Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple LSASS Instances


  • Please log in to reply
7 replies to this topic

#1 GOWRON

GOWRON

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 05 March 2012 - 12:22 PM

I have read the "how to post" guidelines, and I hope I am providing the proper information.

I am running Windows XP/SP3. Windows Firewall and Norton Antivirus are running with no problem. I had to disable Malwarebytes because it was freezing and apparently conflicts with Norton's product.

Three recent events have caused me to suspect that I am infected:

1) My mouse freezes for 3sec - 30sec multiple times per day. My machine also crashes at least once a day requiring a hard reboot. This is new bahavior.
2) Recently, my account was terminated at a commercial VPN site because they claimed I had shared my account information. They claim to have detected 95 other computers logging in with my account information. At no time have I (knowingly) shared my login details with anyone else. My password is of medium strength - composed of 7 alpha chars and one numeral.
3) Reading a description of Stuxnet, I noticed that one of its signatures was the existence of multiple instances of LSASS. Today when running "ClosetheDoor" from sysinternals I noticed that I had multiple instances of LSASS running. While I don't think I have Stuxnet, I see that this is a popular trojan pathway.

What I've done:

1) Regularly run Norton scans - both in the background and manually. I also booted into the "Norton Bootable Recovery Disk" and ran that scan with no problems. (It regularly flags "Active Ports" and some products from Nirsoft that I do not believe are trojans/virii).

2) Virus definition updates apparently proceed with no problem via Norton's LiveUpdate program.

3) A Google search on my email address (used as the username for the VPN program) and my password (run separately) yielded no hits.

4) Searched the database of usernames that were hacked from rootkit.com and did not find my email address there.

I would be grateful for any guidance at this point.

Thanks!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:57 PM

Posted 13 March 2012 - 09:22 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.

      Scan with SUPERAntiSpyware as follows:[list]
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:57 PM

Posted 13 March 2012 - 10:28 PM

You can disregard the malware bytes instructions but do the ones you can.

#4 GOWRON

GOWRON
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 14 March 2012 - 06:34 PM

Thanks for your help, cryptodan. Logs follow.


MalwareBytes:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ABC :: DELL-MAIN [administrator]

3/14/2012 11:01:33 AM
mbam-log-2012-03-14 (11-01-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404118
Time elapsed: 55 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------

SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/14/2012 at 02:35 PM

Application Version : 5.0.1146

Core Rules Database Version : 8334
Trace Rules Database Version: 6146

Scan type : Complete Scan
Total Scan Time : 02:00:36

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 779
Memory threats detected : 0
Registry items scanned : 35230
Registry threats detected : 0
File items scanned : 181527
File threats detected : 18

Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\NONADMIN LOSER\Cookies\nonadmin_loser@interclick[2].txt [ Cookie:nonadmin

loser@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NONADMIN LOSER\Cookies\nonadmin_loser@ad.yieldmanager[2].txt [ Cookie:nonadmin

loser@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NONADMIN LOSER\Cookies\nonadmin_loser@microsoftwindows.112.2o7[1].txt [

Cookie:nonadmin loser@microsoftwindows.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NONADMIN LOSER\Cookies\nonadmin_loser@fastclick[1].txt [ Cookie:nonadmin

loser@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NONADMIN LOSER\COOKIES\NONADMIN_LOSER@ATDMT[1].TXT [ /ATDMT ]
.doubleclick.net [ C:\SANDBOX\ABC\DEFAULTBOX\USER\CURRENT\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Faker
ZIP ARCHIVE( M:\WD SMARTWARE.SWSTOR\DELL-MAIN\VOLUME.EF7561CC.0F78.11DF.82B4.806D6172696F\QED\JOBS\UD CLED

WEB\FADE MAIN MENU\COLOR KHABLASHOOQATOR PRO\CKSP-2XX.ZIP )/CKHABPRO.EXE
M:\WD SMARTWARE.SWSTOR\DELL-MAIN\VOLUME.EF7561CC.0F78.11DF.82B4.806D6172696F\QED\JOBS\UD CLED WEB\FADE MAIN

MENU\COLOR KHABLASHOOQATOR PRO\CKSP-2XX.ZIP
C:\QED\JOBS\UD CLED WEB\FADE MAIN MENU\COLOR KHABLASHOOQATOR PRO\CKHABPRO.EXE
ZIP ARCHIVE( C:\QED\JOBS\UD CLED WEB\FADE MAIN MENU\COLOR KHABLASHOOQATOR PRO\CKSP-2XX.ZIP )/CKHABPRO.EXE
C:\QED\JOBS\UD CLED WEB\FADE MAIN MENU\COLOR KHABLASHOOQATOR PRO\CKSP-2XX.ZIP

Trojan.Agent/Gen-Cryptor[Egun]
C:\QED\EXCEL STOCK SCREENING TOOL\EXCEL AUTOMATION\BASICS OF AUTOMATION\AUTOMATION2\PROJECT1.EXE

Trojan.Agent/Gen-Koobface[Bonkers]
C:\QED\EXCEL STOCK SCREENING TOOL\SHAREIT KEY GENERATORS\KEYGEN\KEYGENVB.EXE
C:\QED\EXCEL STOCK SCREENING TOOL\SHAREIT KEY GENERATORS\KEYGEN\KEYGENVB_DHB.EXE

Trojan.Agent/Gen-Toggle
C:\DOCUMENTS AND SETTINGS\ABC\MY DOCUMENTS\DOWNLOADS\STRASHEELA COUNTERPOINT

SOFTWARE\INSTALLER_STRASHEELA.EXE

Trojan.Agent/Gen-MailPassView
C:\PROGRAM FILES\NIRSOFT\NIRSOFT LAUNCHER\NIRSOFT\MAILPV.EXE
ZIP ARCHIVE( C:\PROGRAM FILES\NIRSOFT\NIRSOFT LAUNCHER\NIRSOFT_PACKAGE_1.11.39.ZIP )/NIRSOFT/MAILPV.EXE
C:\PROGRAM FILES\NIRSOFT\NIRSOFT LAUNCHER\NIRSOFT_PACKAGE_1.11.39.ZIP


----------

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-14 15:21:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: oijmimlk.exe; Driver: C:\DOCUME~1\ABC\LOCALS~1\Temp\kgriqpob.sys


---- System - GMER 1.0.15 ----

Code BA720C9C ZwRequestPort
Code BA720D3C ZwRequestWaitReplyPort
Code BA720BFC ZwTraceEvent
Code BA720C9B NtRequestPort
Code BA720D3B NtRequestWaitReplyPort
Code BA720BFB NtTraceEvent

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:57 PM

Posted 14 March 2012 - 06:42 PM

Lets download and run TDSS Killer and see what it finds. Please post the log it generates, and if it asks you to fix anything. Please DO NOT FIX ANYTHING, if you fix something it could cause your PC not to boot up.

#6 GOWRON

GOWRON
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 14 March 2012 - 11:17 PM

So, nothing from the below. How, I wonder, would one search for a rootkit that no current tools detect? I'm not sure I'm smart enough to understand the answer, but I know it's a question that everyone has wondered about. Thanks for your help, cryptodan, and I'm happy to undertake further tests if you think they're warranted.

TDSS Killer Log:

00:05:42.0875 0896 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
00:05:43.0187 0896 ============================================================
00:05:43.0187 0896 Current date / time: 2012/03/15 00:05:43.0187
00:05:43.0187 0896 SystemInfo:
00:05:43.0187 0896
00:05:43.0187 0896 OS Version: 5.1.2600 ServicePack: 3.0
00:05:43.0187 0896 Product type: Workstation
00:05:43.0187 0896 ComputerName: DELL-MAIN
00:05:43.0187 0896 UserName: ABC
00:05:43.0187 0896 Windows directory: C:\WINDOWS
00:05:43.0187 0896 System windows directory: C:\WINDOWS
00:05:43.0187 0896 Processor architecture: Intel x86
00:05:43.0187 0896 Number of processors: 4
00:05:43.0187 0896 Page size: 0x1000
00:05:43.0187 0896 Boot type: Normal boot
00:05:43.0187 0896 ============================================================
00:05:44.0000 0896 Drive \Device\Harddisk0\DR0 - Size: 0x7470900000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:05:44.0015 0896 Drive \Device\Harddisk6\DR9 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:05:44.0328 0896 Drive \Device\Harddisk7\DR15 - Size: 0x1D197300000 (1862.36 Gb), SectorSize: 0x200, Cylinders: 0x3B5AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:05:44.0359 0896 \Device\Harddisk0\DR0:
00:05:44.0359 0896 MBR used
00:05:44.0359 0896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x202F254C
00:05:44.0375 0896 \Device\Harddisk6\DR9:
00:05:44.0390 0896 MBR used
00:05:44.0390 0896 \Device\Harddisk6\DR9\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
00:05:44.0390 0896 \Device\Harddisk7\DR15:
00:05:44.0390 0896 MBR used
00:05:44.0390 0896 \Device\Harddisk7\DR15\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8CB9000
00:05:44.0437 0896 Initialize success
00:05:44.0437 0896 ============================================================
00:06:52.0312 3916 ============================================================
00:06:52.0312 3916 Scan started
00:06:52.0312 3916 Mode: Manual;
00:06:52.0312 3916 ============================================================
00:06:52.0609 3916 Abiosdsk - ok
00:06:52.0671 3916 abp480n5 - ok
00:06:52.0750 3916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:06:52.0750 3916 ACPI - ok
00:06:52.0781 3916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:06:52.0812 3916 ACPIEC - ok
00:06:52.0812 3916 adpu160m - ok
00:06:52.0875 3916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:06:52.0875 3916 aec - ok
00:06:52.0921 3916 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:06:52.0937 3916 AegisP - ok
00:06:53.0000 3916 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:06:53.0000 3916 AFD - ok
00:06:53.0000 3916 Aha154x - ok
00:06:53.0015 3916 aic78u2 - ok
00:06:53.0031 3916 aic78xx - ok
00:06:53.0031 3916 AliIde - ok
00:06:53.0046 3916 amsint - ok
00:06:53.0125 3916 Angel (2d1c6ff086b8091f8fd897dbb1a2e432) C:\WINDOWS\system32\DRIVERS\Angel.sys
00:06:53.0125 3916 Angel - ok
00:06:53.0140 3916 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:06:53.0140 3916 Arp1394 - ok
00:06:53.0140 3916 asc - ok
00:06:53.0156 3916 asc3350p - ok
00:06:53.0156 3916 asc3550 - ok
00:06:53.0187 3916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:06:53.0203 3916 AsyncMac - ok
00:06:53.0234 3916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:06:53.0234 3916 atapi - ok
00:06:53.0234 3916 Atdisk - ok
00:06:53.0343 3916 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:06:53.0343 3916 ati2mtag - ok
00:06:53.0375 3916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:06:53.0406 3916 Atmarpc - ok
00:06:53.0421 3916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:06:53.0421 3916 audstub - ok
00:06:53.0437 3916 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:06:53.0437 3916 b57w2k - ok
00:06:53.0468 3916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:06:53.0484 3916 Beep - ok
00:06:53.0687 3916 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
00:06:53.0687 3916 BHDrvx86 - ok
00:06:53.0718 3916 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
00:06:53.0750 3916 brfilt - ok
00:06:53.0765 3916 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
00:06:53.0781 3916 BrSerWDM - ok
00:06:53.0781 3916 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
00:06:53.0781 3916 BrUsbMdm - ok
00:06:53.0781 3916 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
00:06:53.0781 3916 BrUsbScn - ok
00:06:53.0812 3916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:06:53.0828 3916 cbidf2k - ok
00:06:53.0859 3916 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:06:53.0859 3916 CCDECODE - ok
00:06:53.0937 3916 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1306010.008\ccSetx86.sys
00:06:53.0953 3916 ccSet_NAV - ok
00:06:53.0968 3916 cd20xrnt - ok
00:06:53.0984 3916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:06:54.0015 3916 Cdaudio - ok
00:06:54.0031 3916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:06:54.0031 3916 Cdfs - ok
00:06:54.0062 3916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:06:54.0093 3916 Cdrom - ok
00:06:54.0109 3916 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
00:06:54.0125 3916 cercsr6 - ok
00:06:54.0140 3916 Changer - ok
00:06:54.0156 3916 CmdIde - ok
00:06:54.0203 3916 COMMONFX.DLL (638549431887f59905f28a38f82d31e8) C:\WINDOWS\system32\COMMONFX.DLL
00:06:54.0218 3916 COMMONFX.DLL - ok
00:06:54.0218 3916 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:06:54.0218 3916 Compbatt - ok
00:06:54.0234 3916 Cpqarray - ok
00:06:54.0312 3916 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
00:06:54.0312 3916 CT20XUT.DLL - ok
00:06:54.0359 3916 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
00:06:54.0375 3916 ctac32k - ok
00:06:54.0390 3916 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
00:06:54.0406 3916 ctaud2k - ok
00:06:54.0421 3916 CTAUDFX.DLL (519eabe1cdd2342fff6648b0189558b5) C:\WINDOWS\system32\CTAUDFX.DLL
00:06:54.0421 3916 CTAUDFX.DLL - ok
00:06:54.0484 3916 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
00:06:54.0484 3916 ctdvda2k - ok
00:06:54.0515 3916 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
00:06:54.0515 3916 CTEAPSFX.DLL - ok
00:06:54.0546 3916 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
00:06:54.0562 3916 CTEDSPFX.DLL - ok
00:06:54.0562 3916 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
00:06:54.0578 3916 CTEDSPIO.DLL - ok
00:06:54.0609 3916 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
00:06:54.0609 3916 CTEDSPSY.DLL - ok
00:06:54.0625 3916 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
00:06:54.0640 3916 CTERFXFX.DLL - ok
00:06:54.0687 3916 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
00:06:54.0703 3916 CTEXFIFX.DLL - ok
00:06:54.0734 3916 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
00:06:54.0734 3916 CTHWIUT.DLL - ok
00:06:54.0765 3916 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
00:06:54.0765 3916 ctprxy2k - ok
00:06:54.0796 3916 CTSBLFX.DLL (9a559c11882a134d1efda87346d51bd0) C:\WINDOWS\system32\CTSBLFX.DLL
00:06:54.0796 3916 CTSBLFX.DLL - ok
00:06:54.0828 3916 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
00:06:54.0828 3916 ctsfm2k - ok
00:06:54.0828 3916 dac2w2k - ok
00:06:54.0843 3916 dac960nt - ok
00:06:54.0859 3916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:06:54.0875 3916 Disk - ok
00:06:54.0937 3916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:06:54.0937 3916 dmboot - ok
00:06:54.0953 3916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:06:54.0953 3916 dmio - ok
00:06:54.0953 3916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:06:54.0953 3916 dmload - ok
00:06:54.0984 3916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:06:54.0984 3916 DMusic - ok
00:06:55.0000 3916 dpti2o - ok
00:06:55.0000 3916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:06:55.0015 3916 drmkaud - ok
00:06:55.0156 3916 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:06:55.0156 3916 eeCtrl - ok
00:06:55.0218 3916 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
00:06:55.0234 3916 emupia - ok
00:06:55.0312 3916 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:06:55.0328 3916 EraserUtilRebootDrv - ok
00:06:55.0359 3916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:06:55.0359 3916 Fastfat - ok
00:06:55.0375 3916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:06:55.0390 3916 Fdc - ok
00:06:55.0406 3916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:06:55.0406 3916 Fips - ok
00:06:55.0406 3916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:06:55.0421 3916 Flpydisk - ok
00:06:55.0437 3916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:06:55.0437 3916 FltMgr - ok
00:06:55.0453 3916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:06:55.0453 3916 Fs_Rec - ok
00:06:55.0468 3916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:06:55.0468 3916 Ftdisk - ok
00:06:55.0500 3916 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:06:55.0500 3916 gameenum - ok
00:06:55.0531 3916 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:06:55.0546 3916 GEARAspiWDM - ok
00:06:55.0578 3916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:06:55.0593 3916 Gpc - ok
00:06:55.0640 3916 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
00:06:55.0656 3916 ha10kx2k - ok
00:06:55.0671 3916 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
00:06:55.0671 3916 hap16v2k - ok
00:06:55.0734 3916 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
00:06:55.0734 3916 hap17v2k - ok
00:06:55.0765 3916 hcw73bda (108ea035f907c80c2c22435c2ec39b8a) C:\WINDOWS\system32\drivers\hcw73bda.sys
00:06:55.0781 3916 hcw73bda - ok
00:06:55.0812 3916 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
00:06:55.0828 3916 HidBatt - ok
00:06:55.0828 3916 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:06:55.0843 3916 hidusb - ok
00:06:55.0843 3916 hpn - ok
00:06:55.0921 3916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:06:55.0921 3916 HTTP - ok
00:06:55.0937 3916 i2omgmt - ok
00:06:55.0937 3916 i2omp - ok
00:06:55.0953 3916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
00:06:55.0953 3916 i8042prt - ok
00:06:56.0015 3916 iastor (26541a068572f650a2fa490726fe81be) C:\WINDOWS\system32\DRIVERS\iaStor.sys
00:06:56.0015 3916 iastor - ok
00:06:56.0234 3916 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20120314.001\IDSxpx86.sys
00:06:56.0234 3916 IDSxpx86 - ok
00:06:56.0265 3916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:06:56.0265 3916 Imapi - ok
00:06:56.0281 3916 ini910u - ok
00:06:56.0296 3916 IntelIde - ok
00:06:56.0312 3916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:06:56.0312 3916 intelppm - ok
00:06:56.0343 3916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:06:56.0375 3916 Ip6Fw - ok
00:06:56.0390 3916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:06:56.0406 3916 IpFilterDriver - ok
00:06:56.0421 3916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:06:56.0421 3916 IpInIp - ok
00:06:56.0468 3916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:06:56.0468 3916 IpNat - ok
00:06:56.0484 3916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:06:56.0484 3916 IPSec - ok
00:06:56.0515 3916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:06:56.0531 3916 IRENUM - ok
00:06:56.0578 3916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:06:56.0578 3916 isapnp - ok
00:06:56.0578 3916 ivusb - ok
00:06:56.0593 3916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:06:56.0609 3916 Kbdclass - ok
00:06:56.0609 3916 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:06:56.0625 3916 kbdhid - ok
00:06:56.0640 3916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:06:56.0640 3916 kmixer - ok
00:06:56.0656 3916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:06:56.0656 3916 KSecDD - ok
00:06:56.0671 3916 lbrtfdc - ok
00:06:56.0718 3916 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
00:06:56.0718 3916 mf - ok
00:06:56.0765 3916 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
00:06:56.0765 3916 MHNDRV - ok
00:06:56.0781 3916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:06:56.0796 3916 mnmdd - ok
00:06:56.0796 3916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:06:56.0796 3916 Modem - ok
00:06:56.0812 3916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:06:56.0812 3916 Mouclass - ok
00:06:56.0812 3916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:06:56.0812 3916 mouhid - ok
00:06:56.0828 3916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:06:56.0828 3916 MountMgr - ok
00:06:56.0859 3916 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
00:06:56.0859 3916 MPE - ok
00:06:56.0906 3916 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
00:06:56.0921 3916 MQAC - ok
00:06:56.0921 3916 mraid35x - ok
00:06:56.0937 3916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:06:56.0937 3916 MRxDAV - ok
00:06:57.0015 3916 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:06:57.0031 3916 MRxSmb - ok
00:06:57.0046 3916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:06:57.0046 3916 Msfs - ok
00:06:57.0062 3916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:06:57.0109 3916 MSKSSRV - ok
00:06:57.0140 3916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:06:57.0171 3916 MSPCLOCK - ok
00:06:57.0187 3916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:06:57.0203 3916 MSPQM - ok
00:06:57.0218 3916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:06:57.0218 3916 mssmbios - ok
00:06:57.0265 3916 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:06:57.0281 3916 MSTEE - ok
00:06:57.0328 3916 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:06:57.0328 3916 Mup - ok
00:06:57.0359 3916 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:06:57.0375 3916 NABTSFEC - ok
00:06:57.0437 3916 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20120314.019\NAVENG.SYS
00:06:57.0437 3916 NAVENG - ok
00:06:57.0515 3916 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20120314.019\NAVEX15.SYS
00:06:57.0515 3916 NAVEX15 - ok
00:06:57.0562 3916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:06:57.0578 3916 NDIS - ok
00:06:57.0593 3916 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:06:57.0609 3916 NdisIP - ok
00:06:57.0640 3916 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:06:57.0656 3916 NdisTapi - ok
00:06:57.0671 3916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:06:57.0671 3916 Ndisuio - ok
00:06:57.0687 3916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:06:57.0687 3916 NdisWan - ok
00:06:57.0718 3916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:06:57.0718 3916 NDProxy - ok
00:06:57.0750 3916 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
00:06:57.0781 3916 Netaapl - ok
00:06:57.0796 3916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:06:57.0796 3916 NetBIOS - ok
00:06:57.0812 3916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:06:57.0812 3916 NetBT - ok
00:06:57.0859 3916 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:06:57.0875 3916 NIC1394 - ok
00:06:57.0921 3916 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
00:06:57.0937 3916 NPF - ok
00:06:57.0937 3916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:06:57.0937 3916 Npfs - ok
00:06:57.0968 3916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:06:57.0968 3916 Ntfs - ok
00:06:58.0000 3916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:06:58.0000 3916 Null - ok
00:06:58.0015 3916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:06:58.0031 3916 NwlnkFlt - ok
00:06:58.0046 3916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:06:58.0062 3916 NwlnkFwd - ok
00:06:58.0078 3916 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:06:58.0078 3916 ohci1394 - ok
00:06:58.0140 3916 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
00:06:58.0140 3916 ossrv - ok
00:06:58.0171 3916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:06:58.0187 3916 Parport - ok
00:06:58.0187 3916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:06:58.0203 3916 PartMgr - ok
00:06:58.0234 3916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:06:58.0234 3916 ParVdm - ok
00:06:58.0250 3916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:06:58.0250 3916 PCI - ok
00:06:58.0250 3916 PCIDump - ok
00:06:58.0265 3916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:06:58.0265 3916 PCIIde - ok
00:06:58.0281 3916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:06:58.0312 3916 Pcmcia - ok
00:06:58.0312 3916 PDCOMP - ok
00:06:58.0328 3916 PDFRAME - ok
00:06:58.0328 3916 PDRELI - ok
00:06:58.0343 3916 PDRFRAME - ok
00:06:58.0343 3916 perc2 - ok
00:06:58.0343 3916 perc2hib - ok
00:06:58.0390 3916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:06:58.0406 3916 PptpMiniport - ok
00:06:58.0453 3916 prwntdrv (c590535d68fd6c84707dc1debd2afd68) C:\WINDOWS\system32\prwntdrv.sys
00:06:58.0468 3916 prwntdrv - ok
00:06:58.0468 3916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:06:58.0468 3916 PSched - ok
00:06:58.0484 3916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:06:58.0484 3916 Ptilink - ok
00:06:58.0500 3916 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:06:58.0500 3916 PxHelp20 - ok
00:06:58.0500 3916 ql1080 - ok
00:06:58.0515 3916 Ql10wnt - ok
00:06:58.0531 3916 ql12160 - ok
00:06:58.0531 3916 ql1240 - ok
00:06:58.0531 3916 ql1280 - ok
00:06:58.0562 3916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:06:58.0578 3916 RasAcd - ok
00:06:58.0593 3916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:06:58.0593 3916 Rasl2tp - ok
00:06:58.0609 3916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:06:58.0609 3916 RasPppoe - ok
00:06:58.0625 3916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:06:58.0625 3916 Raspti - ok
00:06:58.0640 3916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:06:58.0640 3916 Rdbss - ok
00:06:58.0640 3916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:06:58.0640 3916 RDPCDD - ok
00:06:58.0656 3916 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:06:58.0656 3916 rdpdr - ok
00:06:58.0718 3916 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:06:58.0718 3916 RDPWD - ok
00:06:58.0750 3916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:06:58.0750 3916 redbook - ok
00:06:58.0781 3916 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
00:06:58.0796 3916 RMCAST - ok
00:06:58.0843 3916 rxvbus (de66db3fa374b2bf7f86fc5539c2591c) C:\WINDOWS\system32\DRIVERS\rxvbus.sys
00:06:58.0843 3916 rxvbus - ok
00:06:58.0906 3916 rxvstor (d979dcb8f5820df92ed73cdf3392dcf6) C:\WINDOWS\system32\DRIVERS\rxvstor.sys
00:06:58.0906 3916 rxvstor - ok
00:06:58.0937 3916 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:06:58.0953 3916 SASDIFSV - ok
00:06:58.0968 3916 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:06:58.0984 3916 SASKUTIL - ok
00:06:59.0062 3916 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
00:06:59.0078 3916 SbieDrv - ok
00:06:59.0078 3916 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
00:06:59.0078 3916 sbp2port - ok
00:06:59.0109 3916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:06:59.0125 3916 Secdrv - ok
00:06:59.0156 3916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:06:59.0156 3916 Serial - ok
00:06:59.0171 3916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:06:59.0171 3916 Sfloppy - ok
00:06:59.0187 3916 Simbad - ok
00:06:59.0218 3916 slabbus (886dbe1e6de104591e8b7334b6d42ed8) C:\WINDOWS\system32\DRIVERS\slabbus.sys
00:06:59.0234 3916 slabbus - ok
00:06:59.0265 3916 slabser (ed71f8c82ef11c0da1c57be021a2fdc9) C:\WINDOWS\system32\DRIVERS\slabser.sys
00:06:59.0265 3916 slabser - ok
00:06:59.0312 3916 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:06:59.0312 3916 SLIP - ok
00:06:59.0359 3916 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
00:06:59.0359 3916 snapman - ok
00:06:59.0375 3916 Sparrow - ok
00:06:59.0390 3916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:06:59.0390 3916 splitter - ok
00:06:59.0390 3916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:06:59.0406 3916 sr - ok
00:06:59.0515 3916 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NAV\1306010.008\SRTSP.SYS
00:06:59.0515 3916 SRTSP - ok
00:06:59.0546 3916 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NAV\1306010.008\SRTSPX.SYS
00:06:59.0546 3916 SRTSPX - ok
00:06:59.0578 3916 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:06:59.0578 3916 Srv - ok
00:06:59.0593 3916 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:06:59.0609 3916 streamip - ok
00:06:59.0609 3916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:06:59.0625 3916 swenum - ok
00:06:59.0656 3916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:06:59.0656 3916 swmidi - ok
00:06:59.0671 3916 symc810 - ok
00:06:59.0671 3916 symc8xx - ok
00:06:59.0718 3916 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1306010.008\SYMDS.SYS
00:06:59.0734 3916 SymDS - ok
00:06:59.0843 3916 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1306010.008\SYMEFA.SYS
00:06:59.0843 3916 SymEFA - ok
00:06:59.0890 3916 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:06:59.0906 3916 SymEvent - ok
00:06:59.0937 3916 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1306010.008\Ironx86.SYS
00:06:59.0937 3916 SymIRON - ok
00:06:59.0984 3916 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1306010.008\SYMTDI.SYS
00:06:59.0984 3916 SYMTDI - ok
00:07:00.0000 3916 sym_hi - ok
00:07:00.0000 3916 sym_u3 - ok
00:07:00.0031 3916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:07:00.0046 3916 sysaudio - ok
00:07:00.0078 3916 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
00:07:00.0093 3916 tap0901 - ok
00:07:00.0156 3916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:07:00.0156 3916 Tcpip - ok
00:07:00.0187 3916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:07:00.0203 3916 TDPIPE - ok
00:07:00.0234 3916 tdrpman (eb53ec341458256deae2ad58822c4a17) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
00:07:00.0234 3916 tdrpman - ok
00:07:00.0265 3916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:07:00.0281 3916 TDTCP - ok
00:07:00.0312 3916 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
00:07:00.0312 3916 teamviewervpn - ok
00:07:00.0343 3916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:07:00.0343 3916 TermDD - ok
00:07:00.0375 3916 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
00:07:00.0375 3916 tifsfilter - ok
00:07:00.0390 3916 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
00:07:00.0390 3916 timounter - ok
00:07:00.0406 3916 TosIde - ok
00:07:00.0468 3916 truecrypt (ed5e4ce36c54f55e7698642e94d32ec7) C:\WINDOWS\system32\drivers\truecrypt.sys
00:07:00.0468 3916 truecrypt - ok
00:07:00.0500 3916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:07:00.0500 3916 Udfs - ok
00:07:00.0500 3916 ultra - ok
00:07:00.0531 3916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:07:00.0531 3916 Update - ok
00:07:00.0578 3916 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:07:00.0609 3916 USBAAPL - ok
00:07:00.0640 3916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:07:00.0640 3916 usbccgp - ok
00:07:00.0687 3916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:07:00.0687 3916 usbehci - ok
00:07:00.0718 3916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:07:00.0718 3916 usbhub - ok
00:07:00.0734 3916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:07:00.0734 3916 usbprint - ok
00:07:00.0781 3916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:07:00.0796 3916 usbscan - ok
00:07:00.0812 3916 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:07:00.0812 3916 usbstor - ok
00:07:00.0859 3916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:07:00.0859 3916 usbuhci - ok
00:07:00.0906 3916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:07:00.0906 3916 VgaSave - ok
00:07:00.0906 3916 ViaIde - ok
00:07:00.0906 3916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:07:00.0921 3916 VolSnap - ok
00:07:00.0937 3916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:07:00.0937 3916 Wanarp - ok
00:07:00.0968 3916 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
00:07:00.0984 3916 WDC_SAM - ok
00:07:01.0046 3916 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:07:01.0046 3916 Wdf01000 - ok
00:07:01.0062 3916 WDICA - ok
00:07:01.0109 3916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:07:01.0109 3916 wdmaud - ok
00:07:01.0218 3916 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:07:01.0234 3916 WS2IFSL - ok
00:07:01.0281 3916 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:07:01.0296 3916 WSTCODEC - ok
00:07:01.0343 3916 MBR (0x1B8) (2cbda3871a27279d814dcb5baefa744c) \Device\Harddisk0\DR0
00:07:02.0000 3916 \Device\Harddisk0\DR0 - ok
00:07:02.0328 3916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR9
00:07:02.0328 3916 \Device\Harddisk6\DR9 - ok
00:07:02.0750 3916 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR15
00:07:02.0750 3916 \Device\Harddisk7\DR15 - ok
00:07:02.0765 3916 Boot (0x1200) (5417da01c555e1dde99f4e25d817574f) \Device\Harddisk0\DR0\Partition0
00:07:02.0765 3916 \Device\Harddisk0\DR0\Partition0 - ok
00:07:02.0765 3916 Boot (0x1200) (aa171f47677acd44844369282c5db9c4) \Device\Harddisk6\DR9\Partition0
00:07:02.0765 3916 \Device\Harddisk6\DR9\Partition0 - ok
00:07:02.0781 3916 Boot (0x1200) (c2b8b24526b610bb005a53852944474e) \Device\Harddisk7\DR15\Partition0
00:07:02.0781 3916 \Device\Harddisk7\DR15\Partition0 - ok
00:07:02.0781 3916 ============================================================
00:07:02.0781 3916 Scan finished
00:07:02.0781 3916 ============================================================
00:07:02.0796 5700 Detected object count: 0
00:07:02.0796 5700 Actual detected object count: 0

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:57 PM

Posted 15 March 2012 - 12:36 PM

Lets try running A Free Scan with ESET, and post the log.

#8 GOWRON

GOWRON
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 15 March 2012 - 04:49 PM

ESET Log:

No threats found.

Scanned Files: 207465
Infected Files: 0
Cleaned files: 0
Total scan time: 02:58:19
Scan status: Finished




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users