Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #16  
Old May 29th, 2012, 12:55 PM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
Gmer2

ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\java.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\java.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\java.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\java.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\java.exe[1416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\java.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0CFE0804
.text C:\WINDOWS\system32\java.exe[1416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 0CFE0A08
.text C:\WINDOWS\system32\java.exe[1416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 0CFE0600
.text C:\WINDOWS\system32\java.exe[1416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 0CFE01F8
.text C:\WINDOWS\system32\java.exe[1416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0CFE03FC
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1672] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\explorer.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\explorer.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\explorer.exe[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\explorer.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\explorer.exe[1820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\explorer.exe[1820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\explorer.exe[1820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\explorer.exe[1820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\explorer.exe[1820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\explorer.exe[1820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\taskmgr.exe[2280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\taskmgr.exe[2280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\taskmgr.exe[2280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\taskmgr.exe[2280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\taskmgr.exe[2280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\taskmgr.exe[2280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\taskmgr.exe[2280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\taskmgr.exe[2280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\taskmgr.exe[2280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\taskmgr.exe[2280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[2420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[2420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[2420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA0804
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AA0A08
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AA0600
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AA01F8
.text C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe[2448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AA03FC
.text C:\WINDOWS\system32\wscntfy.exe[3628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[3628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[3628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[3628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[3628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[3628] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[3628] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[3628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85F55598

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs HFXP2.SYS (Hide Folders XP driver/FSPro Labs)
AttachedDevice \FileSystem\Ntfs \Ntfs XMS1563K.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Reply With Quote


  #17  
Old May 29th, 2012, 12:55 PM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
Gmer3

Device \Driver\Cdrom \Device\CdRom0 85CB87B8
Device \FileSystem\Rdbss \Device\FsWrap 85D27BF8
Device \Driver\atapi \Device\Ide\IdePort0 85C68108
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 85C68108
Device \Driver\atapi \Device\Ide\IdePort1 85C68108
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 85C68108
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 85C68108
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 85C68108
Device \Driver\Cdrom \Device\CdRom1 85CB87B8
Device \Driver\Cdrom \Device\CdRom2 85CB87B8
Device \FileSystem\Srv \Device\LanmanServer 85CCCD30

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85E1E1E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85E1E1E0
Device \FileSystem\Npfs \Device\NamedPipe 85DA1578
Device \FileSystem\Msfs \Device\Mailslot 85CA4338
Device \Driver\Vax347s \Device\Scsi\Vax347s1 85D42CA8
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 85D42CA8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 85D63258
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 85D63258
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 85D63258
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 85D63258
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 85D63258
Device \FileSystem\Cdfs \Cdfs 85E43640

---- Modules - GMER 1.0.15 ----

Module _________ F75F1000-F7609000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Con fig\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSyvpa.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSyvpa.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSSmcfp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSallf.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSSmrxw.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSjono.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSuxrr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSdcce.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSckhc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSkhfp.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSguyp.log
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Services\MRxDAV\Encrypte dDirectories@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sys tem
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sys tem@OODEFRAG08.00.00.01WORKSTATION 121C1288A9CDCCB863EE76A3C1F38718E8011CDCF4BB971259 7C13BED936C5D9F4806681D320AD3A0F7E73EAE565A2DDAC6C DD0896FCAC6927C5082DDD9189EEEFD9A9CCAB79C623D26D65 9CFBFBE170D7ADFD87F1F089CDA86912F4132158ED8B2C6B5A 8385B5BC6E965CA3DB4AB3A886112F6389AD8B4370CBA3DBC5 20A1A9F31280CD0F441B43C968ADA1C4B588CFF6FAE5DB479B 16C03864F35D279B5765FB38007DE80A1CEA6DE3F2FEBC9E12 7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B ECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6 E6675D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B98 08569E04CD9C911AEF742235EDE289196F6256516B069F690A B06B0DD6CA978FBF1AEB9B111E0E15DC1581EA9B0F0266CFB5 C3AA861E750499659A2560D88D0350E9B566BE46595EAA3489 36D6A211149C06E3E0A26CF89C886A104F9543C5A3FE77846C 65901C9A87612C63DD05979F876033254E68E6242969EC3F76 AF7474DD29C38712EEA505E9DF3E1271189C1587860F7B1B7B 9E1C913EB9008434728EC3984566DAC7636987287934D4A9C9 1753EBB9BB1D06219C9B7CE2EEC7DDB91E4D953B8C56F06D29 5D657B945182EB5B6AB95A15705B97516669363E49AB6BE259 2140501F3AF93A2CF7C4CCB4DB75AE0C4B7B063040CAF852FC 67F21993CAB20A7450DBD66
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sys tem@OODEFRAG10.00.00.01WORKSTATION 96A556B27E2998DFE72204553F731BBC1E46CD463211EC1FEF 5E6D63332BDEA5D50691B75458D44498F3DB7EF6D010E5719E FA656C828B57B738C9A4B769630F1BEAFE6B473B54BC7BEF74 9556E8C0A1BDF776344BE3CD4DC0D925E7B2429192D9986D08 462543E061BC84197EF790615572FB993F7EF464037F679889 AD1FA6490C0C1CC359F2DF66B0A35D93328C24D3E030CD3D92 6213381C5B7220186B57E470EE8A3A9158FA6356D00A403CE0 83934D975DC1529DE55DD3310963E0F3C56B2C8F0C23F90C85 79EE6C9AAD315F27B8F49EA947E4517B36017BC0C0FEBC9E12 7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B ECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC 7933FEBC9E127BECC74C9DB7CE019D40AA5C8EDD5E5BE2F6E6 675DA782462FEE2A0DDF88308357B617871462A7EC3C84FDFB E6CA7C21D9F4EF0A8E52F096AC683F55549A1A0D6967DEF1B3 06E809840F876EC3687664039AB270F85DA36C9E7060D02B19 8E10BDC8B05B755ACD9F355CCE8F645E8396DEABA3F76E71BD 0279C9E594C284256864C86BCB675A82CA1D23D67420C186B3 19458BEAB3DDF4D2669AFC3AED850A31233440CC07A6C5E9BE 7975B945C9F47A12E806960494922142EC275F75E4FBCFF3C0 34EDCA846E20D0DB58FE95D557EF5D7B03C90CA9F5F29CB0B8 269214CEE7838422C119D86
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ Internet Explorer User Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{b587e2b1-4d59-4e7e-aed9-22b9df11d053}@ 802.3 Group Policy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{b587e2b1-4d59-4e7e-aed9-22b9df11d053}@DisplayName @dot3gpclnt.dll,-100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{b587e2b1-4d59-4e7e-aed9-22b9df11d053}@ProcessGroupPolicyEx ProcessLANPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{b587e2b1-4d59-4e7e-aed9-22b9df11d053}@GenerateGroupPolicy GenerateLANPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{b587e2b1-4d59-4e7e-aed9-22b9df11d053}@DllName dot3gpclnt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{b587e2b1-4d59-4e7e-aed9-22b9df11d053}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{b587e2b1-4d59-4e7e-aed9-22b9df11d053}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application) ?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ Internet Explorer Machine Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t@ASPNET 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{D1AA1E46-D566-8884-5CC2-FC7041C0768F}

---- Files - GMER 1.0.15 ----

File C:\SYZ_DAT 0 bytes
File C:\SYZ_DAT\ali.exe 28672 bytes executable
File C:\SYZ_DAT\cdlock.dll 49152 bytes executable
File C:\SYZ_DAT\cpy.exe 32768 bytes executable
File C:\SYZ_DAT\dirlist 274 bytes
File C:\SYZ_DAT\dirlist_bak 274 bytes
File C:\SYZ_DAT\DL.BAK 274 bytes
File C:\SYZ_DAT\EMF_Decrypt.exe 126976 bytes executable
File C:\SYZ_DAT\fldrvw61.ocx 417792 bytes
File C:\SYZ_DAT\install.exe 1089536 bytes executable
File C:\SYZ_DAT\magic.exe 24576 bytes executable
File C:\SYZ_DAT\mf.chm 33137 bytes
File C:\SYZ_DAT\mf.txx 24990 bytes
File C:\SYZ_DAT\mfx 52076 bytes executable
File C:\SYZ_DAT\MFX.CFG 104 bytes
File C:\SYZ_DAT\mfx_cfg.org 100 bytes
File C:\SYZ_DAT\readme.txt 3162 bytes
File C:\SYZ_DAT\systray.exe 32768 bytes executable
File C:\SYZ_DAT\tb.exe 24576 bytes executable
33724721 bytes

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #18  
Old May 30th, 2012, 12:31 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,371
I need to see what all is installed there, to help interpret what that Gmer log shows.

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Reply With Quote
  #19  
Old May 30th, 2012, 04:16 AM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
HiJack this log

Jintan:
Here is the log.
8:11 PM 5/29/2012Adobe Acrobat 7.0 Professional
Adobe Download Manager
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Illustrator CS2
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Aide PDF to DXF Converter 9.5
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 5.5
AT&T Self Support Tool
AT&T Yahoo! Applications
AudibleManager
AutoCAD 2000
AutoCAD DWG to PDF Converter v6.9.2
Autodesk Learning Assistance
Autodesk Revit Building 8
avast! Free Antivirus
AWU254 Wireless Client Utility
BroadJump Client Foundation
CCleaner
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Corel Applications
Critical Update for Windows Media Player 11 (KB959772)
EasyCleaner
ESET Online Scanner v3
Event Planner
EVEREST Ultimate Edition v3.01
Google Update Helper
Hallmark Card Studio 2005
Hallmark Card Studio 2009 Deluxe
Hide Folders XP 2.3 for Windows 2000/XP
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp instant support
HP Photo and Imaging 2.0 - All-in-One Series
HP Photo and Imaging 2.0 - All-in-One Series Drivers
hp psc 2200 series
HSP56 Modem Drivers
HyperCam 2
IsoBuster 2.0
Java DB 10.2.2.0
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access Runtime (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 2.0 Runtime
MP3 To Ringtone Gold 3.18
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4SP2
Nikon Message Center
Nikon Transfer
OA LodgeMaster Desktop 2.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Paint.NET v3.36
Panda ActiveScan 2.0
PC Connectivity Solution
Pool (remove only)
PowerISO
PowerQuest PartitionMagic 8.0
ProSavageDDR and Utilities
QuickTime
Readiris 7.5
Registry Mechanic 6.0
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Service Pack 2 for SQL Server 2008 (KB2285068)
SonicStage 4.3
Sony USB Driver
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware Free Edition
System Explorer 2.3.7
The Print Shop 20
UltimateDefrag
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VIA Audio Driver Setup Program
VideoLAN VLC media player 0.8.4a
Visual IP InSight(SBC)
WD SmartWare
WebEx Support Manager for Internet Explorer
WexTech AnswerWorks
WinAce Archiver
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinLINE Classic V8
WinRAR archiver
WinZip

Thanks
Reply With Quote
  #20  
Old May 31st, 2012, 01:03 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,371
Tough call. I assume PC Connectivity Solution is actually a lot of the rarely seen functions Gmer shows, and again just a lot of Avast. Not seeing what yet is responsible for this though:

---- Modules - GMER 1.0.15 ----

Module _________ F75F1000-F7609000 (98304 bytes)

Some unknown driver.

You have a lot of msconfig disabled services, which we will need to address at some point.

-----------


Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\
  00,00
Open Notepad (Start - Run, type Notepad then press OK), and copy the text in the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixit.reg"

Be sure to include the "" quotes in the name.

Then right click fixit.reg, select Merge, and allow it to merge the new information with the Registry.

-----------

Open TDSSKiller again. When the scan opens, click Change parameters, then place a check next to:

Detect TDLFS file system, and click OK. Then click Start Scan. Post that new log back here please.

------------

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Last edited by Jintan; May 31st, 2012 at 01:06 AM.
Reply With Quote
  #21  
Old May 31st, 2012, 02:42 AM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
TDSS log

Ritan: Ran the scan and it found 1 threat, I didn't do anything with it.
Here is the log
18:33:04.0562 3572 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:33:05.0593 3572 ================================================== ==========
18:33:05.0593 3572 Current date / time: 2012/05/30 18:33:05.0593
18:33:05.0593 3572 SystemInfo:
18:33:05.0593 3572
18:33:05.0593 3572 OS Version: 5.1.2600 ServicePack: 3.0
18:33:05.0593 3572 Product type: Workstation
18:33:05.0593 3572 ComputerName: DADS
18:33:05.0593 3572 UserName: Owner
18:33:05.0593 3572 Windows directory: C:\WINDOWS
18:33:05.0593 3572 System windows directory: C:\WINDOWS
18:33:05.0593 3572 Processor architecture: Intel x86
18:33:05.0593 3572 Number of processors: 1
18:33:05.0593 3572 Page size: 0x1000
18:33:05.0593 3572 Boot type: Normal boot
18:33:05.0593 3572 ================================================== ==========
18:33:07.0718 3572 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:33:07.0734 3572 Drive \Device\Harddisk1\DR1 - Size: 0x1805E2000 (6.01 Gb), SectorSize: 0x200, Cylinders: 0x310, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:33:07.0828 3572 ================================================== ==========
18:33:07.0828 3572 \Device\Harddisk0\DR0:
18:33:07.0843 3572 MBR partitions:
18:33:07.0843 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x975A998
18:33:07.0843 3572 \Device\Harddisk1\DR1:
18:33:07.0843 3572 MBR partitions:
18:33:07.0843 3572 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC02ED1
18:33:07.0843 3572 ================================================== ==========
18:33:07.0906 3572 C: <-> \Device\Harddisk0\DR0\Partition0
18:33:07.0953 3572 F: <-> \Device\Harddisk1\DR1\Partition0
18:33:07.0984 3572 ================================================== ==========
18:33:07.0984 3572 Initialize success
18:33:07.0984 3572 ================================================== ==========
18:33:37.0250 3888 ================================================== ==========
18:33:37.0250 3888 Scan started
18:33:37.0250 3888 Mode: Manual; TDLFS;
18:33:37.0250 3888 ================================================== ==========
18:33:37.0703 3888 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:33:37.0765 3888 !SASCORE - ok
18:33:38.0890 3888 a2free (160270fb6706b45392b3c20753bef1a9) C:\Program Files\a2 free\a2service.exe
18:33:39.0703 3888 a2free - ok
18:33:40.0203 3888 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:33:40.0218 3888 Aavmker4 - ok
18:33:40.0281 3888 Abiosdsk - ok
18:33:40.0328 3888 abp480n5 - ok
18:33:40.0500 3888 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:33:40.0593 3888 ACPI - ok
18:33:40.0671 3888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:33:40.0687 3888 ACPIEC - ok
18:33:40.0859 3888 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:33:40.0906 3888 Adobe LM Service - ok
18:33:40.0953 3888 adpu160m - ok
18:33:41.0078 3888 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:33:41.0140 3888 aec - ok
18:33:41.0187 3888 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:33:41.0203 3888 AegisP - ok
18:33:41.0265 3888 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
18:33:41.0265 3888 Afc - ok
18:33:41.0375 3888 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:33:41.0453 3888 AFD - ok
18:33:41.0546 3888 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
18:33:41.0562 3888 AFS2K - ok
18:33:41.0609 3888 Aha154x - ok
18:33:41.0687 3888 aic78u2 - ok
18:33:41.0734 3888 aic78xx - ok
18:33:41.0812 3888 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:33:41.0828 3888 Alerter - ok
18:33:41.0890 3888 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:33:41.0937 3888 ALG - ok
18:33:41.0984 3888 AliIde - ok
18:33:42.0031 3888 amsint - ok
18:33:42.0078 3888 AppMgmt - ok
18:33:42.0125 3888 asc - ok
18:33:42.0171 3888 asc3350p - ok
18:33:42.0250 3888 asc3550 - ok
18:33:42.0375 3888 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
18:33:42.0390 3888 Aspi32 - ok
18:33:42.0593 3888 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe
18:33:42.0625 3888 aspnet_state - ok
18:33:42.0718 3888 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:33:42.0734 3888 aswFsBlk - ok
18:33:42.0859 3888 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
18:33:42.0906 3888 aswMon2 - ok
18:33:43.0000 3888 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
18:33:43.0015 3888 aswRdr - ok
18:33:43.0265 3888 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
18:33:43.0453 3888 aswSnx - ok
18:33:43.0687 3888 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
18:33:43.0812 3888 aswSP - ok
18:33:43.0906 3888 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
18:33:43.0921 3888 aswTdi - ok
18:33:43.0968 3888 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:33:43.0984 3888 AsyncMac - ok
18:33:44.0078 3888 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:33:44.0093 3888 atapi - ok
18:33:44.0140 3888 Atdisk - ok
18:33:44.0218 3888 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:33:44.0250 3888 Atmarpc - ok
18:33:44.0343 3888 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:33:44.0375 3888 AudioSrv - ok
18:33:44.0421 3888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:33:44.0437 3888 audstub - ok
18:33:44.0687 3888 Autodesk Licensing Service (32a5defddc3562bf89d73586f5915b34) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
18:33:44.0781 3888 Autodesk Licensing Service - ok
18:33:44.0921 3888 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:33:44.0937 3888 avast! Antivirus - ok
18:33:45.0046 3888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:33:45.0046 3888 Beep - ok
18:33:45.0312 3888 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:33:45.0593 3888 BITS - ok
18:33:45.0703 3888 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:33:45.0750 3888 Browser - ok
18:33:45.0890 3888 catchme - ok
18:33:45.0937 3888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:33:45.0953 3888 cbidf2k - ok
18:33:46.0000 3888 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:33:46.0031 3888 CCDECODE - ok
18:33:46.0078 3888 cd20xrnt - ok
18:33:46.0171 3888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:33:46.0171 3888 Cdaudio - ok
18:33:46.0265 3888 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:33:46.0296 3888 Cdfs - ok
18:33:46.0421 3888 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:33:46.0437 3888 Cdrom - ok
18:33:46.0484 3888 Changer - ok
18:33:46.0562 3888 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:33:46.0578 3888 CiSvc - ok
18:33:46.0671 3888 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:33:46.0687 3888 ClipSrv - ok
18:33:46.0906 3888 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
18:33:47.0093 3888 clr_optimization_v2.0.50727_32 - ok
18:33:47.0281 3888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
18:33:47.0421 3888 clr_optimization_v4.0.30319_32 - ok
18:33:47.0468 3888 CmdIde - ok
18:33:47.0578 3888 CoachAud (3128276503486bff925e8fa57f1c2776) C:\WINDOWS\system32\DRIVERS\CoachAud.sys
18:33:47.0578 3888 CoachAud - ok
18:33:47.0640 3888 CoachUsb - ok
18:33:47.0687 3888 CoachVc - ok
18:33:47.0734 3888 COMSysApp - ok
18:33:47.0828 3888 Cpqarray - ok
18:33:47.0875 3888 crlscsi (e08ac114b931dacafbdd9d5e0b93815c) C:\WINDOWS\system32\drivers\crlscsi.sys
18:33:47.0890 3888 crlscsi - ok
18:33:47.0968 3888 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:33:48.0031 3888 CryptSvc - ok
18:33:48.0078 3888 dac2w2k - ok
18:33:48.0125 3888 dac960nt - ok
18:33:48.0406 3888 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:33:48.0640 3888 DcomLaunch - ok
18:33:48.0750 3888 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:33:48.0812 3888 Dhcp - ok
18:33:48.0921 3888 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:33:48.0937 3888 Disk - ok
18:33:48.0984 3888 dmadmin - ok
18:33:49.0421 3888 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:33:49.0765 3888 dmboot - ok
18:33:49.0890 3888 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:33:49.0953 3888 dmio - ok
18:33:50.0015 3888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:33:50.0031 3888 dmload - ok
18:33:50.0109 3888 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:33:50.0125 3888 dmserver - ok
18:33:50.0218 3888 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:33:50.0250 3888 DMusic - ok
18:33:50.0328 3888 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:33:50.0375 3888 Dnscache - ok
18:33:50.0562 3888 dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:33:50.0625 3888 dot3svc - ok
18:33:50.0671 3888 dpti2o - ok
18:33:50.0765 3888 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:33:50.0765 3888 drmkaud - ok
18:33:50.0906 3888 drvmcdb (55f25c7eb606f923fa317ae29a8bd72a) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:33:50.0953 3888 drvmcdb - ok
18:33:51.0046 3888 eaphost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:33:51.0109 3888 eaphost - ok
18:33:51.0187 3888 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:33:51.0203 3888 ERSvc - ok
18:33:51.0312 3888 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:33:51.0437 3888 Eventlog - ok
18:33:51.0625 3888 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:33:51.0750 3888 EventSystem - ok
18:33:51.0921 3888 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:33:51.0968 3888 Fastfat - ok
18:33:52.0093 3888 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:33:52.0203 3888 FastUserSwitchingCompatibility - ok
18:33:52.0265 3888 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:33:52.0296 3888 Fdc - ok
18:33:52.0390 3888 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
18:33:52.0406 3888 FETNDIS - ok
18:33:52.0500 3888 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:33:52.0531 3888 Fips - ok
18:33:52.0593 3888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:33:52.0609 3888 Flpydisk - ok
18:33:52.0750 3888 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:33:52.0812 3888 FltMgr - ok
18:33:52.0953 3888 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
18:33:52.0984 3888 FontCache3.0.0.0 - ok
18:33:53.0078 3888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:33:53.0078 3888 Fs_Rec - ok
18:33:53.0203 3888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:33:53.0265 3888 Ftdisk - ok
18:33:53.0359 3888 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:33:53.0375 3888 gameenum - ok
18:33:53.0437 3888 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:33:53.0453 3888 GEARAspiWDM - ok
18:33:53.0562 3888 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:33:53.0578 3888 Gpc - ok
18:33:53.0781 3888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:53.0843 3888 gupdate - ok
18:33:53.0875 3888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:53.0890 3888 gupdatem - ok
18:33:53.0968 3888 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:33:53.0984 3888 helpsvc - ok
18:33:54.0046 3888 HFXP2 (4b606999d47e8bd466dbcf3e6cde044c) C:\WINDOWS\system32\DRIVERS\HFXP2.SYS
18:33:54.0062 3888 HFXP2 - ok
18:33:54.0156 3888 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:33:54.0187 3888 HidServ - ok
18:33:54.0250 3888 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:33:54.0265 3888 HidUsb - ok
18:33:54.0390 3888 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:33:54.0453 3888 hkmsvc - ok
18:33:54.0500 3888 hpn - ok
18:33:54.0578 3888 HPZid412 (d3eaa6f63fff759d36f8b7adc0b52b7d) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:33:54.0609 3888 HPZid412 - ok
18:33:54.0671 3888 HPZipr12 (8b34661cd899e9274395d5f9ceef725e) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:33:54.0687 3888 HPZipr12 - ok
18:33:54.0765 3888 HPZius12 (8c5b5566bbc78d6aedad44e92dbd878e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:33:54.0796 3888 HPZius12 - ok
18:33:54.0984 3888 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:33:55.0093 3888 HTTP - ok
18:33:55.0156 3888 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:33:55.0265 3888 HTTPFilter - ok
18:33:55.0312 3888 i2omgmt - ok
18:33:55.0359 3888 i2omp - ok
18:33:55.0484 3888 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:33:55.0515 3888 i8042prt - ok
18:33:55.0671 3888 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:33:55.0750 3888 IDriverT - ok
18:33:56.0265 3888 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:33:56.0625 3888 idsvc - ok
18:33:56.0718 3888 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:33:56.0781 3888 Imapi - ok
18:33:56.0937 3888 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:33:57.0015 3888 ImapiService - ok
18:33:57.0093 3888 ini910u - ok
18:33:57.0156 3888 IntelIde - ok
18:33:57.0250 3888 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:33:57.0265 3888 Ip6Fw - ok
18:33:57.0359 3888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:33:57.0375 3888 IpFilterDriver - ok
18:33:57.0437 3888 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:33:57.0468 3888 IpInIp - ok
18:33:57.0609 3888 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:33:57.0671 3888 IpNat - ok
18:33:57.0765 3888 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:33:57.0812 3888 IPSec - ok
18:33:57.0859 3888 IPVNMon - ok
18:33:57.0921 3888 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:33:57.0937 3888 IRENUM - ok
18:33:57.0984 3888 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:33:58.0031 3888 isapnp - ok
18:33:58.0265 3888 JavaQuickStarterService (126a16f569122ae00ad3d12ef831d651) C:\Program Files\Java\jre6\bin\jqs.exe
18:33:58.0328 3888 JavaQuickStarterService - ok
18:33:58.0421 3888 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:33:58.0437 3888 Kbdclass - ok
18:33:58.0500 3888 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:33:58.0531 3888 kbdhid - ok
18:33:58.0671 3888 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:33:58.0765 3888 kmixer - ok
18:33:58.0843 3888 KodakCCS - ok
18:33:58.0953 3888 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:33:59.0000 3888 KSecDD - ok
18:33:59.0140 3888 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:33:59.0218 3888 lanmanserver - ok
18:33:59.0343 3888 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:33:59.0468 3888 lanmanworkstation - ok
18:33:59.0515 3888 lbrtfdc - ok
18:33:59.0687 3888 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:33:59.0718 3888 LightScribeService - ok
18:33:59.0890 3888 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
18:34:00.0000 3888 LinksysUpdater - ok
18:34:00.0078 3888 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:34:00.0109 3888 LmHosts - ok
18:34:00.0203 3888 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:34:00.0234 3888 MBAMSwissArmy - ok
18:34:00.0296 3888 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:34:00.0343 3888 Messenger - ok
18:34:00.0421 3888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:34:00.0421 3888 mnmdd - ok
18:34:00.0531 3888 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:34:00.0593 3888 mnmsrvc - ok
18:34:00.0687 3888 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:34:00.0703 3888 Modem - ok
18:34:00.0781 3888 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:34:00.0843 3888 MODEMCSA - ok
18:34:00.0921 3888 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:34:00.0937 3888 Mouclass - ok
18:34:00.0984 3888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:34:01.0015 3888 mouhid - ok
18:34:01.0125 3888 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:34:01.0140 3888 MountMgr - ok
18:34:01.0171 3888 mraid35x - ok
18:34:01.0312 3888 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:34:01.0406 3888 MRxDAV - ok
18:34:01.0687 3888 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:34:01.0890 3888 MRxSmb - ok
18:34:02.0093 3888 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:34:02.0125 3888 MSCSPTISRV - ok
18:34:02.0218 3888 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:34:02.0250 3888 MSDTC - ok
18:34:02.0343 3888 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:34:02.0375 3888 Msfs - ok
18:34:02.0453 3888 MSIServer - ok
18:34:02.0500 3888 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:34:02.0515 3888 MSKSSRV - ok
18:34:02.0562 3888 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:34:02.0578 3888 MSPCLOCK - ok
18:34:02.0640 3888 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:34:02.0656 3888 MSPQM - ok
18:34:02.0765 3888 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:34:02.0796 3888 mssmbios - ok
18:34:02.0890 3888 MSSQL$OALM08 - ok
18:34:03.0046 3888 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:34:03.0078 3888 MSSQLServerADHelper100 - ok
18:34:03.0156 3888 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:34:03.0156 3888 MSTEE - ok
18:34:03.0234 3888 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
18:34:03.0250 3888 ms_mpu401 - ok
18:34:03.0359 3888 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:34:03.0406 3888 Mup - ok
18:34:03.0515 3888 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:34:03.0562 3888 NABTSFEC - ok
18:34:03.0828 3888 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:34:03.0984 3888 napagent - ok
18:34:04.0109 3888 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:34:04.0187 3888 NDIS - ok
18:34:04.0281 3888 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:34:04.0296 3888 NdisIP - ok
18:34:04.0359 3888 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:34:04.0375 3888 NdisTapi - ok
18:34:04.0453 3888 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:34:04.0468 3888 Ndisuio - ok
18:34:04.0593 3888 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:34:04.0640 3888 NdisWan - ok
18:34:04.0734 3888 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:34:04.0750 3888 NDProxy - ok
18:34:04.0843 3888 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:34:04.0875 3888 NetBIOS - ok
18:34:05.0015 3888 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:34:05.0093 3888 NetBT - ok
18:34:05.0203 3888 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:34:05.0281 3888 NetDDE - ok
18:34:05.0328 3888 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:34:05.0390 3888 NetDDEdsdm - ok
18:34:05.0453 3888 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:34:05.0515 3888 Netlogon - ok
18:34:05.0671 3888 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:34:05.0812 3888 Netman - ok
18:34:06.0031 3888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
18:34:06.0156 3888 NetTcpPortSharing - ok
18:34:06.0343 3888 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:34:06.0468 3888 Nla - ok
18:34:06.0937 3888 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
18:34:07.0218 3888 nmservice - ok
18:34:07.0328 3888 nosGetPlusHelper (9865516d33bc66fddac9db4087d4b6aa) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
18:34:07.0359 3888 nosGetPlusHelper - ok
18:34:07.0468 3888 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:34:07.0484 3888 Npfs - ok
18:34:07.0859 3888 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:34:08.0109 3888 Ntfs - ok
18:34:08.0140 3888 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:34:08.0203 3888 NtLmSsp - ok
18:34:08.0468 3888 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:34:08.0703 3888 NtmsSvc - ok
18:34:08.0796 3888 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:34:08.0812 3888 NuidFltr - ok
18:34:08.0875 3888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:34:08.0890 3888 Null - ok
18:34:09.0015 3888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:34:09.0031 3888 NwlnkFlt - ok
18:34:09.0109 3888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:34:09.0125 3888 NwlnkFwd - ok
18:34:09.0343 3888 ose (99bf0b1bcadf83102cbbbea4d0d22732) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:34:09.0406 3888 ose - ok
18:34:09.0515 3888 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:34:09.0546 3888 PACSPTISVR - ok
18:34:09.0656 3888 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:34:09.0703 3888 Parport - ok
18:34:09.0812 3888 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:34:09.0843 3888 PartMgr - ok
18:34:09.0875 3888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:34:09.0906 3888 ParVdm - ok
18:34:10.0000 3888 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
18:34:10.0015 3888 pavboot - ok
18:34:10.0125 3888 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:34:10.0156 3888 PCI - ok
18:34:10.0203 3888 PCIDump - ok
18:34:10.0265 3888 PCIIde - ok
18:34:10.0390 3888 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:34:10.0453 3888 Pcmcia - ok
18:34:10.0578 3888 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
18:34:10.0625 3888 Pcouffin - ok
18:34:10.0687 3888 PDCOMP - ok
18:34:10.0734 3888 PDFRAME - ok
18:34:10.0796 3888 PDRELI - ok
18:34:10.0859 3888 PDRFRAME - ok
18:34:10.0921 3888 perc2 - ok
18:34:10.0968 3888 perc2hib - ok
18:34:11.0187 3888 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:34:11.0234 3888 PlugPlay - ok
18:34:11.0359 3888 Pml Driver HPZ12 (67c4b32a2d107862df0e3346aadda86e) C:\WINDOWS\system32\HPZipm12.exe
18:34:11.0390 3888 Pml Driver HPZ12 - ok
18:34:11.0484 3888 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
18:34:11.0500 3888 pnarp - ok
18:34:11.0578 3888 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys
18:34:11.0609 3888 Point32 - ok
18:34:11.0671 3888 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:34:11.0718 3888 PolicyAgent - ok
18:34:11.0796 3888 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:34:11.0828 3888 PptpMiniport - ok
18:34:11.0906 3888 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
18:34:11.0906 3888 PQNTDrv - ok
18:34:11.0984 3888 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:34:12.0015 3888 Processor - ok
18:34:12.0062 3888 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:34:12.0093 3888 ProtectedStorage - ok
18:34:12.0218 3888 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:34:12.0250 3888 PSched - ok
18:34:12.0312 3888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:34:12.0328 3888 Ptilink - ok
18:34:12.0562 3888 Ptserial (403727208b1156f8a2a6c65886f41c5a) C:\WINDOWS\system32\DRIVERS\ptserial.sys
18:34:12.0703 3888 Ptserial - ok
18:34:12.0781 3888 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
18:34:12.0812 3888 purendis - ok
18:34:12.0906 3888 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:34:12.0937 3888 PxHelp20 - ok
18:34:13.0015 3888 QCDonner (ae4c2d854f2786eda93e923a4bced983) C:\WINDOWS\system32\DRIVERS\LVCD.sys
18:34:13.0031 3888 QCDonner - ok
18:34:13.0093 3888 ql1080 - ok
18:34:13.0140 3888 Ql10wnt - ok
18:34:13.0187 3888 ql12160 - ok
18:34:13.0234 3888 ql1240 - ok
18:34:13.0281 3888 ql1280 - ok
18:34:13.0343 3888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:34:13.0359 3888 RasAcd - ok
18:34:13.0468 3888 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:34:13.0546 3888 RasAuto - ok
18:34:13.0609 3888 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:34:13.0656 3888 Rasl2tp - ok
18:34:13.0875 3888 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:34:14.0000 3888 RasMan - ok
18:34:14.0093 3888 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:34:14.0109 3888 RasPppoe - ok
18:34:14.0171 3888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:34:14.0187 3888 Raspti - ok
18:34:14.0312 3888 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:34:14.0390 3888 Rdbss - ok
18:34:14.0453 3888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:34:14.0484 3888 RDPCDD - ok
18:34:14.0656 3888 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:34:14.0718 3888 RDPWD - ok
18:34:14.0875 3888 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:34:14.0984 3888 RDSessMgr - ok
18:34:15.0093 3888 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:34:15.0125 3888 redbook - ok
18:34:15.0218 3888 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:34:15.0281 3888 RemoteAccess - ok
18:34:15.0437 3888 RoxLiveShare9 - ok
18:34:15.0562 3888 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:34:15.0640 3888 RpcLocator - ok
18:34:15.0906 3888 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:34:15.0968 3888 RpcSs - ok
18:34:16.0171 3888 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
18:34:16.0265 3888 RsFx0103 - ok
18:34:16.0390 3888 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:34:16.0500 3888 RSVP - ok
18:34:16.0640 3888 RT25USBAP (05691b0b52575c057e5ac35242e5d231) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
18:34:16.0734 3888 RT25USBAP - ok
18:34:16.0968 3888 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
18:34:17.0093 3888 RT73 - ok
18:34:17.0203 3888 s3m (22098a69bddf00b6a88264bf0996ccaa) C:\WINDOWS\system32\DRIVERS\s3m.sys
18:34:17.0296 3888 s3m - ok
18:34:17.0421 3888 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
18:34:17.0500 3888 S3Psddr - ok
18:34:17.0546 3888 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
18:34:17.0593 3888 S3SavageNB - ok
18:34:17.0703 3888 SABProcEnum - ok
18:34:17.0781 3888 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:34:17.0843 3888 SamSs - ok
18:34:17.0937 3888 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:34:17.0953 3888 SASDIFSV - ok
18:34:18.0000 3888 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:34:18.0015 3888 SASENUM - ok
18:34:18.0078 3888 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:34:18.0125 3888 SASKUTIL - ok
18:34:18.0234 3888 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:34:18.0312 3888 SCardSvr - ok
18:34:18.0390 3888 SCDEmu (0b58150b5960e0e670fb91187f9b17bd) C:\WINDOWS\system32\drivers\SCDEmu.sys
18:34:18.0421 3888 SCDEmu - ok
18:34:18.0578 3888 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:34:18.0718 3888 Schedule - ok
18:34:18.0968 3888 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:34:18.0984 3888 Secdrv - ok
18:34:19.0046 3888 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:34:19.0093 3888 seclogon - ok
18:34:19.0171 3888 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:34:19.0265 3888 SENS - ok
18:34:19.0343 3888 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:34:19.0359 3888 serenum - ok
18:34:19.0437 3888 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:34:19.0500 3888 Serial - ok
18:34:19.0703 3888 ServiceLayer (78546cd2eca6dd6bdcd4b13048621f88) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:34:19.0859 3888 ServiceLayer - ok
18:34:20.0093 3888 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:34:20.0109 3888 Sfloppy - ok
18:34:20.0312 3888 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:34:20.0468 3888 SharedAccess - ok
18:34:20.0609 3888 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:34:20.0671 3888 ShellHWDetection - ok
18:34:20.0718 3888 Simbad - ok
18:34:20.0796 3888 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:34:20.0843 3888 SLIP - ok
18:34:21.0093 3888 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
18:34:21.0140 3888 SonicStage Back-End Service - ok
18:34:21.0250 3888 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
18:34:21.0296 3888 sonypvs1 - ok
18:34:21.0390 3888 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:34:21.0406 3888 SONYPVU1 - ok
18:34:21.0453 3888 Sparrow - ok
18:34:21.0515 3888 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:34:21.0531 3888 splitter - ok
18:34:21.0640 3888 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:34:21.0718 3888 Spooler - ok
18:34:21.0796 3888 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:34:21.0843 3888 SPTISRV - ok
18:34:22.0156 3888 SQLAgent$OALM08 (d494597e8c665f2d515d9d24fa9616ef) c:\Program Files\Microsoft SQL Server\MSSQL10.OALM08\MSSQL\Binn\SQLAGENT.EXE
18:34:22.0312 3888 SQLAgent$OALM08 - ok
18:34:22.0515 3888 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:34:22.0625 3888 SQLBrowser - ok
18:34:22.0734 3888 SQLWriter (997bc62f49d0d84214fe887f09197d41) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:34:22.0781 3888 SQLWriter - ok
18:34:22.0890 3888 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:34:22.0937 3888 sr - ok
18:34:23.0109 3888 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:34:23.0234 3888 srservice - ok
18:34:23.0437 3888 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:34:23.0593 3888 Srv - ok
18:34:23.0687 3888 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:34:23.0765 3888 SSDPSRV - ok
18:34:23.0937 3888 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
18:34:23.0968 3888 SSScsiSV - ok
18:34:24.0062 3888 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:34:24.0078 3888 StillCam - ok
18:34:24.0312 3888 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:34:24.0500 3888 stisvc - ok
18:34:24.0531 3888 stllssvr - ok
18:34:24.0609 3888 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:34:24.0625 3888 streamip - ok
18:34:24.0703 3888 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:34:24.0718 3888 swenum - ok
18:34:24.0828 3888 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:34:24.0859 3888 swmidi - ok
18:34:24.0921 3888 SwPrv - ok
18:34:24.0984 3888 symc810 - ok
18:34:25.0031 3888 symc8xx - ok
18:34:25.0078 3888 sym_hi - ok
18:34:25.0125 3888 sym_u3 - ok
18:34:25.0250 3888 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:34:25.0296 3888 sysaudio - ok
18:34:25.0406 3888 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:34:25.0515 3888 SysmonLog - ok
18:34:25.0734 3888 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:34:25.0890 3888 TapiSrv - ok
18:34:26.0125 3888 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:34:26.0296 3888 Tcpip - ok
18:34:26.0406 3888 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:34:26.0421 3888 TDPIPE - ok
18:34:26.0468 3888 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:34:26.0500 3888 TDTCP - ok
18:34:26.0593 3888 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:34:26.0625 3888 TermDD - ok
18:34:26.0812 3888 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:34:27.0000 3888 TermService - ok
18:34:27.0156 3888 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:34:27.0203 3888 Themes - ok
18:34:27.0265 3888 TosIde - ok
18:34:27.0375 3888 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:34:27.0484 3888 TrkWks - ok
18:34:27.0625 3888 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:34:27.0671 3888 Udfs - ok
18:34:27.0734 3888 ultra - ok
18:34:27.0984 3888 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:34:28.0140 3888 Update - ok
18:34:28.0296 3888 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:34:28.0421 3888 upnphost - ok
18:34:28.0531 3888 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:34:28.0593 3888 UPS - ok
18:34:28.0656 3888 USBAAPL - ok
18:34:28.0734 3888 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:34:28.0812 3888 usbaudio - ok
18:34:28.0890 3888 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:34:28.0906 3888 usbccgp - ok
18:34:28.0984 3888 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:34:29.0015 3888 usbehci - ok
18:34:29.0109 3888 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:34:29.0156 3888 usbhub - ok
18:34:29.0218 3888 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:34:29.0250 3888 usbprint - ok
18:34:29.0343 3888 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:34:29.0359 3888 usbscan - ok
18:34:29.0437 3888 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:34:29.0468 3888 USBSTOR - ok
18:34:29.0531 3888 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:34:29.0578 3888 usbuhci - ok
18:34:29.0718 3888 Vax347b (cb3400d696bee266c38cae330c2b4337) C:\WINDOWS\system32\DRIVERS\Vax347b.sys
18:34:29.0828 3888 Vax347b - ok
18:34:29.0890 3888 Vax347s (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\Vax347s.sys
18:34:29.0921 3888 Vax347s - ok
18:34:29.0984 3888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:34:30.0000 3888 VgaSave - ok
18:34:30.0078 3888 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:34:30.0109 3888 viaagp - ok
18:34:30.0203 3888 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
18:34:30.0234 3888 viaagp1 - ok
18:34:30.0296 3888 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:34:30.0296 3888 ViaIde - ok
18:34:30.0546 3888 VIASens (d3fb0a70fa3e3a62f1b2faa88daabae8) C:\WINDOWS\system32\drivers\viasens.sys
18:34:30.0750 3888 VIASens - ok
18:34:30.0921 3888 VIAudio (df47d922e86f4c571d81221bfb5873b8) C:\WINDOWS\system32\drivers\vinyl97.sys
18:34:31.0031 3888 VIAudio - ok
18:34:31.0484 3888 Vmodem (a630c3b4b1f8ebe85a6c70128135b388) C:\WINDOWS\system32\DRIVERS\vmodem.sys
18:34:31.0859 3888 Vmodem - ok
18:34:31.0953 3888 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:34:32.0015 3888 VolSnap - ok
18:34:32.0484 3888 Vpctcom (8dffba3f522ea796d2e015fc137b4ce0) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
18:34:32.0875 3888 Vpctcom - ok
18:34:32.0937 3888 vsdatant - ok
18:34:33.0125 3888 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:34:33.0296 3888 VSS - ok
18:34:33.0406 3888 Vvoice (f10cdd635fbc729372736a6ec0b0b30c) C:\WINDOWS\system32\DRIVERS\vvoice.sys
18:34:33.0453 3888 Vvoice - ok
18:34:33.0656 3888 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:34:33.0781 3888 W32Time - ok
18:34:33.0890 3888 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:34:33.0953 3888 Wanarp - ok
18:34:34.0015 3888 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:34:34.0031 3888 WDC_SAM - ok
18:34:34.0234 3888 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:34:34.0296 3888 WDDMService - ok
18:34:34.0578 3888 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:34:34.0828 3888 Wdf01000 - ok
18:34:34.0875 3888 WDICA - ok
18:34:34.0984 3888 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:34:35.0031 3888 wdmaud - ok
18:34:35.0140 3888 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
18:34:35.0171 3888 WDSmartWareBackgroundService - ok
18:34:35.0265 3888 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:34:35.0359 3888 WebClient - ok
18:34:35.0734 3888 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:34:35.0796 3888 winmgmt - ok
18:34:35.0953 3888 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:34:36.0015 3888 WmdmPmSN - ok
18:34:36.0218 3888 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:34:36.0265 3888 WmiApSrv - ok
18:34:36.0750 3888 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:34:37.0156 3888 WMPNetworkSvc - ok
18:34:37.0296 3888 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:34:37.0343 3888 WpdUsb - ok
18:34:37.0890 3888 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
18:34:38.0234 3888 WPFFontCache_v0400 - ok
18:34:38.0312 3888 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:34:38.0328 3888 WS2IFSL - ok
18:34:38.0453 3888 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:34:38.0562 3888 wscsvc - ok
18:34:38.0656 3888 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:34:38.0671 3888 WSTCODEC - ok
18:34:38.0765 3888 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:34:38.0875 3888 wuauserv - ok
18:34:38.0984 3888 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:34:39.0046 3888 WudfPf - ok
18:34:39.0156 3888 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:34:39.0203 3888 WudfRd - ok
18:34:39.0296 3888 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:34:39.0390 3888 WudfSvc - ok
18:34:39.0671 3888 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:34:39.0953 3888 WZCSVC - ok
18:34:40.0078 3888 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:34:40.0203 3888 xmlprov - ok
18:34:40.0281 3888 XMS1563K (d90894db9bae60c9639437f0d463707e) C:\WINDOWS\system32\drivers\XMS1563K.sys
18:34:40.0312 3888 XMS1563K - ok
18:34:40.0515 3888 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:34:41.0453 3888 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:34:41.0453 3888 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:34:41.0515 3888 MBR (0x1B8) (c7b0b68c056ce40e2117641aa41e112a) \Device\Harddisk1\DR1
18:34:46.0843 3888 \Device\Harddisk1\DR1 - ok
18:34:46.0875 3888 Boot (0x1200) (114544a47505cb9b49ae2289dac1b695) \Device\Harddisk0\DR0\Partition0
18:34:46.0875 3888 \Device\Harddisk0\DR0\Partition0 - ok
18:34:46.0937 3888 Boot (0x1200) (559915d29b3327099eb3db347ee363e0) \Device\Harddisk1\DR1\Partition0
18:34:46.0937 3888 \Device\Harddisk1\DR1\Partition0 - ok
18:34:46.0968 3888 ================================================== ==========
18:34:46.0968 3888 Scan finished
18:34:46.0968 3888 ================================================== ==========
18:34:47.0062 3428 Detected object count: 1
18:34:47.0062 3428 Actual detected object count: 1
18:35:08.0781 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:35:08.0781 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I will run the GMER scan now.
Thanks again
Reply With Quote
  #22  
Old May 31st, 2012, 02:53 AM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
GMER log

Rintan:
Here is the Gmer log.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-30 18:48:25
Windows 5.1.2600 Service Pack 3
Running: dnsim6yx.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgldapoc.sys


---- Modules - GMER 1.0.15 ----

Module Vax347b.sys (Plug and Play BIOS Extension/ ) F7667000-F768E000 (159744 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7BB3000-F7BB5000 (8192 bytes)
Module pavboot.sys (Panda Boot Driver/Panda Security, S.L.) F793F000-F7945000 (24576 bytes)
Module _________ F75F1000-F7609000 (98304 bytes)
Module Vax347s.sys (SCSI miniport/ ) F7BB5000-F7BB7000 (8192 bytes)
Module drvmcdb.sys (Device Driver/Sonic Solutions) F7590000-F75A7000 (94208 bytes)
Module HFXP2.SYS (Hide Folders XP driver/FSPro Labs) F7AC3000-F7AC6000 (12288 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F76FF000-F7708000 (36864 bytes)
Module XMS1563K.sys F770F000-F771B000 (49152 bytes)
Module Combo-Fix.sys F771F000-F772E000 (61440 bytes)
Module viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.) F7947000-F794E000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\s3gnbm.sys (S3 ProSavage(DDR) & Twister Miniport Driver/S3 Graphics, Inc.) F6D8E000-F6DB7000 (167936 bytes)
Module \SystemRoot\system32\DRIVERS\s3m.sys (S3 Miniport Driver/S3 Incorporated) F6D51000-F6D7A000 (167936 bytes)
Module \SystemRoot\System32\Drivers\AFS2K.SYS (Audio File System/Oak Technology Inc.) F78BF000-F78C8000 (36864 bytes)
Module \SystemRoot\system32\drivers\Afc.sys (Arcsoft(R) ASPI Shell/Arcsoft, Inc.) F7A17000-F7A1F000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F7A1F000-F7A24000 (20480 bytes)
Module \SystemRoot\system32\drivers\vinyl97.sys (Vinyl AC'97 Codec Combo WDM Driver/VIA Technologies, Inc.) F6CD8000-F6D0A000 (204800 bytes)
Module \SystemRoot\system32\DRIVERS\vvoice.sys (HSP Modem device driver/PCtel, Inc.) F6CA2000-F6CB4000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\vpctcom.sys (HSP Modem Virtual Control Device/PCtel, Inc.) F6BE2000-F6CA2000 (786432 bytes)
Module \SystemRoot\system32\DRIVERS\vmodem.sys (HSP Modem Modem Device Driver/PCTEL, INC.) F6B1C000-F6BE2000 (811008 bytes)
Module \SystemRoot\system32\DRIVERS\ptserial.sys (HSP Modem Serial Device Driver/PCTEL, INC.) F6ACF000-F6B1C000 (315392 bytes)
Module \SystemRoot\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) F7A47000-F7A4E000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F79EF000-F79F4000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Pcouffin.sys (low level access layer for CD/DVD/BD devices/VSO Software) F5ECB000-F5ED7000 (49152 bytes)
Module \SystemRoot\System32\Drivers\crlscsi.SYS (NT Kernel Driver/Corel Corporation) F1EC5000-F1ECB000 (24576 bytes)
Module \SystemRoot\System32\Drivers\aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) F26DE000-F26E9000 (45056 bytes)
Module \SystemRoot\System32\Drivers\aswRdr.SYS (avast! TDI RDR Driver/AVAST Software) F796F000-F7976000 (28672 bytes)
Module \SystemRoot\System32\Drivers\SCDEmu.SYS (PowerISO Virtual Drive/PowerISO Computing, Inc.) F18B0000-F18B7000 (28672 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) F1373000-F1395000 (139264 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) F18A8000-F18AE000 (24576 bytes)
Module \SystemRoot\System32\Drivers\PQNTDrv.SYS (PowerQuest Boot Mode Driver./PowerQuest Corporation) F7D6C000-F7D6D000 (4096 bytes)
Module \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) F1265000-F12B0000 (307200 bytes)
Module \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) F11D2000-F123F000 (446464 bytes)
Module \SystemRoot\System32\Drivers\Aavmker4.SYS (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/AVAST Software) F1EBD000-F1EC3000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\rt73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) F1194000-F11D2000 (253952 bytes)
Module \SystemRoot\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) F14F5000-F14FB000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) F2371000-F237E000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) F132C000-F1330000 (16384 bytes)
Module \SystemRoot\System32\s3mvirge.dll (S3 ViRGE Display Driver/S3 Incorporated) BFF20000-BFF54000 (212992 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF012000-BF059000 (290816 bytes)
Module \SystemRoot\System32\Drivers\aswFsBlk.SYS (avast! File System Access Blocking Driver/AVAST Software) F7B8B000-F7B8E000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) F5355000-F535A000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\pnarp.sys (Address Resolution Protocol Driver/Pure Networks, Inc.) F799F000-F79A4000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\purendis.sys (NDIS Relay Driver/Pure Networks, Inc.) F79DF000-F79E4000 (20480 bytes)
Module \SystemRoot\System32\Drivers\aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) F0CEA000-F0D04000 (106496 bytes)
Module \SystemRoot\System32\Drivers\Aspi32.SYS (ASPI for WIN32 Kernel Driver/Adaptec) EFCE5000-EFCE9000 (16384 bytes)
Module \??\C:\ComboFix\catchme.sys F5365000-F536D000 (32768 bytes)
Module \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS F7C0D000-F7C0F000 (8192 bytes)
Module \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\fgldapoc.sys (GMER) EF3A7000-EF3C0000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe 136
Library C:\Documents and Settings\Owner\Desktop\dnsim6yx.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) 336
Library C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) 0x00400000
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 508
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 844
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\AdobePDF.dll (Acrobat ® PDF Port/Adobe Systems Incorporated.) 0x50400000
Library C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll (Acrobat Distiller/Adobe Systems Incorporated.) 0x65000000
Library C:\WINDOWS\system32\hpzlnt05.dll (HP) 0x10000000
Library C:\WINDOWS\system32\hpzlnt07.dll (HP) 0x00E00000
Library C:\WINDOWS\system32\RDCOMMON.DLL (RDGCOMMON Language Monitor DLL for NT/Roland DG Corporation) 0x00E40000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpi pelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp0 5.dll (Printer Property UI dll/HP) 0x60600000
Library C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku0 5.dll (HPDJ Driver/HP) 0x01120000

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 852
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 880
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com) 0x10000000

Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 932
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 944
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1096
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1160
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\wuauclt.exe (Windows Update/Microsoft Corporation) 1236
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1268
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\hpgwiamd.dll (Hewlett-Packard WIA minidriver./Hewlett-Packard) 0x10000000
Library C:\WINDOWS\system32\hpotscl.dll 0x00C90000

Process C:\Program Files\Alwil Software\Avast5\avastUI.exe (avast! Antivirus/AVAST Software) 1344
Library C:\Program Files\Alwil Software\Avast5\avastUI.exe (avast! Antivirus/AVAST Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast5\aswUtil.dll (avast! Utility library/AVAST Software) 0x64780000
Library C:\Program Files\Alwil Software\Avast5\ashBase.dll (Basic Functionality Module/AVAST Software) 0x64500000
Library C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll (Antivirus engine loader/AVAST Software) 0x64BC0000
Library C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll (Antivirus HW dependent library/AVAST Software) 0x64C00000
Library C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll (Antivirus independent functions/AVAST Software) 0x64C40000
Library C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) 0x64C80000
Library C:\Program Files\Alwil Software\Avast5\ashTask.dll (Task Handling Module/AVAST Software) 0x64800000
Library C:\Program Files\Alwil Software\Avast5\aswAux.dll (avast! Auxiliary Library/AVAST Software) 0x64580000
Library C:\Program Files\Alwil Software\Avast5\aswLog.dll (avast! Log library/AVAST Software) 0x64700000
Library C:\Program Files\Alwil Software\Avast5\aswSqLt.dll (avast! SQLite library/AVAST Software) 0x64840000
Library C:\Program Files\Alwil Software\Avast5\aswProperty.dll (avast! Property Storage library/AVAST Software) 0x64740000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Alwil Software\Avast5\1033\Base.dll (avast! English Basic Module/AVAST Software) 0x66080000
Library C:\Program Files\Alwil Software\Avast5\aswData.dll (avast! UI Layer library/AVAST Software) 0x64680000
Library C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll (avast! TaskEx library/AVAST Software) 0x647C0000
Library C:\Program Files\Alwil Software\Avast5\Aavm4h.dll (avast! Asynchronous Virus Monitor (AAVM)/AVAST Software) 0x65000000
Library C:\Program Files\Alwil Software\Avast5\AavmRpch.dll (avast! AAVM Remote Procedure Call Library/AVAST Software) 0x65400000
Library C:\Program Files\Alwil Software\Avast5\1033\UILangRes.dll (UILangRes/AVAST Software) 0x660C0000
Library C:\Program Files\Alwil Software\Avast5\CommonRes.dll (Common UI resources/AVAST Software) 0x66100000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\uiExt.dll (avast! UI extension library/AVAST Software) 0x63BA0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1380
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x6F290000

Process C:\WINDOWS\system32\java.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 1416
Library C:\WINDOWS\system32\java.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x00400000
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\Program Files\Java\jre6\bin\client\jvm.dll (Java HotSpot(TM) Client VM/Sun Microsystems, Inc.) 0x6D800000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Java\jre6\bin\verify.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D7B0000
Library C:\Program Files\Java\jre6\bin\java.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D330000
Library C:\Program Files\Java\jre6\bin\hpi.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D290000
Library C:\Program Files\Java\jre6\bin\zip.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D7F0000
Library C:\Program Files\Java\jre6\bin\awt.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D000000
Library C:\Program Files\Java\jre6\bin\fontmanager.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D230000
Library C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll 0x10000000
Library C:\Program Files\Java\jre6\bin\net.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D610000
Library C:\Program Files\Java\jre6\bin\sunmscapi.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x6D790000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1512
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/AVAST Software) 1672
Library C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/AVAST Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) 0x64C80000
Library C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll (Antivirus HW dependent library/AVAST Software) 0x64C00000
Library C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll (Antivirus independent functions/AVAST Software) 0x64C40000
Library C:\Program Files\Alwil Software\Avast5\ashBase.dll (Basic Functionality Module/AVAST Software) 0x64500000
Library C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll (Antivirus engine loader/AVAST Software) 0x64BC0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Alwil Software\Avast5\1033\Base.dll (avast! English Basic Module/AVAST Software) 0x66080000
Library C:\Program Files\Alwil Software\Avast5\ashServ.dll (avast! antivirus service/AVAST Software) 0x65080000
Library C:\Program Files\Alwil Software\Avast5\aswAux.dll (avast! Auxiliary Library/AVAST Software) 0x64580000
Library C:\Program Files\Alwil Software\Avast5\ashTask.dll (Task Handling Module/AVAST Software) 0x64800000
Library C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll (avast! TaskEx library/AVAST Software) 0x647C0000
Library C:\Program Files\Alwil Software\Avast5\aswLog.dll (avast! Log library/AVAST Software) 0x64700000
Library C:\Program Files\Alwil Software\Avast5\aswSqLt.dll (avast! SQLite library/AVAST Software) 0x64840000
Library C:\Program Files\Alwil Software\Avast5\aswProperty.dll (avast! Property Storage library/AVAST Software) 0x64740000
Library C:\Program Files\Alwil Software\Avast5\Aavm4h.dll (avast! Asynchronous Virus Monitor (AAVM)/AVAST Software) 0x65000000
Library C:\Program Files\Alwil Software\Avast5\AavmRpch.dll (avast! AAVM Remote Procedure Call Library/AVAST Software) 0x65400000
Library C:\Program Files\Alwil Software\Avast5\aswIdle.dll (avast! Idle Hook Library/AVAST Software) 0x64A00000
Library C:\Program Files\Alwil Software\Avast5\aswStrm.dll (avast! Streaming Update library/AVAST Software) 0x64940000
Library C:\Program Files\Alwil Software\Avast5\aswDld.dll (aswDld Dynamic Link Library/AVAST Software) 0x646C0000
Library C:\Program Files\Alwil Software\Avast5\AhResBhv.dll (avast! Behavior Shield AAVM Provider Library/AVAST Software) 0x65920000
Library C:\Program Files\Alwil Software\Avast5\AhResJs.dll (avast! Script Blocking AAVM Provider Library/AVAST Software) 0x65860000
Library C:\Program Files\Alwil Software\Avast5\AhResMai.dll (avast! e-Mail Scanner AAVM Provider Library/AVAST Software) 0x65840000
Library C:\Program Files\Alwil Software\Avast5\AhResMes.dll (avast! Messenger scanner AAVM Provider Library/AVAST Software) 0x65880000
Library C:\Program Files\Alwil Software\Avast5\AhResNS.dll (avast! Network Shield AAVM Provider Library/AVAST Software) 0x658C0000
Library C:\Program Files\Alwil Software\Avast5\AhResP2P.dll (avast! P2P Shield AAVM Provider Library/AVAST Software) 0x658A0000
Library C:\Program Files\Alwil Software\Avast5\AhResStd.dll (avast! Standard Shield AAVM Provider Library/AVAST Software) 0x65800000
Library C:\Program Files\Alwil Software\Avast5\AhResWS.dll (avast! HTTP Scanner AAVM Provider Library/AVAST Software) 0x658E0000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\aswEngin.dll (High level antivirus engine/AVAST Software) 0x64240000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\aswCmnOS.dll (Antivirus HW dependent library/AVAST Software) 0x64000000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\aswCmnIS.dll (Antivirus independent functions/AVAST Software) 0x64100000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\aswCmnBS.dll (Common functions/AVAST Software) 0x64080000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\aswScan.dll (Low level antivirus engine/AVAST Software) 0x64200000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\aswRep.dll (Reputation services access/AVAST Software) 0x63F00000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\aswFiDb.dll (File information database access/AVAST Software) 0x63300000
Library C:\Program Files\Alwil Software\Avast5\defs\12053002\algo.dll 0x0AAB0000

Process C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe 1760
Library C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe 0x00400000
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\explorer.exe (Windows Explorer/Microsoft Corporation) 1820
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Alwil Software\Avast5\ashShell.dll (avast! Shell Extension/AVAST Software) 0x64E40000
Library C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll 0x10000000
Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x00D30000
Library C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x00D70000
Library C:\Corel\Draw70\PROGRAMS\CDRICO70.DLL 0x01110000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x02EB0000
Library C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware Context Menu Extension/SUPERAntiSpyware.com) 0x02ED0000
Library C:\Program Files\WinAce\arcext.dll (WinAce-Archiver Shell Extension /e-merge GmbH) 0x02F00000
Library C:\Program Files\WinAce\acev2.dll (WinAce ACE Dynamic Link Library/ACE Compression Software) 0x02F40000
Library C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Mail/Yahoo! Inc.) 0x64000000
Library C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Shell Extension DLL/WinZip Computing LP) 0x16200000
Library C:\Program Files\WinRAR\rarext.dll 0x03160000
Library C:\WINDOWS\system32\RhinoShExt.dll (RhinoShExt DLL/Robert McNeel & Associates) 0x04220000
Library C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISOShell DLL/PowerISO Computing, Inc.) 0x042D0000
Library C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Acrobat Context Menu/Adobe Systems Inc.) 0x04410000
Library C:\Program Files\Adobe\Acrobat 7.0\Distillr\ADIST32.dll (Adobe PDF Helper DLL/Adobe Systems Incorporated.) 0x044B0000
Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Acrobat IE Helper Version 7.0 for ActiveX/Adobe Systems Incorporated) 0x00CD0000
Library C:\WINDOWS\system32\msdmo.dll 0x736B0000
Library C:\Program Files\Alwil Software\Avast5\aswJsFlt.dll (avast! Script Blocking filter library/AVAST Software) 0x64E80000
Library C:\Program Files\Adobe\Reader 9.0\Reader\AcroRdIF.dll (PDF IFilter/Adobe Systems, Inc.) 0x05510000
Library C:\Program Files\Adobe\Reader 9.0\Reader\ace.dll (Adobe Color Engine/Adobe Systems Incorporated) 0x05C50000
Library C:\Program Files\Adobe\Reader 9.0\Reader\agm.dll (Adobe Graphics Manager/Adobe Systems Incorporated) 0x06000000
Library C:\Program Files\Adobe\Reader 9.0\Reader\axe8sharedexpat.dll (AXE Shared EXPAT (UTF-8 native)/Adobe Systems Incorporated) 0x059A0000
Library C:\Program Files\Adobe\Reader 9.0\Reader\cooltype.dll (CoolType Typography Engine/Adobe Systems Incorporated) 0x08000000
Library C:\Program Files\Adobe\Reader 9.0\Reader\bib.dll (Bravo Interface Binder/Adobe Systems Incorporated) 0x07000000
Library C:\Program Files\Adobe\Reader 9.0\Reader\bibutils.dll (Bravo Interface Binder Utilities/Adobe Systems Incorporated) 0x05BA0000
Library C:\Program Files\Adobe\Reader 9.0\Reader\jp2klib.dll (Adobe JPEG2000 Core Library/Adobe Systems Incorporated) 0x05DB0000
Library C:\Program Files\Adobe\Reader 9.0\Reader\adobexmp.dll 0x05E80000
Library C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll (Adobe Reader 9.3/Adobe Systems Incorporated) 0x08260000

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1876
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1976
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\taskmgr.exe (Windows TaskManager/Microsoft Corporation) 2280
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks Platform Service/Pure Networks, Inc.) 2288
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks Platform Service/Pure Networks, Inc.) 0x65C00000
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll (Network Magic Service Dynamic Link Library/Pure Networks, Inc.) 0x68190000
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\nmagnt.dll (nmagnt Dynamic Link Library/Pure Networks, Inc.) 0x66A20000
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\nmcore.dll (nmcore Dynamic Link Library/Pure Networks, Inc.) 0x66D50000
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\nmrasv.dll (NmRaService Library/Pure Networks, Inc.) 0x67180000
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\10.1.8116.1.nmcorePS.dll (nmcoreps Dynamic Link Library/Pure Networks, Inc.) 0x02D60000
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\Linksys.dll (Linksys Support DLL/Pure Networks, Inc.) 0x66710000
Library C:\Program Files\Common Files\Pure Networks Shared\Platform\upnpgw.dll (UPnP Gateway Support DLL/Pure Networks, Inc.) 0x67EA0000

Process C:\WINDOWS\system32\wuauclt.exe (Windows Update/Microsoft Corporation) 2420
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 3408
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

Process C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 3628
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Reply With Quote
  #23  
Old May 31st, 2012, 02:53 AM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
Gmer log 2

Process C:\Program Files\AZiO\AWU254\Installer\WINXP\AWU254 Wireless Client Utility.exe (AWU254 Wireless Client Utility/AZiO Corporation ) 4088
Library C:\Program Files\AZiO\AWU254\Installer\WINXP\AWU254 Wireless Client Utility.exe (AWU254 Wireless Client Utility/AZiO Corporation ) 0x00400000
Library C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) 0x64D00000
Library C:\Program Files\AZiO\AWU254\Installer\WINXP\AegisE5.dll (IEEE 802.1X Protocol/Meetinghouse Data Communications) 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

---- Services - GMER 1.0.15 ----

Service C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) [AUTO] !SASCORE
Service C:\Program Files\a2 free\a2service.exe (a-squared Service/Emsi Software GmbH) [DISABLED] a2free
Service (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/AVAST Software) [SYSTEM] Aavmker4
Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (System Level Service Utility/Adobe Systems) [MANUAL] Adobe LM Service
Service C:\WINDOWS\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) [AUTO] AegisP
Service C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft(R) ASPI Shell/Arcsoft, Inc.) [MANUAL] Afc
Service (Audio File System/Oak Technology Inc.) [SYSTEM] AFS2K
Service (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] Aspi32
Service (avast! File System Access Blocking Driver/AVAST Software) [AUTO] aswFsBlk
Service (avast! File System Filter Driver for Windows XP/AVAST Software) [AUTO] aswMon2
Service (avast! TDI RDR Driver/AVAST Software) [SYSTEM] aswRdr
Service (avast! Virtualization Driver/AVAST Software) [SYSTEM] aswSnx
Service (avast! self protection module/AVAST Software) [SYSTEM] aswSP
Service (avast! TDI Filter Driver/AVAST Software) [SYSTEM] aswTdi
Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk) [DISABLED] Autodesk Licensing Service
Service C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/AVAST Software) [AUTO] avast! Antivirus
Service C:\ComboFix\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\system32\DRIVERS\CoachAud.sys (Audio Port Driver for Digital Camera/FotoNation Inc.) [MANUAL] CoachAud
Service system32\DRIVERS\CoachUsb.sys [MANUAL] CoachUsb
Service system32\DRIVERS\CoachVc.sys [MANUAL] CoachVc
Service (NT Kernel Driver/Corel Corporation) [SYSTEM] crlscsi
Service DcCam
Service C:\WINDOWS\system32\drivers\drvmcdb.sys (Device Driver/Sonic Solutions) [BOOT] drvmcdb
Service C:\WINDOWS\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDIS
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [MANUAL] gupdatem
Service C:\WINDOWS\SYSTEM32\DRIVERS\HFXP2.SYS (Hide Folders XP driver/FSPro Labs) [BOOT] HFXP2
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service [BOOT] IPVNMon
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\drivers\KodakCCS.exe [DISABLED] KodakCCS
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [DISABLED] LightScribeService
Service C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [AUTO] LinksysUpdater
Service C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMSwissArmy
Service C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (MSCSPTISRV Module/Sony Corporation) [MANUAL] MSCSPTISRV
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service nm
Service C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks Platform Service/Pure Networks, Inc.) [AUTO] nmservice
Service nv4
Service C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [MANUAL] PACSPTISVR
Service C:\WINDOWS\system32\drivers\pavboot.sys (Panda Boot Driver/Panda Security, S.L.) [BOOT] pavboot
Service C:\WINDOWS\System32\Drivers\Pcouffin.sys (low level access layer for CD/DVD/BD devices/VSO Software) [MANUAL] Pcouffin
Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [MANUAL] Pml Driver HPZ12
Service C:\WINDOWS\system32\DRIVERS\pnarp.sys (Address Resolution Protocol Driver/Pure Networks, Inc.) [AUTO] pnarp
Service (PowerQuest Boot Mode Driver./PowerQuest Corporation) [SYSTEM] PQNTDrv
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\system32\DRIVERS\ptserial.sys (HSP Modem Serial Device Driver/PCTEL, INC.) [MANUAL] Ptserial
Service C:\WINDOWS\system32\DRIVERS\purendis.sys (NDIS Relay Driver/Pure Networks, Inc.) [AUTO] purendis
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\LVCD.sys (Video Minidriver/Logitech Inc.) [MANUAL] QCDonner
Service C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [DISABLED] RoxLiveShare9
Service C:\WINDOWS\system32\DRIVERS\rt25usbap.sys (Sample Driver for Ralink 802.11g Wireless USB Adapters/Ralink Technology Inc.) [MANUAL] RT25USBAP
Service C:\WINDOWS\system32\DRIVERS\rt73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) [MANUAL] RT73
Service C:\WINDOWS\system32\DRIVERS\s3m.sys (S3 Miniport Driver/S3 Incorporated) [MANUAL] s3m
Service C:\WINDOWS\system32\DRIVERS\s3gnbm.sys (S3 ProSavage(DDR) & Twister Miniport Driver/S3 Graphics, Inc.) [MANUAL] S3Psddr
Service C:\WINDOWS\system32\DRIVERS\s3gnbm.sys (S3 ProSavage(DDR) & Twister Miniport Driver/S3 Graphics, Inc.) [MANUAL] S3SavageNB
Service C:\PROGRA~1\Yahoo!\browser\SABProcEnum.sys [MANUAL] SABProcEnum
Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com) [MANUAL] SASENUM
Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service (PowerISO Virtual Drive/PowerISO Computing, Inc.) [SYSTEM] SCDEmu
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelEndpoint 4.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelOperation 4.0.0.0
Service ServiceModelService 3.0.0.0
Service ServiceModelService 4.0.0.0
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (SonicStage Back-End Service Module/Sony Corporation) [MANUAL] SonicStage Back-End Service
Service C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Digital Imaging/Sony Corporation) [MANUAL] sonypvs1
Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation) [MANUAL] SONYPVU1
Service C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (SPTISRV Module/Sony Corporation) [MANUAL] SPTISRV
Service C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (SonicStage Scsi I/F Server/Sony Corporation) [MANUAL] SSScsiSV
Service StarOpen
Service C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [MANUAL] stllssvr
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service TCPIP_ATMARPC
Service [MANUAL] TlntSvr
Service System32\Drivers\usbaapl.sys [MANUAL] USBAAPL
Service C:\WINDOWS\system32\DRIVERS\Vax347b.sys (Plug and Play BIOS Extension/ ) [BOOT] Vax347b
Service C:\WINDOWS\System32\Drivers\Vax347s.sys (SCSI miniport/ ) [BOOT] Vax347s
Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.) [BOOT] viaagp1
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service C:\WINDOWS\system32\drivers\viasens.sys (Sensaura WDM 3D Audio Driver/Sensaura Ltd) [MANUAL] VIASens
Service C:\WINDOWS\system32\drivers\vinyl97.sys (Vinyl AC'97 Codec Combo WDM Driver/VIA Technologies, Inc.) [MANUAL] VIAudio
Service C:\WINDOWS\system32\DRIVERS\vmodem.sys (HSP Modem Modem Device Driver/PCTEL, INC.) [MANUAL] Vmodem
Service C:\WINDOWS\system32\DRIVERS\vpctcom.sys (HSP Modem Virtual Control Device/PCtel, Inc.) [MANUAL] Vpctcom
Service C:\WINDOWS\system32\DRIVERS\vvoice.sys (HSP Modem device driver/PCtel, Inc.) [MANUAL] Vvoice
Service C:\WINDOWS\system32\DRIVERS\wdcsam.sys (WD SCSI Architecture Model (SAM) driver/Western Digital Technologies) [MANUAL] WDC_SAM
Service C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WD Drive Manager Service/WDC) [AUTO] WDDMService
Service C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (WDSmartWareBackgroundService/Memeo) [AUTO] WDSmartWareBackgroundService
Service WebPost
Service WG3DRV
Service WG4DRV
Service WG5DRV
Service WG6DRV
Service Windows Workflow Foundation 3.0.0.0
Service Windows Workflow Foundation 4.0.0.0
Service wmi
Service [BOOT] XMS1563K

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #24  
Old May 31st, 2012, 03:30 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,371
18:35:08.0781 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:35:08.0781 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Go ahead and run TDSSKiller again, and this time allow it to remove those bootkit folders. Click the reboot if it shows. Post that new log please.

----------

Kinda think part of all this is a program called Magic Folders, or something that uses the same functions - it's little known functions keeping showing in these logs.

Check here please, and see if you yourself can tie something there to that Magic program.

----------

However, this is sorta suspect:

Service [BOOT] IPVNMon

Not sure I have seen that service setup as a boot startup, which is reserved for only those few services need early in the startup procedure.

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log please.
Reply With Quote
  #25  
Old May 31st, 2012, 12:34 PM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
TDSS log

Jintan:
Magic folders is a program I've had for years which hide certain files from prying eyes. It has never given me any problems before.
Here is the TDSS log.
20:30:05.0218 2656 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
20:30:06.0093 2656 ================================================== ==========
20:30:06.0093 2656 Current date / time: 2012/05/30 20:30:06.0093
20:30:06.0093 2656 SystemInfo:
20:30:06.0093 2656
20:30:06.0093 2656 OS Version: 5.1.2600 ServicePack: 3.0
20:30:06.0093 2656 Product type: Workstation
20:30:06.0093 2656 ComputerName: DADS
20:30:06.0093 2656 UserName: Owner
20:30:06.0093 2656 Windows directory: C:\WINDOWS
20:30:06.0093 2656 System windows directory: C:\WINDOWS
20:30:06.0093 2656 Processor architecture: Intel x86
20:30:06.0093 2656 Number of processors: 1
20:30:06.0093 2656 Page size: 0x1000
20:30:06.0093 2656 Boot type: Normal boot
20:30:06.0093 2656 ================================================== ==========
20:30:08.0656 2656 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:30:08.0671 2656 Drive \Device\Harddisk1\DR1 - Size: 0x1805E2000 (6.01 Gb), SectorSize: 0x200, Cylinders: 0x310, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:30:08.0796 2656 ================================================== ==========
20:30:08.0796 2656 \Device\Harddisk0\DR0:
20:30:08.0796 2656 MBR partitions:
20:30:08.0796 2656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x975A998
20:30:08.0812 2656 \Device\Harddisk1\DR1:
20:30:08.0812 2656 MBR partitions:
20:30:08.0812 2656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC02ED1
20:30:08.0812 2656 ================================================== ==========
20:30:08.0875 2656 C: <-> \Device\Harddisk0\DR0\Partition0
20:30:08.0906 2656 F: <-> \Device\Harddisk1\DR1\Partition0
20:30:08.0906 2656 ================================================== ==========
20:30:08.0906 2656 Initialize success
20:30:08.0906 2656 ================================================== ==========
20:30:15.0265 2440 ================================================== ==========
20:30:15.0265 2440 Scan started
20:30:15.0265 2440 Mode: Manual; TDLFS;
20:30:15.0265 2440 ================================================== ==========
20:30:15.0843 2440 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:30:15.0890 2440 !SASCORE - ok
20:30:17.0015 2440 a2free (160270fb6706b45392b3c20753bef1a9) C:\Program Files\a2 free\a2service.exe
20:30:17.0906 2440 a2free - ok
20:30:18.0453 2440 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:30:18.0500 2440 Aavmker4 - ok
20:30:18.0546 2440 Abiosdsk - ok
20:30:18.0593 2440 abp480n5 - ok
20:30:18.0750 2440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:30:18.0828 2440 ACPI - ok
20:30:18.0875 2440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:30:18.0890 2440 ACPIEC - ok
20:30:19.0046 2440 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:30:19.0078 2440 Adobe LM Service - ok
20:30:19.0125 2440 adpu160m - ok
20:30:19.0281 2440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:30:19.0343 2440 aec - ok
20:30:19.0421 2440 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:30:19.0437 2440 AegisP - ok
20:30:19.0484 2440 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
20:30:19.0515 2440 Afc - ok
20:30:19.0640 2440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:30:19.0687 2440 AFD - ok
20:30:19.0812 2440 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
20:30:19.0812 2440 AFS2K - ok
20:30:19.0859 2440 Aha154x - ok
20:30:19.0906 2440 aic78u2 - ok
20:30:19.0953 2440 aic78xx - ok
20:30:20.0046 2440 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:30:20.0062 2440 Alerter - ok
20:30:20.0125 2440 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:30:20.0156 2440 ALG - ok
20:30:20.0203 2440 AliIde - ok
20:30:20.0250 2440 amsint - ok
20:30:20.0328 2440 AppMgmt - ok
20:30:20.0390 2440 asc - ok
20:30:20.0437 2440 asc3350p - ok
20:30:20.0484 2440 asc3550 - ok
20:30:20.0609 2440 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
20:30:20.0625 2440 Aspi32 - ok
20:30:20.0781 2440 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe
20:30:20.0906 2440 aspnet_state - ok
20:30:20.0984 2440 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:30:21.0000 2440 aswFsBlk - ok
20:30:21.0109 2440 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
20:30:21.0171 2440 aswMon2 - ok
20:30:21.0250 2440 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
20:30:21.0265 2440 aswRdr - ok
20:30:21.0531 2440 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
20:30:21.0718 2440 aswSnx - ok
20:30:21.0906 2440 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
20:30:22.0031 2440 aswSP - ok
20:30:22.0125 2440 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
20:30:22.0140 2440 aswTdi - ok
20:30:22.0281 2440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:30:22.0296 2440 AsyncMac - ok
20:30:22.0406 2440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:30:22.0421 2440 atapi - ok
20:30:22.0468 2440 Atdisk - ok
20:30:22.0562 2440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:30:22.0593 2440 Atmarpc - ok
20:30:22.0687 2440 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:30:22.0703 2440 AudioSrv - ok
20:30:22.0781 2440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:30:22.0796 2440 audstub - ok
20:30:23.0046 2440 Autodesk Licensing Service (32a5defddc3562bf89d73586f5915b34) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
20:30:23.0078 2440 Autodesk Licensing Service - ok
20:30:23.0203 2440 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
20:30:23.0234 2440 avast! Antivirus - ok
20:30:23.0328 2440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:30:23.0343 2440 Beep - ok
20:30:23.0578 2440 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:30:23.0875 2440 BITS - ok
20:30:23.0968 2440 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:30:24.0015 2440 Browser - ok
20:30:24.0171 2440 catchme - ok
20:30:24.0250 2440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:30:24.0265 2440 cbidf2k - ok
20:30:24.0343 2440 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:30:24.0375 2440 CCDECODE - ok
20:30:24.0421 2440 cd20xrnt - ok
20:30:24.0500 2440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:30:24.0515 2440 Cdaudio - ok
20:30:24.0609 2440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:30:24.0656 2440 Cdfs - ok
20:30:24.0750 2440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:30:24.0781 2440 Cdrom - ok
20:30:24.0828 2440 Changer - ok
20:30:24.0906 2440 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:30:24.0921 2440 CiSvc - ok
20:30:25.0000 2440 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:30:25.0015 2440 ClipSrv - ok
20:30:25.0234 2440 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
20:30:25.0484 2440 clr_optimization_v2.0.50727_32 - ok
20:30:25.0640 2440 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
20:30:25.0859 2440 clr_optimization_v4.0.30319_32 - ok
20:30:25.0890 2440 CmdIde - ok
20:30:25.0953 2440 CoachAud (3128276503486bff925e8fa57f1c2776) C:\WINDOWS\system32\DRIVERS\CoachAud.sys
20:30:25.0984 2440 CoachAud - ok
20:30:26.0031 2440 CoachUsb - ok
20:30:26.0078 2440 CoachVc - ok
20:30:26.0125 2440 COMSysApp - ok
20:30:26.0234 2440 Cpqarray - ok
20:30:26.0296 2440 crlscsi (e08ac114b931dacafbdd9d5e0b93815c) C:\WINDOWS\system32\drivers\crlscsi.sys
20:30:26.0328 2440 crlscsi - ok
20:30:26.0421 2440 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:30:26.0468 2440 CryptSvc - ok
20:30:26.0515 2440 dac2w2k - ok
20:30:26.0562 2440 dac960nt - ok
20:30:26.0843 2440 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:30:27.0062 2440 DcomLaunch - ok
20:30:27.0218 2440 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:30:27.0281 2440 Dhcp - ok
20:30:27.0359 2440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:30:27.0390 2440 Disk - ok
20:30:27.0437 2440 dmadmin - ok
20:30:27.0921 2440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:30:28.0250 2440 dmboot - ok
20:30:28.0375 2440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:30:28.0468 2440 dmio - ok
20:30:28.0546 2440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:30:28.0546 2440 dmload - ok
20:30:28.0625 2440 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:30:28.0640 2440 dmserver - ok
20:30:28.0765 2440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:30:28.0796 2440 DMusic - ok
20:30:28.0875 2440 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:30:28.0937 2440 Dnscache - ok
20:30:29.0062 2440 dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:30:29.0156 2440 dot3svc - ok
20:30:29.0234 2440 dpti2o - ok
20:30:29.0296 2440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:30:29.0312 2440 drmkaud - ok
20:30:29.0437 2440 drvmcdb (55f25c7eb606f923fa317ae29a8bd72a) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:30:29.0484 2440 drvmcdb - ok
20:30:29.0562 2440 eaphost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:30:29.0593 2440 eaphost - ok
20:30:29.0671 2440 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:30:29.0703 2440 ERSvc - ok
20:30:29.0843 2440 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:30:29.0937 2440 Eventlog - ok
20:30:30.0625 2440 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:30:30.0734 2440 EventSystem - ok
20:30:30.0906 2440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:30:30.0968 2440 Fastfat - ok
20:30:31.0093 2440 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:30:31.0234 2440 FastUserSwitchingCompatibility - ok
20:30:31.0328 2440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:30:31.0343 2440 Fdc - ok
20:30:31.0437 2440 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:30:31.0453 2440 FETNDIS - ok
20:30:31.0546 2440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:30:31.0578 2440 Fips - ok
20:30:31.0640 2440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:30:31.0687 2440 Flpydisk - ok
20:30:31.0796 2440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:30:31.0859 2440 FltMgr - ok
20:30:32.0796 2440 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
20:30:32.0843 2440 FontCache3.0.0.0 - ok
20:30:32.0890 2440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:32.0890 2440 Fs_Rec - ok
20:30:32.0968 2440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:33.0031 2440 Ftdisk - ok
20:30:33.0078 2440 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:30:33.0093 2440 gameenum - ok
20:30:33.0140 2440 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:30:33.0156 2440 GEARAspiWDM - ok
20:30:33.0234 2440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:33.0265 2440 Gpc - ok
20:30:33.0453 2440 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:33.0515 2440 gupdate - ok
20:30:33.0531 2440 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:33.0531 2440 gupdatem - ok
20:30:33.0609 2440 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:30:33.0625 2440 helpsvc - ok
20:30:33.0671 2440 HFXP2 (4b606999d47e8bd466dbcf3e6cde044c) C:\WINDOWS\system32\DRIVERS\HFXP2.SYS
20:30:33.0687 2440 HFXP2 - ok
20:30:33.0734 2440 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:30:33.0765 2440 HidServ - ok
20:30:33.0812 2440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:30:33.0828 2440 HidUsb - ok
20:30:33.0890 2440 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:30:33.0953 2440 hkmsvc - ok
20:30:33.0968 2440 hpn - ok
20:30:34.0015 2440 HPZid412 (d3eaa6f63fff759d36f8b7adc0b52b7d) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:30:34.0062 2440 HPZid412 - ok
20:30:34.0109 2440 HPZipr12 (8b34661cd899e9274395d5f9ceef725e) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:30:34.0125 2440 HPZipr12 - ok
20:30:34.0187 2440 HPZius12 (8c5b5566bbc78d6aedad44e92dbd878e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:30:34.0203 2440 HPZius12 - ok
20:30:34.0390 2440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:34.0484 2440 HTTP - ok
20:30:34.0531 2440 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:30:34.0625 2440 HTTPFilter - ok
20:30:34.0640 2440 i2omgmt - ok
20:30:34.0656 2440 i2omp - ok
20:30:34.0718 2440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:30:34.0750 2440 i8042prt - ok
20:30:34.0875 2440 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:30:34.0921 2440 IDriverT - ok
20:30:35.0421 2440 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:30:35.0828 2440 idsvc - ok
20:30:35.0875 2440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:30:35.0906 2440 Imapi - ok
20:30:36.0000 2440 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:30:36.0093 2440 ImapiService - ok
20:30:36.0109 2440 ini910u - ok
20:30:36.0140 2440 IntelIde - ok
20:30:36.0218 2440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:30:36.0250 2440 Ip6Fw - ok
20:30:36.0296 2440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:30:36.0328 2440 IpFilterDriver - ok
20:30:36.0359 2440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:30:36.0390 2440 IpInIp - ok
20:30:36.0500 2440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:30:36.0562 2440 IpNat - ok
20:30:36.0640 2440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:36.0671 2440 IPSec - ok
20:30:36.0687 2440 IPVNMon - ok
20:30:36.0718 2440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:36.0734 2440 IRENUM - ok
20:30:36.0781 2440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:36.0812 2440 isapnp - ok
20:30:37.0015 2440 JavaQuickStarterService (126a16f569122ae00ad3d12ef831d651) C:\Program Files\Java\jre6\bin\jqs.exe
20:30:37.0093 2440 JavaQuickStarterService - ok
20:30:37.0140 2440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:30:37.0187 2440 Kbdclass - ok
20:30:37.0250 2440 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:30:37.0281 2440 kbdhid - ok
20:30:37.0406 2440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:30:37.0468 2440 kmixer - ok
20:30:37.0484 2440 KodakCCS - ok
20:30:37.0562 2440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:30:37.0609 2440 KSecDD - ok
20:30:37.0671 2440 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:30:37.0796 2440 lanmanserver - ok
20:30:37.0906 2440 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:30:38.0031 2440 lanmanworkstation - ok
20:30:38.0046 2440 lbrtfdc - ok
20:30:38.0156 2440 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:30:38.0187 2440 LightScribeService - ok
20:30:38.0328 2440 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
20:30:38.0421 2440 LinksysUpdater - ok
20:30:38.0468 2440 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:30:38.0515 2440 LmHosts - ok
20:30:38.0593 2440 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:30:38.0625 2440 MBAMSwissArmy - ok
20:30:38.0687 2440 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:30:38.0734 2440 Messenger - ok
20:30:38.0765 2440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:30:38.0781 2440 mnmdd - ok
20:30:38.0828 2440 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:30:38.0890 2440 mnmsrvc - ok
20:30:38.0921 2440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:30:38.0937 2440 Modem - ok
20:30:39.0000 2440 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:30:39.0015 2440 MODEMCSA - ok
20:30:39.0046 2440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:30:39.0062 2440 Mouclass - ok
20:30:39.0109 2440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:30:39.0125 2440 mouhid - ok
20:30:39.0203 2440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:30:39.0234 2440 MountMgr - ok
20:30:39.0265 2440 mraid35x - ok
20:30:39.0375 2440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:30:39.0453 2440 MRxDAV - ok
20:30:39.0687 2440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:30:39.0875 2440 MRxSmb - ok
20:30:40.0031 2440 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
20:30:40.0062 2440 MSCSPTISRV - ok
20:30:40.0109 2440 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:30:40.0140 2440 MSDTC - ok
20:30:40.0218 2440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:30:40.0234 2440 Msfs - ok
20:30:40.0250 2440 MSIServer - ok
20:30:40.0281 2440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:30:40.0312 2440 MSKSSRV - ok
20:30:40.0343 2440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:30:40.0359 2440 MSPCLOCK - ok
20:30:40.0390 2440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:30:40.0406 2440 MSPQM - ok
20:30:40.0453 2440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:30:40.0468 2440 mssmbios - ok
20:30:40.0562 2440 MSSQL$OALM08 - ok
20:30:40.0687 2440 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:30:40.0750 2440 MSSQLServerADHelper100 - ok
20:30:40.0781 2440 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:30:40.0796 2440 MSTEE - ok
20:30:40.0828 2440 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
20:30:40.0843 2440 ms_mpu401 - ok
20:30:40.0921 2440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:30:40.0984 2440 Mup - ok
20:30:41.0031 2440 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:30:41.0078 2440 NABTSFEC - ok
20:30:41.0328 2440 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:30:41.0500 2440 napagent - ok
20:30:41.0625 2440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:30:41.0703 2440 NDIS - ok
20:30:41.0734 2440 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:30:41.0750 2440 NdisIP - ok
20:30:41.0796 2440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:30:41.0812 2440 NdisTapi - ok
20:30:41.0859 2440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:30:41.0875 2440 Ndisuio - ok
20:30:41.0937 2440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:30:41.0984 2440 NdisWan - ok
20:30:42.0031 2440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:30:42.0062 2440 NDProxy - ok
20:30:42.0125 2440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:30:42.0140 2440 NetBIOS - ok
20:30:42.0296 2440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:30:42.0375 2440 NetBT - ok
20:30:42.0468 2440 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:30:42.0562 2440 NetDDE - ok
20:30:42.0578 2440 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:30:42.0625 2440 NetDDEdsdm - ok
20:30:42.0671 2440 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:42.0703 2440 Netlogon - ok
20:30:42.0843 2440 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:30:42.0968 2440 Netman - ok
20:30:43.0140 2440 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
20:30:43.0375 2440 NetTcpPortSharing - ok
20:30:43.0515 2440 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:30:43.0640 2440 Nla - ok
20:30:44.0031 2440 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
20:30:44.0328 2440 nmservice - ok
20:30:44.0406 2440 nosGetPlusHelper (9865516d33bc66fddac9db4087d4b6aa) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
20:30:44.0437 2440 nosGetPlusHelper - ok
20:30:44.0546 2440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:30:44.0562 2440 Npfs - ok
20:30:44.0843 2440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:30:45.0078 2440 Ntfs - ok
20:30:45.0125 2440 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:45.0156 2440 NtLmSsp - ok
20:30:45.0437 2440 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:30:45.0656 2440 NtmsSvc - ok
20:30:45.0703 2440 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:30:45.0718 2440 NuidFltr - ok
20:30:45.0765 2440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:30:45.0781 2440 Null - ok
20:30:45.0828 2440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:30:45.0843 2440 NwlnkFlt - ok
20:30:45.0890 2440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:30:45.0906 2440 NwlnkFwd - ok
20:30:46.0109 2440 ose (99bf0b1bcadf83102cbbbea4d0d22732) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:30:46.0171 2440 ose - ok
20:30:46.0281 2440 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
20:30:46.0312 2440 PACSPTISVR - ok
20:30:46.0390 2440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:30:46.0437 2440 Parport - ok
20:30:46.0484 2440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:30:46.0500 2440 PartMgr - ok
20:30:46.0531 2440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:30:46.0546 2440 ParVdm - ok
20:30:46.0609 2440 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
20:30:46.0625 2440 pavboot - ok
20:30:46.0703 2440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:30:46.0734 2440 PCI - ok
20:30:46.0765 2440 PCIDump - ok
20:30:46.0781 2440 PCIIde - ok
20:30:46.0875 2440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:30:46.0937 2440 Pcmcia - ok
20:30:47.0000 2440 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
20:30:47.0031 2440 Pcouffin - ok
20:30:47.0046 2440 PDCOMP - ok
20:30:47.0062 2440 PDFRAME - ok
20:30:47.0078 2440 PDRELI - ok
20:30:47.0109 2440 PDRFRAME - ok
20:30:47.0125 2440 perc2 - ok
20:30:47.0156 2440 perc2hib - ok
20:30:47.0296 2440 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:30:47.0359 2440 PlugPlay - ok
20:30:47.0437 2440 Pml Driver HPZ12 (67c4b32a2d107862df0e3346aadda86e) C:\WINDOWS\system32\HPZipm12.exe
20:30:47.0484 2440 Pml Driver HPZ12 - ok
20:30:47.0546 2440 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
20:30:47.0562 2440 pnarp - ok
20:30:47.0609 2440 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys
20:30:47.0640 2440 Point32 - ok
20:30:47.0687 2440 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:47.0718 2440 PolicyAgent - ok
20:30:47.0765 2440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:30:47.0796 2440 PptpMiniport - ok
20:30:47.0859 2440 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
20:30:47.0875 2440 PQNTDrv - ok
20:30:47.0921 2440 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:30:47.0937 2440 Processor - ok
20:30:47.0968 2440 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:48.0000 2440 ProtectedStorage - ok
20:30:48.0093 2440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:30:48.0125 2440 PSched - ok
20:30:48.0156 2440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:30:48.0203 2440 Ptilink - ok
20:30:48.0390 2440 Ptserial (403727208b1156f8a2a6c65886f41c5a) C:\WINDOWS\system32\DRIVERS\ptserial.sys
20:30:48.0531 2440 Ptserial - ok
20:30:48.0578 2440 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
20:30:48.0609 2440 purendis - ok
20:30:48.0671 2440 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:30:48.0703 2440 PxHelp20 - ok
20:30:48.0750 2440 QCDonner (ae4c2d854f2786eda93e923a4bced983) C:\WINDOWS\system32\DRIVERS\LVCD.sys
20:30:48.0781 2440 QCDonner - ok
20:30:48.0796 2440 ql1080 - ok
20:30:48.0812 2440 Ql10wnt - ok
20:30:48.0828 2440 ql12160 - ok
20:30:48.0843 2440 ql1240 - ok
20:30:48.0859 2440 ql1280 - ok
20:30:48.0906 2440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:30:48.0921 2440 RasAcd - ok
20:30:49.0015 2440 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:30:49.0093 2440 RasAuto - ok
20:30:49.0140 2440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:30:49.0203 2440 Rasl2tp - ok
20:30:49.0343 2440 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:30:49.0453 2440 RasMan - ok
20:30:49.0515 2440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:30:49.0546 2440 RasPppoe - ok
20:30:49.0578 2440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:30:49.0609 2440 Raspti - ok
20:30:49.0718 2440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:30:49.0796 2440 Rdbss - ok
20:30:49.0812 2440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:30:49.0843 2440 RDPCDD - ok
20:30:49.0953 2440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:30:50.0015 2440 RDPWD - ok
20:30:50.0125 2440 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:30:50.0234 2440 RDSessMgr - ok
20:30:50.0312 2440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:30:50.0343 2440 redbook - ok
20:30:50.0437 2440 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:30:50.0500 2440 RemoteAccess - ok
20:30:50.0593 2440 RoxLiveShare9 - ok
20:30:50.0671 2440 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:30:50.0734 2440 RpcLocator - ok
20:30:50.0953 2440 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:30:51.0000 2440 RpcSs - ok
20:30:51.0203 2440 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
20:30:51.0312 2440 RsFx0103 - ok
20:30:51.0406 2440 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:30:51.0500 2440 RSVP - ok
20:30:51.0625 2440 RT25USBAP (05691b0b52575c057e5ac35242e5d231) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
20:30:51.0703 2440 RT25USBAP - ok
20:30:51.0859 2440 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
20:30:51.0953 2440 RT73 - ok
20:30:52.0078 2440 s3m (22098a69bddf00b6a88264bf0996ccaa) C:\WINDOWS\system32\DRIVERS\s3m.sys
20:30:52.0156 2440 s3m - ok
20:30:52.0281 2440 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
20:30:52.0375 2440 S3Psddr - ok
20:30:52.0390 2440 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
20:30:52.0406 2440 S3SavageNB - ok
20:30:52.0500 2440 SABProcEnum - ok
20:30:52.0531 2440 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:52.0562 2440 SamSs - ok
20:30:52.0656 2440 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:30:52.0656 2440 SASDIFSV - ok
20:30:52.0718 2440 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:30:52.0718 2440 SASENUM - ok
20:30:52.0781 2440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:30:52.0812 2440 SASKUTIL - ok
20:30:52.0921 2440 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:30:53.0000 2440 SCardSvr - ok
20:30:53.0062 2440 SCDEmu (0b58150b5960e0e670fb91187f9b17bd) C:\WINDOWS\system32\drivers\SCDEmu.sys
20:30:53.0078 2440 SCDEmu - ok
20:30:53.0218 2440 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:30:53.0359 2440 Schedule - ok
20:30:53.0406 2440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:30:53.0421 2440 Secdrv - ok
20:30:53.0484 2440 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:30:53.0546 2440 seclogon - ok
20:30:53.0593 2440 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:30:53.0656 2440 SENS - ok
20:30:53.0718 2440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:30:53.0734 2440 serenum - ok
20:30:53.0796 2440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:30:53.0843 2440 Serial - ok
20:30:54.0015 2440 ServiceLayer (78546cd2eca6dd6bdcd4b13048621f88) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:30:54.0140 2440 ServiceLayer - ok
20:30:54.0250 2440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:30:54.0265 2440 Sfloppy - ok
20:30:54.0453 2440 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:30:54.0609 2440 SharedAccess - ok
20:30:54.0703 2440 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:30:54.0765 2440 ShellHWDetection - ok
20:30:54.0781 2440 Simbad - ok
20:30:54.0828 2440 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:30:54.0843 2440 SLIP - ok
20:30:55.0000 2440 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
20:30:55.0046 2440 SonicStage Back-End Service - ok
20:30:55.0140 2440 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
20:30:55.0328 2440 sonypvs1 - ok
20:30:55.0390 2440 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:30:55.0406 2440 SONYPVU1 - ok
20:30:55.0406 2440 Sparrow - ok
20:30:55.0453 2440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:30:55.0468 2440 splitter - ok
20:30:55.0531 2440 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:30:55.0609 2440 Spooler - ok
20:30:55.0671 2440 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
20:30:55.0703 2440 SPTISRV - ok
20:30:55.0984 2440 SQLAgent$OALM08 (d494597e8c665f2d515d9d24fa9616ef) c:\Program Files\Microsoft SQL Server\MSSQL10.OALM08\MSSQL\Binn\SQLAGENT.EXE
20:30:56.0156 2440 SQLAgent$OALM08 - ok
20:30:56.0375 2440 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:30:56.0484 2440 SQLBrowser - ok
20:30:56.0546 2440 SQLWriter (997bc62f49d0d84214fe887f09197d41) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:30:56.0578 2440 SQLWriter - ok
20:30:56.0671 2440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:30:56.0718 2440 sr - ok
20:30:56.0843 2440 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:30:56.0968 2440 srservice - ok
20:30:57.0171 2440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:30:57.0343 2440 Srv - ok
20:30:57.0406 2440 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:30:57.0515 2440 SSDPSRV - ok
20:30:57.0625 2440 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
20:30:57.0671 2440 SSScsiSV - ok
20:30:57.0718 2440 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:30:57.0718 2440 StillCam - ok
20:30:57.0937 2440 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:30:58.0156 2440 stisvc - ok
20:30:58.0171 2440 stllssvr - ok
20:30:58.0218 2440 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:30:58.0250 2440 streamip - ok
20:30:58.0296 2440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:30:58.0312 2440 swenum - ok
20:30:58.0375 2440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:30:58.0421 2440 swmidi - ok
20:30:58.0453 2440 SwPrv - ok
20:30:58.0468 2440 symc810 - ok
20:30:58.0500 2440 symc8xx - ok
20:30:58.0515 2440 sym_hi - ok
20:30:58.0531 2440 sym_u3 - ok
20:30:58.0593 2440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:30:58.0640 2440 sysaudio - ok
20:30:58.0718 2440 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:30:58.0812 2440 SysmonLog - ok
20:30:58.0968 2440 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:30:59.0125 2440 TapiSrv - ok
20:30:59.0390 2440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:30:59.0546 2440 Tcpip - ok
20:30:59.0609 2440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:30:59.0625 2440 TDPIPE - ok
20:30:59.0671 2440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:30:59.0703 2440 TDTCP - ok
20:30:59.0765 2440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:30:59.0781 2440 TermDD - ok
20:30:59.0953 2440 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:31:00.0125 2440 TermService - ok
20:31:00.0250 2440 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:31:00.0328 2440 Themes - ok
20:31:00.0343 2440 TosIde - ok
20:31:00.0437 2440 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:31:00.0531 2440 TrkWks - ok
20:31:00.0625 2440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:31:00.0656 2440 Udfs - ok
20:31:00.0687 2440 ultra - ok
20:31:00.0875 2440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:31:01.0031 2440 Update - ok
20:31:01.0156 2440 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:31:01.0312 2440 upnphost - ok
20:31:01.0359 2440 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:31:01.0421 2440 UPS - ok
20:31:01.0437 2440 USBAAPL - ok
20:31:01.0515 2440 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:31:01.0562 2440 usbaudio - ok
20:31:01.0609 2440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:31:01.0640 2440 usbccgp - ok
20:31:01.0687 2440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:31:01.0718 2440 usbehci - ok
20:31:01.0765 2440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:31:01.0796 2440 usbhub - ok
20:31:01.0843 2440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:31:01.0859 2440 usbprint - ok
20:31:01.0906 2440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:31:01.0921 2440 usbscan - ok
20:31:01.0968 2440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:31:02.0000 2440 USBSTOR - ok
20:31:02.0046 2440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:31:02.0062 2440 usbuhci - ok
20:31:02.0218 2440 Vax347b (cb3400d696bee266c38cae330c2b4337) C:\WINDOWS\system32\DRIVERS\Vax347b.sys
20:31:02.0296 2440 Vax347b - ok
20:31:02.0328 2440 Vax347s (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\Vax347s.sys
20:31:02.0343 2440 Vax347s - ok
20:31:02.0390 2440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:31:02.0406 2440 VgaSave - ok
20:31:02.0468 2440 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:31:02.0500 2440 viaagp - ok
20:31:02.0546 2440 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:31:02.0562 2440 viaagp1 - ok
20:31:02.0593 2440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:31:02.0609 2440 ViaIde - ok
20:31:02.0828 2440 VIASens (d3fb0a70fa3e3a62f1b2faa88daabae8) C:\WINDOWS\system32\drivers\viasens.sys
20:31:03.0015 2440 VIASens - ok
20:31:03.0140 2440 VIAudio (df47d922e86f4c571d81221bfb5873b8) C:\WINDOWS\system32\drivers\vinyl97.sys
20:31:03.0250 2440 VIAudio - ok
20:31:03.0671 2440 Vmodem (a630c3b4b1f8ebe85a6c70128135b388) C:\WINDOWS\system32\DRIVERS\vmodem.sys
20:31:04.0062 2440 Vmodem - ok
20:31:04.0125 2440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:31:04.0156 2440 VolSnap - ok
20:31:04.0609 2440 Vpctcom (8dffba3f522ea796d2e015fc137b4ce0) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
20:31:05.0000 2440 Vpctcom - ok
20:31:05.0015 2440 vsdatant - ok
20:31:05.0187 2440 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:31:05.0375 2440 VSS - ok
20:31:05.0468 2440 Vvoice (f10cdd635fbc729372736a6ec0b0b30c) C:\WINDOWS\system32\DRIVERS\vvoice.sys
20:31:05.0515 2440 Vvoice - ok
20:31:05.0640 2440 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:31:05.0750 2440 W32Time - ok
20:31:05.0812 2440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:31:05.0859 2440 Wanarp - ok
20:31:05.0890 2440 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:31:05.0906 2440 WDC_SAM - ok
20:31:06.0062 2440 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
20:31:06.0109 2440 WDDMService - ok
20:31:06.0406 2440 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:31:06.0609 2440 Wdf01000 - ok
20:31:06.0625 2440 WDICA - ok
20:31:06.0718 2440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:31:06.0765 2440 wdmaud - ok
20:31:06.0859 2440 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
20:31:06.0875 2440 WDSmartWareBackgroundService - ok
20:31:06.0968 2440 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:31:07.0046 2440 WebClient - ok
20:31:07.0250 2440 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:31:07.0312 2440 winmgmt - ok
20:31:07.0390 2440 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:31:07.0437 2440 WmdmPmSN - ok
20:31:07.0546 2440 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:31:07.0609 2440 WmiApSrv - ok
20:31:08.0078 2440 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:31:08.0500 2440 WMPNetworkSvc - ok
20:31:08.0609 2440 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:31:08.0640 2440 WpdUsb - ok
20:31:09.0125 2440 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
20:31:09.0500 2440 WPFFontCache_v0400 - ok
20:31:09.0546 2440 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:31:09.0609 2440 WS2IFSL - ok
20:31:09.0671 2440 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:31:09.0968 2440 wscsvc - ok
20:31:10.0031 2440 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:31:10.0156 2440 WSTCODEC - ok
20:31:10.0609 2440 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:31:12.0875 2440 wuauserv - ok
20:31:13.0312 2440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:31:13.0375 2440 WudfPf - ok
20:31:13.0546 2440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:31:13.0593 2440 WudfRd - ok
20:31:13.0640 2440 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:31:13.0734 2440 WudfSvc - ok
20:31:13.0984 2440 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:31:14.0281 2440 WZCSVC - ok
20:31:14.0390 2440 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:31:14.0546 2440 xmlprov - ok
20:31:14.0703 2440 XMS1563K (d90894db9bae60c9639437f0d463707e) C:\WINDOWS\system32\drivers\XMS1563K.sys
20:31:14.0734 2440 XMS1563K - ok
20:31:14.0812 2440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:31:16.0390 2440 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:31:16.0484 2440 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:31:16.0718 2440 MBR (0x1B8) (c7b0b68c056ce40e2117641aa41e112a) \Device\Harddisk1\DR1
20:31:22.0218 2440 \Device\Harddisk1\DR1 - ok
20:31:22.0234 2440 Boot (0x1200) (114544a47505cb9b49ae2289dac1b695) \Device\Harddisk0\DR0\Partition0
20:31:22.0234 2440 \Device\Harddisk0\DR0\Partition0 - ok
20:31:22.0281 2440 Boot (0x1200) (559915d29b3327099eb3db347ee363e0) \Device\Harddisk1\DR1\Partition0
20:31:22.0296 2440 \Device\Harddisk1\DR1\Partition0 - ok
20:31:22.0296 2440 ================================================== ==========
20:31:22.0296 2440 Scan finished
20:31:22.0296 2440 ================================================== ==========
20:31:22.0328 0348 Detected object count: 1
20:31:22.0328 0348 Actual detected object count: 1
20:31:43.0421 0348 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
20:31:43.0437 0348 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:31:43.0437 0348 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:31:43.0484 0348 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:31:43.0500 0348 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:31:43.0515 0348 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:31:43.0515 0348 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:31:43.0546 0348 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:31:43.0562 0348 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:31:43.0625 0348 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:31:43.0625 0348 \Device\Harddisk0\DR0\TDLFS - deleted
20:31:43.0625 0348 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
20:31:54.0671 1600 Deinitialize success
Thanks again
Reply With Quote
  #26  
Old May 31st, 2012, 12:37 PM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
Eset log

Jintan:
Here is the Eset log; Looks like it found something.
Thanks again for your help.
C:\TDSSKiller_Quarantine\30.05.2012_20.30.06\tdlfs 0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.05.2012_20.30.06\tdlfs 0000\tsk0005.dta a variant of Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.05.2012_20.30.06\tdlfs 0000\tsk0007.dta probably a variant of Win32/Agent.IKAWYZG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.05.2012_20.30.06\tdlfs 0000\tsk0008.dta Win64/Olmarik.A trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.05.2012_20.30.06\tdlfs 0000\tsk0009.dta a variant of Win32/Olmarik.AFA trojan cleaned by deleting - quarantined
Reply With Quote
  #27  
Old June 1st, 2012, 12:34 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,371
Just asking about Magic Folders, due to there being many unfamiliar hidden functions in Gmer. All parts of the rootkit except the active part, which usually suggests you already had run something that took that out before we teamed up on it. Unless Magic Folders is unwittingly involved, hiding things. Still the same problems now as all along?
Reply With Quote
  #28  
Old June 1st, 2012, 02:16 AM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
what next?

Jintan:
The computer runs better at times and still super slow other times.
The waudt and svchost still come and go.
I went to uninstall Magic Folders thinking you know more about infections than I do, but it doesn't have an un-installer. How would you suggest I get rid of it?
I really appreciate your help.

Just found the un-instaler inside the program. After running it it asked for a re-boot and I did
Would you like a new GMER scan?

Last edited by i82much; June 1st, 2012 at 02:51 AM. Reason: new info
Reply With Quote
  #29  
Old June 2nd, 2012, 01:18 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,371
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop (click next to "Lien de téléchargement:").

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
Reply With Quote
  #30  
Old June 2nd, 2012, 04:02 AM
i82much i82much is offline
Senior Member
 
Join Date: Mar 2006
O/S: Windows XP Home
Location: Norco, CA
Age: 59
Posts: 175
RougeKiller log

Jintan:
I ran the scan, but was never promted to enter "1"
Here is the log
RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 06/01/2012 19:56:31

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[45] : NtCreatePagingFile @ 0x805C45FB -> HOOKED (Vax347b.sys @ 0xF7642C70)
_INLINE_ : NtCreatePagingFile -> HOOKED (Vax347b.sys @ 0xF7657544)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS728080PLAT20 +++++
--- User ---
[MBR] 8358d0378697ac84147f62771f1fd669
[BSP] 09d4e7748bc75d83590084cf40ec4458 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 77493 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 158706135 | Size: 1035 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Thanks again
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 12:06 AM.