09.01 - jerryw 05/09/2012 21:03:06.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3044 [GMT -5:00]

Running from: c:\documents and settings\jerryw\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\jerryw\g2mdlhlpx.exe

c:\documents and settings\jerryw\System

c:\documents and settings\jerryw\System\win_qs8.jqx

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\EventSystem.log

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\mrxsmb.dll

c:\windows\system32\SET4A9.tmp

c:\windows\system32\SET4AD.tmp

c:\windows\system32\SET4B5.tmp

c:\windows\system32\test

c:\windows\system32\traprcvr.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NETWORKLOG

.

.

((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))

.

.

2012-05-10 02:27 . 2012-05-10 02:27 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-05-07 17:03 . 2012-05-07 17:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\jerryw\Application Data\Malwarebytes

2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-01 17:02 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-01 14:04 . 2012-05-01 18:01 -------- d-----w- c:\documents and settings\jerryw\Application Data\Kiwefa

2012-05-01 14:04 . 2012-05-01 14:04 -------- d-----w- c:\documents and settings\jerryw\Application Data\Ebfed

2012-04-25 15:08 . 2012-04-25 15:08 -------- d-----w- c:\documents and settings\jerryw\Local Settings\Application Data\Cisco

2012-04-13 15:09 . 2012-04-13 15:09 230808 ----a-r- c:\windows\cpnprt2.cid

2012-04-13 15:09 . 2012-04-13 15:09 230808 ------w- c:\windows\system32\cpnprt2.cid

2012-04-13 15:09 . 2012-04-13 15:09 -------- d-----w- c:\program files\Coupons

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-10 02:28 . 2012-04-05 19:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-10 02:28 . 2011-05-20 18:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-10 02:27 . 2008-04-19 04:31 0 ----a-w- c:\documents and settings\jerryw\Local Settings\Application Data\WavXMapDrive.bat

2012-05-07 17:04 . 2004-08-04 04:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]

"nwiz"="nwiz.exe" [2007-05-31 1626112]

"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]

"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 710528]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

.

c:\documents and settings\jerryw\Start Menu\Programs\Startup\

370b - TimeKeeper.lnk - c:\navision\370b\TimeKeeper\fin.exe [2008-6-24 5167928]

Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2011-8-3 12997488]

Navision Shortcuts.lnk - f:\wit\Navision Shortcuts [2011-12-8] [Folder]

Shortcut to Navision Shortcuts.lnk - c:\navision\Navision Shortcuts [2008-6-23] [Folder]

SQL2005 Service Manager.lnk - c:\documents and settings\jerryw\Application Data\Microsoft\Installer\{4FAF7E5F-6A13-4FFB-9534-4A60A12136ED}\_929D0F3838C75D34D4C025.exe [2010-3-11 318]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-4 50688]

VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2012-4-5 6144]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Navision\\370b\\TimeKeeper\\AtDebug.exe"=

"c:\\Navision\\400 SP3\\Client2\\AtDebug.exe"=

"c:\\Navision\\500 SP1\\AtDebug.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Navision\\400 SP3\\AtDebug.exe"=

"f:\\WIT\\WIT Timekeeper\\AtDebug.exe"=

"c:\\Navision\\500 SP1\\Client2\\AtDebug.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Navision\\370b\\AtDebug.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\jerryw\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Navision\\2009 SP1\\Classic\\AtDebug.exe"=

"c:\\Navision\\2009 SP1\\Classic\\Client2\\AtDebug.exe"=

"c:\\Navision\\2009 R2\\Classic\\AtDebug.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"%windir%\explorer.exe"= %windir%\explorer.exe

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]

R2 MicrosoftDynamicsNAVServer$NAV2;Microsoft Dynamics NAV Server Instance 2;c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 --> c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 [?]

R2 MicrosoftDynamicsNAVServer$NAV3;Microsoft Dynamics NAV Server Instance 3;c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 --> c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 [?]

R2 MicrosoftDynamicsNAVServer$NAV4;Microsoft Dynamics NAV Server Instance 4;c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 --> c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 [?]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 2:32 PM 592120]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]

R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]

S0 tlnrj;tlnrj;c:\windows\system32\drivers\ober.sys --> c:\windows\system32\drivers\ober.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 2:24 PM 257696]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 WYNIT;Application Server for Microsoft Dynamics NAV WYNIT;c:\navision\2009 SP1\Application Server\nassql.exe [8/26/2011 2:34 PM 2352464]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

LVVI500A

SE2Ebus

unlockerdriver5

spcflt

iolo_srv

Shockprf

{834170a7-af3b-4d34-a757-e05eb29ee96d}

ikhfile

AEADIFilters

Packet

plscsi

Bcim

clientservice

db2governor

TeamViewer

USBCCID

com4qlb

avg7core

ibmfilter

dashsvc

ibmpmsvc

dpfusmgr

lfsfilt

v124

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:30]

.

2012-05-10 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-07 12:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://connect.jcehrlich.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://downloads.freehandmusic.com/soleromusiccontrol.cab

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://67.134.35.205/MLWebCacheCleaner.cab

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-28707618.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-09 21:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1800)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(236)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Microsoft Virtual PC\VPCShExH.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe

c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Apoint\ApMsgFwd.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\stsystra.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Apoint\HidFind.exe

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\Citrix\ICA Client\wfcrun32.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe

c:\windows\system32\msdtc.exe

c:\program files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

c:\windows\system32\SearchProtocolHost.exe

.

**************************************************************************

.

Completion time: 2012-05-09 21:35:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-10 02:35

.

Pre-Run: 28,327,866,368 bytes free

Post-Run: 30,276,120,576 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 4F564BD06C9990D099D569BEC851803D

Link to post
Share on other sites

On the other hand, my mention of volunteer time does not include me just wandering off from an active thread like this, so feel free to PM me if it occurs again.

ComboFix does seem to have picked up an unknown service, so let's address that.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

-------------

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

Browser Address Error Redirector - Dell installed search hijacker.

Coupon Printer for Windows - long negative history - see here

SearchAssist - Dell installed search hijacker.

-------------------

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

KillAll::
Driver::
tlnrj
Rootkit::
c:\windows\system32\drivers\ober.sys
NetSvc::
iolo_srv
avg7core

Save this to your desktop as CFScript.txt

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

Link to post
Share on other sites

I don't know what "feel free to PM me" means?

I found and removed:

Browser Address Error Redirector

Coupon Printer for Windows

SearchAssist

When ComboFix ran, (I ran it over night) I came back to find a message about page size. It could not finish the reboot that it was doing, so I ended up turningboot off the power and then after turning the power back on, rebooted into safe mode. It appeared to finish the ComboFix tasks. Here is the log:

ComboFix 12-05-12.01 - jerryw 05/12/2012 21:36:01.2.2 - x86

Running from: c:\documents and settings\jerryw\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\jerryw\Desktop\CFScript.txt

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_tlnrj

.

.

((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))

.

.

2012-05-07 17:03 . 2012-05-07 17:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\jerryw\Application Data\Malwarebytes

2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-01 17:02 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-01 14:04 . 2012-05-01 18:01 -------- d-----w- c:\documents and settings\jerryw\Application Data\Kiwefa

2012-05-01 14:04 . 2012-05-01 14:04 -------- d-----w- c:\documents and settings\jerryw\Application Data\Ebfed

2012-04-25 15:08 . 2012-04-25 15:08 -------- d-----w- c:\documents and settings\jerryw\Local Settings\Application Data\Cisco

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-13 02:14 . 2008-04-19 04:31 0 ----a-w- c:\documents and settings\jerryw\Local Settings\Application Data\WavXMapDrive.bat

2012-05-10 02:28 . 2012-04-05 19:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-10 02:28 . 2011-05-20 18:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-07 17:04 . 2004-08-04 04:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-10_02.27.06 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]

"nwiz"="nwiz.exe" [2007-05-31 1626112]

"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]

"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 710528]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

.

c:\documents and settings\jerryw\Start Menu\Programs\Startup\

370b - TimeKeeper.lnk - c:\navision\370b\TimeKeeper\fin.exe [2008-6-24 5167928]

Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2011-8-3 12997488]

Navision Shortcuts.lnk - f:\wit\Navision Shortcuts [2011-12-8] [Folder]

Shortcut to Navision Shortcuts.lnk - c:\navision\Navision Shortcuts [2008-6-23] [Folder]

SQL2005 Service Manager.lnk - c:\documents and settings\jerryw\Application Data\Microsoft\Installer\{4FAF7E5F-6A13-4FFB-9534-4A60A12136ED}\_929D0F3838C75D34D4C025.exe [2010-3-11 318]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-4 50688]

VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2012-4-5 6144]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Navision\\370b\\TimeKeeper\\AtDebug.exe"=

"c:\\Navision\\400 SP3\\Client2\\AtDebug.exe"=

"c:\\Navision\\500 SP1\\AtDebug.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Navision\\400 SP3\\AtDebug.exe"=

"f:\\WIT\\WIT Timekeeper\\AtDebug.exe"=

"c:\\Navision\\500 SP1\\Client2\\AtDebug.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Navision\\370b\\AtDebug.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\jerryw\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Navision\\2009 SP1\\Classic\\AtDebug.exe"=

"c:\\Navision\\2009 SP1\\Classic\\Client2\\AtDebug.exe"=

"c:\\Navision\\2009 R2\\Classic\\AtDebug.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"%windir%\explorer.exe"= %windir%\explorer.exe

.

R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]

S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 MicrosoftDynamicsNAVServer$NAV2;Microsoft Dynamics NAV Server Instance 2;c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 --> c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 [?]

S2 MicrosoftDynamicsNAVServer$NAV3;Microsoft Dynamics NAV Server Instance 3;c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 --> c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 [?]

S2 MicrosoftDynamicsNAVServer$NAV4;Microsoft Dynamics NAV Server Instance 4;c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 --> c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 [?]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 2:32 PM 592120]

S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 2:24 PM 257696]

S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S3 WYNIT;Application Server for Microsoft Dynamics NAV WYNIT;c:\navision\2009 SP1\Application Server\nassql.exe [8/26/2011 2:34 PM 2352464]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MDMXSDK

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

LVVI500A

SE2Ebus

unlockerdriver5

spcflt

Shockprf

{834170a7-af3b-4d34-a757-e05eb29ee96d}

ikhfile

AEADIFilters

Packet

plscsi

Bcim

clientservice

db2governor

TeamViewer

USBCCID

com4qlb

ibmfilter

dashsvc

ibmpmsvc

dpfusmgr

lfsfilt

v124

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:30]

.

2012-05-13 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-07 12:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://connect.jcehrlich.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://downloads.freehandmusic.com/soleromusiccontrol.cab

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://67.134.35.205/MLWebCacheCleaner.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-13 12:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1672)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(1476)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2012-05-13 12:41:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-13 17:41

ComboFix2.txt 2012-05-10 02:35

.

Pre-Run: 29,941,256,192 bytes free

Post-Run: 34,212,016,128 bytes free

.

- - End Of File - - D680AFEB330CFDBF383C79B40554750C

Link to post
Share on other sites

ComboFix did take out an unknown service. ComboFix is a heavy resource user, so not sure if it was competing with something else using a lot of cpu time, or just the Virtual settings having a limit on them.

In normal mode, open Task Manager (Ctrl - Alt - Delete). Under the Processes tab, CPU header, see if you can ID anything that shows constant high activity. Post back on anything you notice.

Also go to Start - Settings - Control Panel. Click the System icon, Advanced tab, Performance - Settings Button. Advanced tab, Virtual Memory Change button.

If it is set to "Custom size", place a tick next to "System managed size", then click the Set button. Then click OK/Apply to save those settings and close the display. You will need to reboot to complete the changes, but post back on any high cpu use programs for now.

Link to post
Share on other sites

That pic shows a lot of server functions on that system. Do you know what program relies on all that? Like this program:

Mexican Module for Microsoft Dynamics NAV Classic Client

------------

Indexing files on an XP system is really not very helpful, and uses too much cpu time.

Click My Computer. Right click your C drive, and select Properties. Uncheck:

Allow Indexing Service to index this disk for fast file searching

Then click Apply/OK. After a reboot check if that process still shows.

----------------

Let's check now to make sure we got everything.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform quick scan", then click Scan.

* The scan may take some time to finish,so please be patient.

* When the scan is complete, click OK, then Show Results to view the results.

* Make sure that everything is checked, and click Remove Selected.

* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.

* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats

Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.

Link to post
Share on other sites

Following is the Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.14.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

jerryw :: JERRYW08 [administrator]

5/14/2012 11:36:39 AM

mbam-log-2012-05-14 (11-36-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 235962

Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Following is the Log from esetsmartinstaller_enu Theats.txt:

C:\Documents and Settings\jerryw\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Edu.jar-10d0f3f8-76d69ded.zip Java/Exploit.Agent.NBH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\mrxsmb.dll.vir Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\traprcvr.dll.vir Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1298\A0068549.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1298\A0069549.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1298\A0069677.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1298\A0069678.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\07.05.2012_11.55.40\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\07.05.2012_11.55.40\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\07.05.2012_11.55.40\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\07.05.2012_11.55.40\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined

Thanks again!! :)

Link to post
Share on other sites

Spammers slip by the forum's methods meant to block them, so sometimes get an opportunity to pester folks. But I have been informed that sppamer has been dealt with.

The logs look just fine. Eset shows some Java function that may/may not have been a source of infection, then everything else it located is either held harmless in ComboFix's or TDSSkiller's quarantines, and the rest also was held harmless in System Restore. We will be clearing out those quarantines shortly, but for right now, post back on any problems we still need to address please.

Link to post
Share on other sites

ummmm...

not to sound stupid - - but what should I be watching for?

The fan doesn't run excessively anymore. That's a good thing. :)

But I don't know how to tell that I'm infected other than the results of your tools. Initially, the thing that allerted me was wierd errors and Internet explorer misbehaving. I haven't noticed either of those today.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.