Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with various Trojans : strolling performance, loss of TCP/IP connections


  • This topic is locked This topic is locked
9 replies to this topic

#1 bostella

bostella

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 01 June 2012 - 09:25 AM

Hello - I suffer from strolling performance and recurrent losses of TCP/IP service (apparently caused by a lack of available memory for the TCP/IP services) on my XP Laptop. I've scanned it with Symantec Endpoint (which detected and quarantined two Trojans but the problem kept occurring), MalwareBytes (which detected and quarantines two more but same problem), and Emsisoft (which detected and quarantined 6 more but same problem)....

Here are the various logs you will need. My ark.txt file was bigger than 512k, so I compressed/rar-ed it (just change its name from ark.rar.txt to ark.rar).

Thanks in advance for your support.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by dumontier at 22:53:36 on 2012-05-31
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1944.667 [GMT 2:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\notes\SUService.exe
c:\notes\nsd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
C:\Program Files\AT&T Network Client\NetClientSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Bouygues Telecom\Kit Internet Mobile\RUS.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files\CardDetector\ICON505\CardDetector.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.6.3\pmonmh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\dumontier\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Documents and Settings\dumontier\Local Settings\Application Data\Akamai\netsession_win.exe
C:\PROGRA~1\KEYWAL~1\KWallet.exe
C:\Program Files\Emsisoft Anti-Malware\a2start.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\notes\nlnotes.exe
C:\notes\ntaskldr.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\AT&T Network Client\NetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://w3.ibm.com/
uWindow Title = Windows Internet Explorer provided by IBM
uDefault_Page_URL = hxxp://w3.ibm.com
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KeyWallet] c:\progra~1\keywal~1\KWallet.exe
uRun: [NetSP - restore settings on power failure] "c:\progra~1\at&tne~2\NetSP.exe" -show
uRun: [Akamai NetSession Interface] "c:\documents and settings\dumontier\local settings\application data\akamai\netsession_win.exe"
uRun: [<NO NAME>]
uRun: [AdobeBridge]
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [stgclean] c:\sdwork\w32maing.exe /cleanup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ISSI Service] "c:\sdwork\issimsvc.exe"
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
mRun: [ipmcmu] c:\program files\ibm\ipm client migration utility\ipmcmu.exe "c:\program files\ibm\IPM Client Migration Utility"
mRun: [BEWINTERNET-FR-DMESessionManager] "c:\program files\orangebs\bewinternet\sessionmanager\SessionManager.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "c:\program files\sierra wireless inc\3g watcher\WaHelper.exe"
mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
mRun: [CardDetectorICON505] c:\program files\carddetector\icon505\CardDetector.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [pmonmh] c:\program files\ibm\my help\plugins\com.ibm.myhelp.common_1.6.3\pmonmh.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\SCHEDULE.BAT
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://www-03.ibm.com/qp2.cab
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228972560421
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} - hxxps://w3.ibm.com/tools/print/plugin/gpwsx-4.1.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{018900CC-588E-40D0-94C4-CBED350E5286} : NameServer = 9.64.163.21,9.64.162.21
TCP: Interfaces\{373C2741-B25D-4A4E-850C-A7F60B892B20} : DhcpNameServer = 192.168.0.254
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: ACNotify - ACNotify.dll
Notify: atmgrtok - atmgrtok.dll
Notify: igfxcui - igfxdev.dll
Notify: pcsinst - pcsinst.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dumontier\application data\mozilla\firefox\profiles\vyeqh42e.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\dumontier\application data\mozilla\firefox\profiles\vyeqh42e.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\dumontier\application data\mozilla\firefox\profiles\vyeqh42e.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava11.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava12.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava13.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava14.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJava32.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPOJI610.dll
FF - plugin: c:\program files\ibm\java60\jre\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mie\alternatiff\npzzatif.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcpsweb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-5-29 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-5-29 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-5-29 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-5-29 3065120]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-16 913752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-11-4 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-11-4 108392]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [2011-7-21 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [2011-7-21 14272]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [2011-7-21 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [2011-7-21 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [2011-7-21 35226]
R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\notes\SUService.exe [2011-9-16 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-22 654408]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\at&t network client\NetClientSvc.exe [2009-10-7 263520]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-9-14 53248]
R2 RUS;Remote Utility Service;c:\program files\bouygues telecom\kit internet mobile\RUS.exe [2007-10-11 27472]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2010-10-27 230768]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-11-4 1839776]
R2 TGRAB;Tivoli Endpoint Manager for Remote Control - Text Screen Capture Driver;c:\windows\system32\tgrab.sys [2012-2-9 8288]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-9-14 62320]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-4 428640]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-9-14 2058776]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-5-29 51632]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-9-14 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-24 106104]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [2009-11-20 9600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-22 22344]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120530.036\NAVENG.SYS [2012-5-31 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120530.036\NAVEX15.SYS [2012-5-31 1589752]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-8-29 20352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 45424]
S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2007-8-29 103936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-11-4 23888]
S3 dblhost;Diginext DBL Hosting Service;c:\program files\bouygues telecom\kit internet mobile\dblhost.exe [2007-10-11 75088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-12-12 13224]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2011-11-16 66560]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2011-11-16 107520]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2011-11-16 8064]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-18 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-3-15 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-3-15 8576]
S3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [2007-8-29 43904]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-12-12 155344]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-8-29 101248]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-8-29 73856]
S3 TRCTARGET;Tivoli Endpoint Manager for Remote Control - Target;c:\program files\ibm\tivoli\remote control\target\trc_base.exe [2012-2-9 745472]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-9-1 11520]
.
=============== Created Last 30 ================
.
2012-05-31 15:45:38 -------- d-----w- c:\documents and settings\dumontier\application data\smkits
2012-05-29 21:13:45 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-28 00:48:23 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-05-28 00:46:46 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-28 00:46:32 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-28 00:42:49 293376 ------w- c:\windows\system32\browserchoice.exe
2012-05-28 00:34:28 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-28 00:29:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-28 00:29:36 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-25 12:10:41 327168 ----a-w- c:\program files\mozilla firefox\distribution\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
2012-05-22 12:52:17 -------- d-----w- c:\documents and settings\dumontier\application data\Malwarebytes
2012-05-22 12:52:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 12:52:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 12:52:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-16 14:09:25 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 09:43:23 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-05-16 09:43:12 -------- d-----w- c:\documents and settings\dumontier\application data\IObit
2012-05-16 09:43:01 -------- d-----w- c:\program files\IObit
2012-05-15 16:37:07 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2012-05-15 15:56:09 -------- d-----w- c:\documents and settings\dumontier\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-05-15 15:55:59 -------- d-----w- c:\program files\Adobe Download Assistant
2012-05-15 13:19:59 -------- d-----w- c:\program files\ZetaWare
2012-05-15 12:47:00 -------- d-----w- c:\program files\Schlumberger
2012-05-09 08:50:54 -------- d-----w- c:\program files\MIE
2012-05-03 10:11:31 43 ----a-w- c:\windows\aperc.cmd
.
==================== Find3M ====================
.
2012-05-10 08:27:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 08:27:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 08:00:51 60 ----a-w- c:\windows\wpd99.drv
2012-04-16 16:05:18 68888 ----a-w- c:\windows\isamunin.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-29 12:16:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-29 12:16:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-12 18:56:40 947472 ----a-w- c:\windows\system32\msjava.dll
2012-03-05 14:18:39 10905632 ----a-w- c:\program files\common files\lpuninstall.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HITACHI_ rev.FC2Z -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xF76B7000]<< >>UNKNOWN [0xF76A7000]<< >>UNKNOWN [0xF7497000]<< >>UNKNOWN [0x80700000]<< >>UNKNOWN [0xF7B04000]<< >>UNKNOWN [0xF74DD000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A7B6AB8]
\Driver\Disk[0x8A7D8870] -> IRP_MJ_CREATE -> 0xF76BDBB0
3 [0xF76B7FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000010e[0x8A7FE030]
\Driver\ACPI[0x8A8EDF38] -> IRP_MJ_CREATE -> 0xF749DCB8
5 [0xF749D620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IAAStorageDevice-1[0x8A77E028]
\Driver\iastor[0x8A7FD030] -> IRP_MJ_CREATE -> 0xF7B4E0B0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [SI], CH; JL 0x2d; JNZ 0x3b; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF7839864
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:54:47,09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 06 June 2012 - 01:28 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 bostella

bostella
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 08 June 2012 - 11:57 AM

Thanks a lot. Here are the reports and logs you requested :

16:57:07.0171 6856 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:57:09.0187 6856 ============================================================
16:57:09.0187 6856 Current date / time: 2012/06/07 16:57:09.0187
16:57:09.0187 6856 SystemInfo:
16:57:09.0187 6856
16:57:09.0187 6856 OS Version: 5.1.2600 ServicePack: 3.0
16:57:09.0187 6856 Product type: Workstation
16:57:09.0187 6856 ComputerName: TP-DUMONTIER
16:57:09.0187 6856 UserName: dumontier
16:57:09.0187 6856 Windows directory: C:\WINDOWS
16:57:09.0187 6856 System windows directory: C:\WINDOWS
16:57:09.0187 6856 Processor architecture: Intel x86
16:57:09.0187 6856 Number of processors: 2
16:57:09.0187 6856 Page size: 0x1000
16:57:09.0187 6856 Boot type: Normal boot
16:57:09.0187 6856 ============================================================
16:58:17.0156 6856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:58:17.0171 6856 ============================================================
16:58:17.0171 6856 \Device\Harddisk0\DR0:
16:58:17.0187 6856 MBR partitions:
16:58:17.0187 6856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:58:17.0187 6856 ============================================================
16:58:17.0218 6856 C: <-> \Device\Harddisk0\DR0\Partition0
16:58:17.0218 6856 ============================================================
16:58:17.0218 6856 Initialize success
16:58:17.0218 6856 ============================================================
16:58:21.0093 1904 ============================================================
16:58:21.0093 1904 Scan started
16:58:21.0093 1904 Mode: Manual;
16:58:21.0093 1904 ============================================================
16:58:22.0750 1904 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
16:58:22.0750 1904 a2acc - ok
16:58:23.0125 1904 a2AntiMalware (0d5cb73fd036d9e904e0fc443e4e71ca) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
16:58:23.0218 1904 a2AntiMalware - ok
16:58:23.0343 1904 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
16:58:23.0343 1904 A2DDA - ok
16:58:23.0406 1904 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
16:58:23.0406 1904 a2injectiondriver - ok
16:58:23.0406 1904 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
16:58:23.0421 1904 a2util - ok
16:58:23.0625 1904 Abiosdsk - ok
16:58:23.0656 1904 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:58:23.0656 1904 abp480n5 - ok
16:58:23.0703 1904 ACGPRS (599a126109bfca4b89c1ed01b78ba068) C:\WINDOWS\system32\DRIVERS\acgprs.sys
16:58:23.0703 1904 ACGPRS - ok
16:58:23.0765 1904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:58:23.0765 1904 ACPI - ok
16:58:23.0812 1904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:58:23.0812 1904 ACPIEC - ok
16:58:23.0921 1904 AcPrfMgrSvc (788b88e81af85406fa69c44bf6e0b61f) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
16:58:23.0921 1904 AcPrfMgrSvc - ok
16:58:23.0968 1904 AcSvc (ead243c077ba957c45e4f14223c1a07b) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
16:58:23.0968 1904 AcSvc - ok
16:58:24.0062 1904 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:58:24.0062 1904 AdobeFlashPlayerUpdateSvc - ok
16:58:24.0093 1904 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:58:24.0093 1904 adpu160m - ok
16:58:24.0234 1904 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
16:58:24.0250 1904 AdvancedSystemCareService5 - ok
16:58:24.0296 1904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:58:24.0312 1904 aec - ok
16:58:24.0343 1904 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:58:24.0359 1904 AFD - ok
16:58:24.0421 1904 agnfilt (4c1cce14c407079393e71f8848062629) C:\WINDOWS\system32\DRIVERS\agnfilt.sys
16:58:24.0421 1904 agnfilt - ok
16:58:24.0468 1904 agnwifi (685443afa5d1a94c5f47e4846b0e4c3d) C:\WINDOWS\system32\DRIVERS\agnwifi.sys
16:58:24.0468 1904 agnwifi - ok
16:58:24.0484 1904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:58:24.0484 1904 agp440 - ok
16:58:24.0500 1904 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:58:24.0500 1904 agpCPQ - ok
16:58:24.0500 1904 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:58:24.0500 1904 Aha154x - ok
16:58:24.0515 1904 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:58:24.0515 1904 aic78u2 - ok
16:58:24.0515 1904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:58:24.0515 1904 aic78xx - ok
16:58:24.0953 1904 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
16:58:24.0953 1904 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
16:58:24.0968 1904 Akamai ( HiddenFile.Multi.Generic ) - warning
16:58:24.0968 1904 Akamai - detected HiddenFile.Multi.Generic (1)
16:58:25.0109 1904 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:58:25.0109 1904 Alerter - ok
16:58:25.0125 1904 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:58:25.0125 1904 ALG - ok
16:58:25.0171 1904 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:58:25.0171 1904 AliIde - ok
16:58:25.0203 1904 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:58:25.0203 1904 alim1541 - ok
16:58:25.0218 1904 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:58:25.0218 1904 amdagp - ok
16:58:25.0218 1904 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:58:25.0218 1904 amsint - ok
16:58:25.0250 1904 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
16:58:25.0250 1904 ANC - ok
16:58:25.0296 1904 Anydlc (3ea28a33e8ddfa6576f5cb1c5fab0ac4) C:\WINDOWS\System32\drivers\anydlc.sys
16:58:25.0296 1904 Anydlc - ok
16:58:25.0343 1904 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:58:25.0343 1904 AnyDVD - ok
16:58:25.0468 1904 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:58:25.0468 1904 Apple Mobile Device - ok
16:58:25.0515 1904 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:58:25.0531 1904 AppMgmt - ok
16:58:25.0671 1904 Appn (a0166911b476d65b4790bd40f920f220) C:\WINDOWS\System32\drivers\appn.sys
16:58:25.0687 1904 Appn - ok
16:58:25.0703 1904 AppnApi (c12b83254a99014d9a46e49d56da3809) C:\WINDOWS\System32\drivers\appnapi.sys
16:58:25.0718 1904 AppnApi - ok
16:58:25.0734 1904 AppnBase (6b6d87514e49563002a006c5a2aebf84) C:\WINDOWS\System32\drivers\AppnBase.sys
16:58:25.0734 1904 AppnBase - ok
16:58:25.0750 1904 AppnNode (bd282dd4ff522e5bd9b2805bbb1d3ca7) C:\WINDOWS\system32\Drivers\appnnode.exe
16:58:25.0765 1904 AppnNode - ok
16:58:25.0796 1904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:58:25.0812 1904 Arp1394 - ok
16:58:25.0843 1904 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:58:25.0843 1904 asc - ok
16:58:25.0875 1904 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:58:25.0875 1904 asc3350p - ok
16:58:25.0875 1904 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:58:25.0875 1904 asc3550 - ok
16:58:25.0968 1904 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:58:26.0031 1904 aspnet_state - ok
16:58:26.0062 1904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:58:26.0062 1904 AsyncMac - ok
16:58:26.0078 1904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:58:26.0078 1904 atapi - ok
16:58:26.0078 1904 Atdisk - ok
16:58:26.0093 1904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:58:26.0109 1904 Atmarpc - ok
16:58:26.0125 1904 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:58:26.0140 1904 AudioSrv - ok
16:58:26.0140 1904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:58:26.0140 1904 audstub - ok
16:58:26.0171 1904 avpnnic (255284c2475588f79edea559d8d110f7) C:\WINDOWS\system32\DRIVERS\avpnnic.sys
16:58:26.0187 1904 avpnnic - ok
16:58:26.0203 1904 b57w2k (8a8fd355547b50bd5be0bc473c0af148) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:58:26.0203 1904 b57w2k - ok
16:58:26.0218 1904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:58:26.0218 1904 Beep - ok
16:58:26.0515 1904 BESClient (edf236de6b7ed0256452e323c2429a49) C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
16:58:26.0562 1904 BESClient - ok
16:58:26.0718 1904 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:58:26.0828 1904 BITS - ok
16:58:26.0953 1904 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
16:58:26.0953 1904 Bonjour Service - ok
16:58:27.0000 1904 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:58:27.0015 1904 Browser - ok
16:58:27.0078 1904 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
16:58:27.0109 1904 btaudio - ok
16:58:27.0156 1904 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
16:58:27.0156 1904 BTDriver - ok
16:58:27.0156 1904 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:58:27.0171 1904 BthEnum - ok
16:58:27.0171 1904 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:58:27.0187 1904 BthPan - ok
16:58:27.0234 1904 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
16:58:27.0250 1904 BTHPORT - ok
16:58:27.0265 1904 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
16:58:27.0265 1904 BthServ - ok
16:58:27.0281 1904 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:58:27.0312 1904 BTHUSB - ok
16:58:27.0406 1904 BTKRNL (cf47c53d294abcb5159b02b68b37ba89) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:58:27.0421 1904 BTKRNL - ok
16:58:27.0578 1904 btwdins (84188314c5f1b10b20f624c1343a0c49) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
16:58:27.0593 1904 btwdins - ok
16:58:27.0781 1904 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:58:27.0781 1904 BTWDNDIS - ok
16:58:27.0812 1904 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
16:58:27.0828 1904 btwmodem - ok
16:58:27.0843 1904 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
16:58:27.0843 1904 BTWUSB - ok
16:58:27.0875 1904 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:58:27.0890 1904 cbidf - ok
16:58:27.0890 1904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:58:27.0890 1904 cbidf2k - ok
16:58:27.0937 1904 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:58:27.0937 1904 CCDECODE - ok
16:58:28.0015 1904 ccEvtMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:58:28.0015 1904 ccEvtMgr - ok
16:58:28.0015 1904 ccSetMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:58:28.0015 1904 ccSetMgr - ok
16:58:28.0031 1904 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:58:28.0031 1904 cd20xrnt - ok
16:58:28.0078 1904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:58:28.0078 1904 Cdaudio - ok
16:58:28.0093 1904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:58:28.0093 1904 Cdfs - ok
16:58:28.0125 1904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:58:28.0125 1904 Cdrom - ok
16:58:28.0140 1904 Changer - ok
16:58:28.0156 1904 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:58:28.0171 1904 CiSvc - ok
16:58:28.0171 1904 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:58:28.0187 1904 ClipSrv - ok
16:58:28.0265 1904 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:58:28.0328 1904 clr_optimization_v2.0.50727_32 - ok
16:58:28.0359 1904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:58:28.0359 1904 CmBatt - ok
16:58:28.0375 1904 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:58:28.0375 1904 CmdIde - ok
16:58:28.0453 1904 CnxtHdAudService (8e00f3c5697f967e3529309657e462cb) C:\WINDOWS\system32\drivers\CHDAU32.sys
16:58:28.0468 1904 CnxtHdAudService - ok
16:58:28.0515 1904 COH_Mon (4f2dedeed7c091fafc4dada5534f3d37) C:\WINDOWS\system32\Drivers\COH_Mon.sys
16:58:28.0515 1904 COH_Mon - ok
16:58:28.0531 1904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:58:28.0531 1904 Compbatt - ok
16:58:28.0531 1904 COMSysApp - ok
16:58:28.0562 1904 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:58:28.0562 1904 Cpqarray - ok
16:58:28.0593 1904 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:58:28.0593 1904 CryptSvc - ok
16:58:28.0609 1904 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:58:28.0625 1904 dac2w2k - ok
16:58:28.0625 1904 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:58:28.0625 1904 dac960nt - ok
16:58:28.0687 1904 dblhost (74c8d71dfe50f1f1cec81d8fb6a30a81) C:\Program Files\Bouygues Telecom\Kit Internet Mobile\dblhost.exe
16:58:28.0718 1904 dblhost - ok
16:58:28.0765 1904 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:58:28.0781 1904 DcomLaunch - ok
16:58:28.0796 1904 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:58:28.0796 1904 Dhcp - ok
16:58:28.0812 1904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:58:28.0812 1904 Disk - ok
16:58:28.0828 1904 dmadmin - ok
16:58:28.0890 1904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:58:28.0906 1904 dmboot - ok
16:58:28.0937 1904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:58:28.0937 1904 dmio - ok
16:58:28.0968 1904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:58:28.0984 1904 dmload - ok
16:58:29.0000 1904 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:58:29.0109 1904 dmserver - ok
16:58:29.0156 1904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:58:29.0156 1904 DMusic - ok
16:58:29.0203 1904 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:58:29.0203 1904 Dnscache - ok
16:58:29.0234 1904 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:58:29.0234 1904 Dot3svc - ok
16:58:29.0250 1904 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:58:29.0265 1904 dpti2o - ok
16:58:29.0281 1904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:58:29.0281 1904 drmkaud - ok
16:58:29.0343 1904 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
16:58:29.0343 1904 e1yexpress - ok
16:58:29.0406 1904 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:58:29.0468 1904 EapHost - ok
16:58:29.0671 1904 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:58:29.0687 1904 eeCtrl - ok
16:58:29.0734 1904 EGATHDRV (e063b92725af8769268c7594e9505dc4) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
16:58:29.0734 1904 EGATHDRV - ok
16:58:29.0781 1904 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:58:29.0781 1904 ElbyCDIO - ok
16:58:29.0812 1904 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:58:29.0812 1904 EraserUtilRebootDrv - ok
16:58:29.0843 1904 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:58:29.0843 1904 ERSvc - ok
16:58:29.0890 1904 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:58:29.0890 1904 Eventlog - ok
16:58:29.0953 1904 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:58:29.0953 1904 EventSystem - ok
16:58:30.0078 1904 EvtEng (a57be3307ada2fc086b5b43135735283) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:58:30.0093 1904 EvtEng - ok
16:58:30.0187 1904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:58:30.0250 1904 Fastfat - ok
16:58:30.0312 1904 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:58:30.0328 1904 FastUserSwitchingCompatibility - ok
16:58:30.0343 1904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:58:30.0343 1904 Fdc - ok
16:58:30.0453 1904 FileZilla Server (e3a0cc636f313cb34867123539691dd5) C:\Program Files\FileZilla Server\FileZilla Server.exe
16:58:30.0468 1904 FileZilla Server - ok
16:58:30.0484 1904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:58:30.0500 1904 Fips - ok
16:58:30.0531 1904 FLE5WNNT (ea7ed2075d7eed73dd5658835b61c558) C:\WINDOWS\System32\Drivers\fle5wnnt.sys
16:58:30.0531 1904 FLE5WNNT - ok
16:58:30.0578 1904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:58:30.0593 1904 Flpydisk - ok
16:58:30.0609 1904 FLSIFACE (33010d451a3a4605f460bf1fa15aea65) C:\WINDOWS\System32\Drivers\flsiface.sys
16:58:30.0609 1904 FLSIFACE - ok
16:58:30.0625 1904 FLSPAR (f85ec1ad593b1f889cf664d68da27274) C:\WINDOWS\System32\Drivers\flspar.sys
16:58:30.0625 1904 FLSPAR - ok
16:58:30.0640 1904 FLSSER (84bf89b463893461c664880463e3eede) C:\WINDOWS\System32\Drivers\flsser.sys
16:58:30.0640 1904 FLSSER - ok
16:58:30.0656 1904 FLSVCOM (566d0fd2a966a239dac9d3905573b06e) C:\WINDOWS\System32\Drivers\flsvcom.sys
16:58:30.0656 1904 FLSVCOM - ok
16:58:30.0718 1904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:58:30.0718 1904 FltMgr - ok
16:58:30.0812 1904 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:58:30.0812 1904 FontCache3.0.0.0 - ok
16:58:30.0859 1904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:58:30.0859 1904 Fs_Rec - ok
16:58:30.0875 1904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:58:30.0875 1904 Ftdisk - ok
16:58:30.0984 1904 FTRTSVC (6356879916b56b8fc1ecdffeba752bd1) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
16:58:31.0000 1904 FTRTSVC - ok
16:58:31.0031 1904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:58:31.0046 1904 GEARAspiWDM - ok
16:58:31.0078 1904 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
16:58:31.0078 1904 ggflt - ok
16:58:31.0109 1904 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
16:58:31.0125 1904 ggsemc - ok
16:58:31.0156 1904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:58:31.0171 1904 Gpc - ok
16:58:31.0234 1904 GTUHSBUS (884199f75305f58038480f31e47604b7) C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys
16:58:31.0234 1904 GTUHSBUS - ok
16:58:31.0296 1904 GTUHSNDISIPXP (26ea5eae39a48fc6667fcd35753dcfff) C:\WINDOWS\system32\DRIVERS\gtuhs51.sys
16:58:31.0296 1904 GTUHSNDISIPXP - ok
16:58:31.0375 1904 GTUHSSER (84f1e6dd27a401c7e69e277fd74aefde) C:\WINDOWS\system32\DRIVERS\gtuhsser.sys
16:58:31.0421 1904 GTUHSSER - ok
16:58:31.0500 1904 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:58:31.0500 1904 gupdate - ok
16:58:31.0500 1904 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:58:31.0500 1904 gupdatem - ok
16:58:31.0546 1904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:58:31.0562 1904 HDAudBus - ok
16:58:31.0593 1904 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
16:58:31.0593 1904 HECI - ok
16:58:31.0687 1904 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:58:31.0687 1904 helpsvc - ok
16:58:31.0718 1904 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:58:31.0718 1904 HidServ - ok
16:58:31.0734 1904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:58:31.0750 1904 HidUsb - ok
16:58:31.0796 1904 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:58:31.0812 1904 hkmsvc - ok
16:58:31.0843 1904 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:58:31.0843 1904 hpn - ok
16:58:31.0906 1904 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:58:31.0906 1904 HSFHWAZL - ok
16:58:31.0984 1904 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:58:32.0000 1904 HSF_DPV - ok
16:58:32.0062 1904 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:58:32.0062 1904 HTTP - ok
16:58:32.0109 1904 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:58:32.0109 1904 HTTPFilter - ok
16:58:32.0140 1904 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:58:32.0140 1904 i2omgmt - ok
16:58:32.0140 1904 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:58:32.0140 1904 i2omp - ok
16:58:32.0171 1904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:58:32.0171 1904 i8042prt - ok
16:58:32.0687 1904 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:58:32.0812 1904 ialm - ok
16:58:33.0062 1904 iastor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\Drivers\iaStor.sys
16:58:33.0062 1904 iastor - ok
16:58:33.0109 1904 IBMPMDRV (4dcfc1792be8fc092ab41eafa9d0fde5) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
16:58:33.0109 1904 IBMPMDRV - ok
16:58:33.0109 1904 IBMPMSVC (ec25c26c4733ca16adbbbec53b991976) C:\WINDOWS\system32\ibmpmsvc.exe
16:58:33.0125 1904 IBMPMSVC - ok
16:58:33.0140 1904 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
16:58:33.0140 1904 IBMTPCHK - ok
16:58:33.0187 1904 IBM_LLC2 (6ec170ca8e5dc1130505c0ff25147be3) C:\WINDOWS\system32\DRIVERS\llc2.sys
16:58:33.0187 1904 IBM_LLC2 - ok
16:58:33.0328 1904 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:58:33.0343 1904 IDriverT - ok
16:58:33.0515 1904 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:58:33.0562 1904 idsvc - ok
16:58:33.0609 1904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:58:33.0609 1904 Imapi - ok
16:58:33.0687 1904 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
16:58:33.0703 1904 Imapi Helper - ok
16:58:33.0734 1904 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:58:33.0734 1904 ImapiService - ok
16:58:33.0781 1904 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:58:33.0781 1904 ini910u - ok
16:58:33.0796 1904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:58:33.0796 1904 IntelIde - ok
16:58:33.0812 1904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:58:33.0812 1904 intelppm - ok
16:58:33.0828 1904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:58:33.0828 1904 Ip6Fw - ok
16:58:33.0875 1904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:58:33.0875 1904 IpFilterDriver - ok
16:58:33.0890 1904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:58:33.0906 1904 IpInIp - ok
16:58:33.0921 1904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:58:33.0921 1904 IpNat - ok
16:58:34.0046 1904 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
16:58:34.0062 1904 iPod Service - ok
16:58:34.0093 1904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:58:34.0109 1904 IPSec - ok
16:58:34.0109 1904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:58:34.0125 1904 IRENUM - ok
16:58:34.0140 1904 IsamFilter (d809a1682026b333fb86dc52bf2802d7) C:\WINDOWS\system32\DRIVERS\isamfilter.sys
16:58:34.0156 1904 IsamFilter - ok
16:58:34.0171 1904 ISAMsmt - ok
16:58:34.0250 1904 ISAMSvc (a3999aa9b70319f0e05a8509145666d2) C:\Program Files\C4ebreg\c4ebreg.exe
16:58:34.0250 1904 ISAMSvc - ok
16:58:34.0296 1904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:58:34.0296 1904 isapnp - ok
16:58:34.0390 1904 ISSIMon (4dda581bd0966a848f5c817dde6d2f94) c:\sdwork\issimsvc.exe
16:58:34.0453 1904 ISSIMon - ok
16:58:34.0625 1904 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
16:58:34.0640 1904 JavaQuickStarterService - ok
16:58:34.0671 1904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:58:34.0671 1904 Kbdclass - ok
16:58:34.0703 1904 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:58:34.0703 1904 kbdhid - ok
16:58:34.0718 1904 KLOGNT (6bf4d4960b5a6b01ee75120b6bd994e7) C:\WINDOWS\System32\drivers\klognt.sys
16:58:34.0734 1904 KLOGNT - ok
16:58:34.0781 1904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:58:34.0781 1904 kmixer - ok
16:58:34.0828 1904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:58:34.0828 1904 KSecDD - ok
16:58:34.0890 1904 lanmanserver (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
16:58:34.0890 1904 lanmanserver - ok
16:58:34.0921 1904 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:58:34.0921 1904 lanmanworkstation - ok
16:58:34.0921 1904 lbrtfdc - ok
16:58:34.0968 1904 ldlcserv (6a1bc28f7463091433485bd36871d065) C:\WINDOWS\system32\Drivers\ldlcserv.exe
16:58:34.0968 1904 ldlcserv - ok
16:58:35.0062 1904 LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
16:58:35.0078 1904 LENOVO.MICMUTE - ok
16:58:35.0484 1904 LiveUpdate (6abe9ecaab7dd0cc6f46ec830e0fe8fc) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:58:35.0546 1904 LiveUpdate - ok
16:58:35.0703 1904 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:58:35.0703 1904 LmHosts - ok
16:58:35.0796 1904 LMS (6a38bf67bba38e8087f2a0f05fab6de7) C:\Program Files\Intel\AMT\LMS.exe
16:58:35.0812 1904 LMS - ok
16:58:35.0875 1904 LNSUSvc (2098af12149789fa6608422c8796f77c) c:\notes\SUService.exe
16:58:35.0921 1904 LNSUSvc - ok
16:58:35.0921 1904 Lotus Notes Diagnostics - ok
16:58:36.0015 1904 LVRS (35c2b196a8773d1f33905831daf16c2b) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:58:36.0031 1904 LVRS - ok
16:58:36.0375 1904 LVUVC (0d6b0ccd22caa668e559b4bb7e86abf1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:58:36.0468 1904 LVUVC - ok
16:58:36.0656 1904 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
16:58:36.0656 1904 MBAMProtector - ok
16:58:36.0781 1904 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:58:36.0796 1904 MBAMService - ok
16:58:36.0828 1904 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:58:36.0828 1904 mdmxsdk - ok
16:58:36.0859 1904 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:58:36.0875 1904 Messenger - ok
16:58:36.0906 1904 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
16:58:36.0921 1904 mf - ok
16:58:36.0937 1904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:58:36.0937 1904 mnmdd - ok
16:58:36.0953 1904 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:58:36.0968 1904 mnmsrvc - ok
16:58:36.0984 1904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:58:36.0984 1904 Modem - ok
16:58:37.0031 1904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:58:37.0031 1904 Mouclass - ok
16:58:37.0046 1904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:58:37.0046 1904 mouhid - ok
16:58:37.0062 1904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:58:37.0062 1904 MountMgr - ok
16:58:37.0109 1904 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:58:37.0109 1904 mraid35x - ok
16:58:37.0125 1904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:58:37.0140 1904 MRxDAV - ok
16:58:37.0218 1904 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:58:37.0218 1904 MRxSmb - ok
16:58:37.0250 1904 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:58:37.0265 1904 MSDTC - ok
16:58:37.0296 1904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:58:37.0296 1904 Msfs - ok
16:58:37.0296 1904 MSIServer - ok
16:58:37.0359 1904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:58:37.0359 1904 MSKSSRV - ok
16:58:37.0406 1904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:58:37.0406 1904 MSPCLOCK - ok
16:58:37.0437 1904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:58:37.0453 1904 MSPQM - ok
16:58:37.0453 1904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:58:37.0453 1904 mssmbios - ok
16:58:37.0531 1904 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:58:37.0531 1904 MSTEE - ok
16:58:37.0578 1904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:58:37.0593 1904 Mup - ok
16:58:37.0640 1904 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:58:37.0640 1904 NABTSFEC - ok
16:58:37.0718 1904 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:58:37.0734 1904 napagent - ok
16:58:37.0890 1904 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120606.020\NAVENG.SYS
16:58:37.0890 1904 NAVENG - ok
16:58:38.0078 1904 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120606.020\NAVEX15.SYS
16:58:38.0109 1904 NAVEX15 - ok
16:58:38.0281 1904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:58:38.0281 1904 NDIS - ok
16:58:38.0328 1904 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:58:38.0343 1904 NdisIP - ok
16:58:38.0390 1904 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:58:38.0390 1904 NdisTapi - ok
16:58:38.0406 1904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:58:38.0406 1904 Ndisuio - ok
16:58:38.0421 1904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:58:38.0421 1904 NdisWan - ok
16:58:38.0484 1904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:58:38.0484 1904 NDProxy - ok
16:58:38.0500 1904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:58:38.0500 1904 NetBIOS - ok
16:58:38.0546 1904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:58:38.0546 1904 NetBT - ok
16:58:38.0734 1904 NetCfgSvr (0458acdaece682c5ec34d01bc88cec03) C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
16:58:38.0734 1904 NetCfgSvr - ok
16:58:38.0812 1904 NetClientSvc (cdf98243b57c155bcd6473faf6ff598b) C:\Program Files\AT&T Network Client\NetClientSvc.exe
16:58:38.0812 1904 NetClientSvc - ok
16:58:38.0843 1904 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:58:38.0921 1904 NetDDE - ok
16:58:38.0921 1904 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:58:38.0921 1904 NetDDEdsdm - ok
16:58:38.0984 1904 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:58:38.0984 1904 Netlogon - ok
16:58:39.0031 1904 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:58:39.0046 1904 Netman - ok
16:58:39.0125 1904 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:58:39.0140 1904 NetTcpPortSharing - ok
16:58:39.0734 1904 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:58:39.0828 1904 NETw5x32 - ok
16:58:40.0031 1904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:58:40.0171 1904 NIC1394 - ok
16:58:40.0234 1904 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:58:40.0234 1904 Nla - ok
16:58:40.0281 1904 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
16:58:40.0281 1904 nmwcd - ok
16:58:40.0312 1904 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
16:58:40.0312 1904 nmwcdc - ok
16:58:40.0375 1904 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
16:58:40.0390 1904 nmwcdnsu - ok
16:58:40.0421 1904 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
16:58:40.0421 1904 nmwcdnsuc - ok
16:58:40.0468 1904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:58:40.0468 1904 Npfs - ok
16:58:40.0515 1904 NsTrcNT (bde3a4f2ab6f0ccba5f5520ff0db1240) C:\WINDOWS\System32\drivers\nstrcnt.sys
16:58:40.0515 1904 NsTrcNT - ok
16:58:40.0593 1904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:58:40.0625 1904 Ntfs - ok
16:58:40.0671 1904 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:58:40.0671 1904 NtLmSsp - ok
16:58:40.0718 1904 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:58:40.0734 1904 NtmsSvc - ok
16:58:40.0765 1904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:58:40.0765 1904 Null - ok
16:58:40.0781 1904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:58:40.0796 1904 NwlnkFlt - ok
16:58:40.0812 1904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:58:40.0828 1904 NwlnkFwd - ok
16:58:40.0859 1904 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
16:58:40.0859 1904 odysseyIM4 - ok
16:58:40.0921 1904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:58:40.0921 1904 ohci1394 - ok
16:58:41.0265 1904 OpenVPNService (447d71ffcefad01d6787422a6286a182) C:\Program Files\OpenVPN\bin\openvpnserv.exe
16:58:41.0343 1904 OpenVPNService - ok
16:58:41.0562 1904 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:58:41.0578 1904 ose - ok
16:58:41.0625 1904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:58:41.0625 1904 Parport - ok
16:58:41.0671 1904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:58:41.0671 1904 PartMgr - ok
16:58:41.0718 1904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:58:41.0718 1904 ParVdm - ok
16:58:41.0765 1904 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS
16:58:41.0781 1904 PCAMPR5 - ok
16:58:41.0812 1904 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS
16:58:41.0812 1904 PCANDIS5 - ok
16:58:41.0859 1904 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:58:41.0859 1904 pccsmcfd - ok
16:58:41.0875 1904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:58:41.0890 1904 PCI - ok
16:58:41.0890 1904 PCIDump - ok
16:58:41.0921 1904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:58:41.0921 1904 PCIIde - ok
16:58:41.0937 1904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:58:41.0937 1904 Pcmcia - ok
16:58:41.0937 1904 PDCOMP - ok
16:58:41.0953 1904 PDFRAME - ok
16:58:41.0984 1904 pdlnacom (11f1ce5dcda14ca488fa462326a55dba) C:\WINDOWS\System32\drivers\pdlnacom.sys
16:58:41.0984 1904 pdlnacom - ok
16:58:42.0046 1904 pdlnafac (c19580f33330f6a9322beec663f75b74) C:\WINDOWS\System32\drivers\pdlnafac.sys
16:58:42.0046 1904 pdlnafac - ok
16:58:42.0078 1904 pdlnatcm (783d6dbddf90e7bf4bebd5541b8ea9ee) C:\WINDOWS\System32\drivers\pdlnatcm.sys
16:58:42.0078 1904 pdlnatcm - ok
16:58:42.0125 1904 pdlnatdl (9dce400fdbc757f7957927c0051f3d3d) C:\WINDOWS\System32\drivers\pdlnatdl.sys
16:58:42.0125 1904 pdlnatdl - ok
16:58:42.0125 1904 pdlncbas (f647014133068a3425d5104a6e2b88a5) C:\WINDOWS\System32\drivers\pdlncbas.sys
16:58:42.0125 1904 pdlncbas - ok
16:58:42.0171 1904 pdlncfwk (c7d1ce981c8547eaa80c484ee610a51f) C:\WINDOWS\System32\drivers\pdlncfwk.sys
16:58:42.0171 1904 pdlncfwk - ok
16:58:42.0203 1904 pdlnctdl (8f0f5e60b5bf5fae56bda4513e1bcf93) C:\WINDOWS\System32\drivers\pdlnctdl.sys
16:58:42.0203 1904 pdlnctdl - ok
16:58:42.0203 1904 pdlndint (6c75699e517f63a482804cfc80546a4a) C:\WINDOWS\System32\drivers\pdlndint.sys
16:58:42.0203 1904 pdlndint - ok
16:58:42.0250 1904 pdlndldl (bbf28b64a0337a9b4f1d5cfa8afddeac) C:\WINDOWS\System32\drivers\pdlndldl.sys
16:58:42.0250 1904 pdlndldl - ok
16:58:42.0265 1904 pdlndlpb (99d9e584980e453bb3bd5e7ddbe7580e) C:\WINDOWS\System32\drivers\pdlndlpb.sys
16:58:42.0265 1904 pdlndlpb - ok
16:58:42.0296 1904 pdlndoem (54472abef7845c8412e4a39dcdde19ed) C:\WINDOWS\System32\drivers\pdlndoem.sys
16:58:42.0296 1904 pdlndoem - ok
16:58:42.0312 1904 pdlndqll (1dc235e946d38694fca8b99d8550e3ea) C:\WINDOWS\System32\drivers\pdlndqll.sys
16:58:42.0312 1904 pdlndqll - ok
16:58:42.0359 1904 pdlndsdl (463aecdf65ee52fab907e038f1dc6b9f) C:\WINDOWS\System32\drivers\pdlndsdl.sys
16:58:42.0359 1904 pdlndsdl - ok
16:58:42.0406 1904 pdlndtdl (aebd20e1cac597b82c4eabfbcaa9d9f9) C:\WINDOWS\System32\drivers\pdlndtdl.sys
16:58:42.0406 1904 pdlndtdl - ok
16:58:42.0453 1904 pdlnebas (c1a32cfc72ad02e026353873cef80c80) C:\WINDOWS\System32\drivers\pdlnebas.sys
16:58:42.0453 1904 pdlnebas - ok
16:58:42.0500 1904 pdlnecfg (09fc3b8cf15319515906a187ce6841b5) C:\WINDOWS\System32\drivers\pdlnecfg.sys
16:58:42.0500 1904 pdlnecfg - ok
16:58:42.0546 1904 pdlnemap (956b93b4cce0763b57d13dc5bb190526) C:\WINDOWS\System32\drivers\pdlnemap.sys
16:58:42.0546 1904 pdlnemap - ok
16:58:42.0546 1904 pdlnemsg (268c838db60ba87c018149d2171d232c) C:\WINDOWS\System32\drivers\pdlnemsg.sys
16:58:42.0546 1904 pdlnemsg - ok
16:58:42.0578 1904 pdlnepkt (9d1ae0bc98b2cc47decfcf1bc6ca531c) C:\WINDOWS\System32\drivers\pdlnepkt.sys
16:58:42.0578 1904 pdlnepkt - ok
16:58:42.0593 1904 pdlnshay (fc0a7f996dda6ca020217cb479d08f36) C:\WINDOWS\System32\drivers\pdlnshay.sys
16:58:42.0593 1904 pdlnshay - ok
16:58:42.0640 1904 pdlnslea (ae9e37f7c759de11e8754a8288ea6d23) C:\WINDOWS\System32\drivers\pdlnslea.sys
16:58:42.0640 1904 pdlnslea - ok
16:58:42.0656 1904 pdlnsv25 (8698ba42f05bf901d3c8c6e61b2fc38a) C:\WINDOWS\System32\drivers\pdlnsv25.sys
16:58:42.0656 1904 pdlnsv25 - ok
16:58:42.0671 1904 pdlnsx25 (28cca5ced734bcb8d80b821a5901ce05) C:\WINDOWS\System32\drivers\pdlnsx25.sys
16:58:42.0687 1904 pdlnsx25 - ok
16:58:42.0687 1904 PDRELI - ok
16:58:42.0687 1904 PDRFRAME - ok
16:58:42.0734 1904 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:58:42.0734 1904 perc2 - ok
16:58:42.0750 1904 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:58:42.0750 1904 perc2hib - ok
16:58:42.0812 1904 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:58:42.0812 1904 PlugPlay - ok
16:58:42.0859 1904 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
16:58:42.0859 1904 PMEM - ok
16:58:42.0890 1904 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:58:42.0890 1904 PolicyAgent - ok
16:58:43.0062 1904 Power Manager DBC Service (842b27ebf7a7ff339aa5ed411ae720f2) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
16:58:43.0062 1904 Power Manager DBC Service - ok
16:58:43.0125 1904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:58:43.0125 1904 PptpMiniport - ok
16:58:43.0140 1904 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:58:43.0140 1904 ProtectedStorage - ok
16:58:43.0187 1904 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
16:58:43.0187 1904 psadd - ok
16:58:43.0203 1904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:58:43.0203 1904 Ptilink - ok
16:58:43.0203 1904 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:58:43.0218 1904 PxHelp20 - ok
16:58:43.0218 1904 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:58:43.0218 1904 ql1080 - ok
16:58:43.0234 1904 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:58:43.0234 1904 Ql10wnt - ok
16:58:43.0234 1904 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:58:43.0234 1904 ql12160 - ok
16:58:43.0250 1904 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:58:43.0250 1904 ql1240 - ok
16:58:43.0250 1904 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:58:43.0265 1904 ql1280 - ok
16:58:43.0265 1904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:58:43.0265 1904 RasAcd - ok
16:58:43.0296 1904 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:58:43.0312 1904 RasAuto - ok
16:58:43.0312 1904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:58:43.0312 1904 Rasl2tp - ok
16:58:43.0343 1904 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:58:43.0390 1904 RasMan - ok
16:58:43.0406 1904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:58:43.0406 1904 RasPppoe - ok
16:58:43.0406 1904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:58:43.0406 1904 Raspti - ok
16:58:43.0437 1904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:58:43.0437 1904 Rdbss - ok
16:58:43.0453 1904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:58:43.0453 1904 RDPCDD - ok
16:58:43.0515 1904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:58:43.0515 1904 rdpdr - ok
16:58:43.0593 1904 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:58:43.0593 1904 RDPWD - ok
16:58:43.0640 1904 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:58:43.0734 1904 RDSessMgr - ok
16:58:43.0765 1904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:58:43.0765 1904 redbook - ok
16:58:43.0937 1904 RegSrvc (a171029d6b6c2d93c22861a347f43c2a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:58:43.0953 1904 RegSrvc - ok
16:58:43.0984 1904 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:58:44.0000 1904 RemoteAccess - ok
16:58:44.0015 1904 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:58:44.0031 1904 RemoteRegistry - ok
16:58:44.0062 1904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:58:44.0062 1904 RFCOMM - ok
16:58:44.0093 1904 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:58:44.0093 1904 ROOTMODEM - ok
16:58:44.0140 1904 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:58:44.0156 1904 RpcLocator - ok
16:58:44.0203 1904 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:58:44.0218 1904 RpcSs - ok
16:58:44.0265 1904 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:58:44.0437 1904 RSVP - ok
16:58:44.0578 1904 RUS (8c38117756a67503fefa53709015642a) C:\Program Files\Bouygues Telecom\Kit Internet Mobile\RUS.exe
16:58:44.0593 1904 RUS - ok
16:58:44.0750 1904 S24EventMonitor (87955061fd3789ca7a5c4c72a05a1a9f) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
16:58:44.0796 1904 S24EventMonitor - ok
16:58:44.0875 1904 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:58:44.0875 1904 s24trans - ok
16:58:44.0921 1904 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:58:44.0921 1904 SamSs - ok
16:58:44.0968 1904 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:58:44.0984 1904 SCardSvr - ok
16:58:45.0031 1904 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:58:45.0046 1904 Schedule - ok
16:58:45.0078 1904 scrswi (7d35f3c9d06602bf37ce478c84c9850a) C:\WINDOWS\system32\DRIVERS\scrswi.sys
16:58:45.0078 1904 scrswi - ok
16:58:45.0125 1904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:58:45.0140 1904 Secdrv - ok
16:58:45.0156 1904 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:58:45.0156 1904 seclogon - ok
16:58:45.0171 1904 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:58:45.0171 1904 SENS - ok
16:58:45.0218 1904 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
16:58:45.0234 1904 Ser2pl - ok
16:58:45.0265 1904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:58:45.0265 1904 serenum - ok
16:58:45.0281 1904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:58:45.0281 1904 Serial - ok
16:58:45.0484 1904 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:58:45.0515 1904 ServiceLayer - ok
16:58:45.0562 1904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:58:45.0562 1904 Sfloppy - ok
16:58:45.0640 1904 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:58:45.0656 1904 SharedAccess - ok
16:58:45.0687 1904 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:58:45.0703 1904 ShellHWDetection - ok
16:58:45.0750 1904 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
16:58:45.0750 1904 Shockprf - ok
16:58:45.0750 1904 Simbad - ok
16:58:45.0781 1904 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:58:45.0781 1904 sisagp - ok
16:58:45.0828 1904 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:58:45.0843 1904 SLIP - ok
16:58:46.0046 1904 SmcService (8317ad0c7e640411c746d5664eb7957a) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
16:58:46.0078 1904 SmcService - ok
16:58:46.0125 1904 SNAC (95293a76341b1db125ee125474657728) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
16:58:46.0171 1904 SNAC - ok
16:58:46.0218 1904 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
16:58:46.0250 1904 Sony Ericsson PCCompanion - ok
16:58:46.0453 1904 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:58:46.0453 1904 Sparrow - ok
16:58:46.0578 1904 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:58:46.0578 1904 SPBBCDrv - ok
16:58:46.0640 1904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:58:46.0640 1904 splitter - ok
16:58:46.0687 1904 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:58:46.0687 1904 Spooler - ok
16:58:46.0796 1904 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
16:58:46.0796 1904 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
16:58:46.0796 1904 sptd ( LockedFile.Multi.Generic ) - warning
16:58:46.0796 1904 sptd - detected LockedFile.Multi.Generic (1)
16:58:46.0828 1904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:58:46.0828 1904 sr - ok
16:58:46.0859 1904 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:58:46.0859 1904 srservice - ok
16:58:46.0890 1904 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\WINDOWS\system32\Drivers\SRTSP.SYS
16:58:46.0890 1904 SRTSP - ok
16:58:46.0937 1904 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
16:58:46.0953 1904 SRTSPL - ok
16:58:46.0968 1904 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
16:58:46.0968 1904 SRTSPX - ok
16:58:47.0015 1904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:58:47.0015 1904 Srv - ok
16:58:47.0031 1904 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:58:47.0046 1904 SSDPSRV - ok
16:58:47.0109 1904 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:58:47.0109 1904 stisvc - ok
16:58:47.0156 1904 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:58:47.0171 1904 streamip - ok
16:58:47.0250 1904 SUService (f1262146970c5b73159e3727acde8278) c:\program files\lenovo\system update\suservice.exe
16:58:47.0265 1904 SUService - ok
16:58:47.0312 1904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:58:47.0312 1904 swenum - ok
16:58:47.0421 1904 SwiCardDetectSvc (95600fbdb2ae9ad7a3c45b9f916235c0) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
16:58:47.0421 1904 SwiCardDetectSvc - ok
16:58:47.0578 1904 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:58:47.0578 1904 SwitchBoard - ok
16:58:47.0625 1904 swivsp (5230aab3a00b0a1b89580d8ed85b5bfa) C:\WINDOWS\system32\DRIVERS\swivspnt.sys
16:58:47.0625 1904 swivsp - ok
16:58:47.0671 1904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:58:47.0671 1904 swmidi - ok
16:58:47.0718 1904 swmsflt (a184a1bab187809b144ba32509b9e731) C:\WINDOWS\System32\drivers\swmsflt.sys
16:58:47.0734 1904 swmsflt - ok
16:58:47.0765 1904 SWNC8U52 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\WINDOWS\system32\DRIVERS\swnc8u52.sys
16:58:47.0781 1904 SWNC8U52 - ok
16:58:47.0781 1904 SwPrv - ok
16:58:47.0796 1904 SWUMX20 - ok
16:58:47.0828 1904 SWUMX52 (903a5e596a3910cebfa33f3bd7d9c174) C:\WINDOWS\system32\DRIVERS\swumx52.sys
16:58:47.0828 1904 SWUMX52 - ok
16:58:48.0062 1904 Symantec AntiVirus (4402cf4959a30cb6a008099aba8f22a9) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:58:48.0093 1904 Symantec AntiVirus - ok
16:58:48.0296 1904 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:58:48.0296 1904 symc810 - ok
16:58:48.0312 1904 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:58:48.0312 1904 symc8xx - ok
16:58:48.0343 1904 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:58:48.0421 1904 SymEvent - ok
16:58:48.0468 1904 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
16:58:48.0484 1904 SYMREDRV - ok
16:58:48.0500 1904 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
16:58:48.0500 1904 SYMTDI - ok
16:58:48.0500 1904 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:58:48.0515 1904 sym_hi - ok
16:58:48.0531 1904 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:58:48.0531 1904 sym_u3 - ok
16:58:48.0593 1904 SynTP (d1e06d0b79fdbf6e86ff7be04ff33651) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:58:48.0593 1904 SynTP - ok
16:58:48.0640 1904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:58:48.0640 1904 sysaudio - ok
16:58:48.0687 1904 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:58:48.0703 1904 SysmonLog - ok
16:58:48.0750 1904 SysPlant (666992d996c524812e713effd836d043) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
16:58:48.0750 1904 SysPlant - ok
16:58:48.0781 1904 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
16:58:48.0781 1904 tap0901 - ok
16:58:48.0843 1904 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:58:48.0859 1904 TapiSrv - ok
16:58:48.0921 1904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:58:48.0921 1904 Tcpip - ok
16:58:48.0937 1904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:58:48.0953 1904 TDPIPE - ok
16:58:48.0968 1904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:58:48.0984 1904 TDTCP - ok
16:58:49.0000 1904 Teefer2 (f63439ac8fa992bfa0c757eb644a1a0c) C:\WINDOWS\system32\DRIVERS\teefer2.sys
16:58:49.0000 1904 Teefer2 - ok
16:58:49.0046 1904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:58:49.0046 1904 TermDD - ok
16:58:49.0078 1904 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:58:49.0171 1904 TermService - ok
16:58:49.0234 1904 TGRAB (2e5d84c3d4301701cf7f977c15df905d) C:\WINDOWS\system32\tgrab.sys
16:58:49.0234 1904 TGRAB - ok
16:58:49.0265 1904 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:58:49.0281 1904 Themes - ok
16:58:49.0468 1904 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
16:58:49.0468 1904 ThinkVantage Registry Monitor Service - ok
16:58:49.0531 1904 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:58:49.0578 1904 TlntSvr - ok
16:58:49.0640 1904 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:58:49.0640 1904 TosIde - ok
16:58:49.0671 1904 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
16:58:49.0671 1904 TPDIGIMN - ok
16:58:49.0703 1904 TPHDEXLGSVC (51b679f627a43a25ef9444ad23bbff9a) C:\WINDOWS\system32\TPHDEXLG.exe
16:58:49.0703 1904 TPHDEXLGSVC - ok
16:58:49.0750 1904 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
16:58:49.0750 1904 TPHKDRV - ok
16:58:49.0843 1904 TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
16:58:49.0843 1904 TPHKSVC - ok
16:58:49.0906 1904 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe
16:58:49.0906 1904 TpKmpSVC - ok
16:58:49.0968 1904 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
16:58:49.0968 1904 tpm - ok
16:58:50.0015 1904 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
16:58:50.0015 1904 TPPWRIF - ok
16:58:50.0062 1904 TrcBoot (f148f952fc89545137622eb73525ef8f) C:\WINDOWS\system32\Drivers\trcboot.exe
16:58:50.0062 1904 TrcBoot - ok
16:58:50.0312 1904 TRCTARGET (7c3c8a244a716db1157299f0d250dfb4) C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe
16:58:50.0328 1904 TRCTARGET - ok
16:58:50.0359 1904 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:58:50.0375 1904 TrkWks - ok
16:58:50.0421 1904 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
16:58:50.0421 1904 TSMAPIP - ok
16:58:50.0593 1904 TVT Scheduler (e9ea448f1174be4052416b62263ea4ee) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
16:58:50.0640 1904 TVT Scheduler - ok
16:58:50.0656 1904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:58:50.0671 1904 Udfs - ok
16:58:50.0703 1904 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:58:50.0703 1904 ultra - ok
16:58:50.0812 1904 UMVPFSrv (6aa98eeb910e3d3a718592834ebe61d7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:58:50.0812 1904 UMVPFSrv - ok
16:58:51.0046 1904 UNS (fa84735377d00e12597d2a1d8d2c320e) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
16:58:51.0078 1904 UNS - ok
16:58:51.0296 1904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:58:51.0312 1904 Update - ok
16:58:51.0343 1904 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:58:51.0359 1904 upnphost - ok
16:58:51.0390 1904 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
16:58:51.0390 1904 upperdev - ok
16:58:51.0406 1904 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:58:51.0421 1904 UPS - ok
16:58:51.0500 1904 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:58:51.0500 1904 usbaudio - ok
16:58:51.0531 1904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:58:51.0531 1904 usbccgp - ok
16:58:51.0640 1904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:58:51.0640 1904 usbehci - ok
16:58:51.0671 1904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:58:51.0671 1904 usbhub - ok
16:58:51.0703 1904 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:58:51.0718 1904 usbohci - ok
16:58:51.0765 1904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:58:51.0765 1904 usbprint - ok
16:58:51.0828 1904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:58:51.0843 1904 usbscan - ok
16:58:51.0875 1904 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
16:58:51.0875 1904 usbser - ok
16:58:51.0921 1904 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
16:58:51.0921 1904 UsbserFilt - ok
16:58:51.0968 1904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:58:51.0984 1904 USBSTOR - ok
16:58:52.0015 1904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:58:52.0015 1904 usbuhci - ok
16:58:52.0046 1904 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:58:52.0046 1904 usbvideo - ok
16:58:52.0062 1904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:58:52.0062 1904 VgaSave - ok
16:58:52.0093 1904 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:58:52.0109 1904 viaagp - ok
16:58:52.0109 1904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:58:52.0109 1904 ViaIde - ok
16:58:52.0125 1904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:58:52.0125 1904 VolSnap - ok
16:58:52.0171 1904 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:58:52.0187 1904 VSS - ok
16:58:52.0218 1904 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:58:52.0234 1904 W32Time - ok
16:58:52.0281 1904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:58:52.0281 1904 Wanarp - ok
16:58:52.0328 1904 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:58:52.0343 1904 WDC_SAM - ok
16:58:52.0500 1904 WDDMService (dbbab783009fbdf69b222641bb7831ae) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:58:52.0500 1904 WDDMService - ok
16:58:52.0578 1904 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:58:52.0593 1904 Wdf01000 - ok
16:58:52.0734 1904 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
16:58:52.0750 1904 WDFME - ok
16:58:52.0906 1904 WDICA - ok
16:58:52.0953 1904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:58:52.0953 1904 wdmaud - ok
16:58:53.0015 1904 WDSC (b30940e39d5b3218958dbd2ea3d13bcb) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
16:58:53.0031 1904 WDSC - ok
16:58:53.0062 1904 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:58:53.0078 1904 WebClient - ok
16:58:53.0140 1904 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:58:53.0156 1904 winachsf - ok
16:58:53.0203 1904 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:58:53.0218 1904 winmgmt - ok
16:58:53.0265 1904 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:58:53.0265 1904 WinUSB - ok
16:58:53.0312 1904 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:58:53.0312 1904 WmdmPmSN - ok
16:58:53.0437 1904 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:58:53.0437 1904 Wmi - ok
16:58:53.0484 1904 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:58:53.0484 1904 WmiAcpi - ok
16:58:53.0546 1904 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:58:53.0562 1904 WmiApSrv - ok
16:58:53.0578 1904 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:58:53.0578 1904 WpdUsb - ok
16:58:53.0656 1904 WPS (9748e527f0d71bc86a1fe45f294e368b) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
16:58:53.0656 1904 WPS - ok
16:58:53.0750 1904 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
16:58:53.0765 1904 WpsHelper - ok
16:58:53.0843 1904 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:58:53.0843 1904 wscsvc - ok
16:58:53.0906 1904 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:58:53.0906 1904 WSTCODEC - ok
16:58:53.0953 1904 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:58:53.0984 1904 wuauserv - ok
16:58:54.0031 1904 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:58:54.0031 1904 WudfPf - ok
16:58:54.0046 1904 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:58:54.0046 1904 WudfRd - ok
16:58:54.0062 1904 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
16:58:54.0062 1904 WudfSvc - ok
16:58:54.0140 1904 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:58:54.0156 1904 WZCSVC - ok
16:58:54.0171 1904 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:58:54.0187 1904 xmlprov - ok
16:58:54.0265 1904 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
16:58:54.0687 1904 \Device\Harddisk0\DR0 - ok
16:58:54.0687 1904 Boot (0x1200) (c891019bd334591d8d26b6c3a57d9a95) \Device\Harddisk0\DR0\Partition0
16:58:54.0687 1904 \Device\Harddisk0\DR0\Partition0 - ok
16:58:54.0687 1904 ============================================================
16:58:54.0687 1904 Scan finished
16:58:54.0687 1904 ============================================================
16:58:54.0703 2844 Detected object count: 2
16:58:54.0703 2844 Actual detected object count: 2
16:59:03.0796 2844 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:59:03.0796 2844 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:59:03.0796 2844 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:59:03.0796 2844 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:59:29.0875 1376 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 21:05:56
-----------------------------
21:05:56.828 OS Version: Windows 5.1.2600 Service Pack 3
21:05:56.828 Number of processors: 2 586 0x170A
21:05:56.828 ComputerName: TP-DUMONTIER UserName: dumontier
21:06:19.843 Initialize success
21:08:41.312 AVAST engine defs: 12060700
21:10:27.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:10:27.625 Disk 0 Vendor: HITACHI_ FC2Z Size: 152627MB BusType: 3
21:10:27.718 Disk 0 MBR read successfully
21:10:27.718 Disk 0 MBR scan
21:10:27.796 Disk 0 unknown MBR code
21:10:27.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
21:10:27.890 Disk 0 scanning sectors +312560640
21:10:28.140 Disk 0 scanning C:\WINDOWS\system32\drivers
21:11:39.828 Service scanning
21:12:14.640 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:12:17.359 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
21:12:17.906 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
21:12:24.203 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
21:12:24.265 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
21:12:25.296 Modules scanning
21:13:59.125 Disk 0 trace - called modules:
21:13:59.156
21:14:01.312 AVAST engine scan C:\WINDOWS
21:14:40.218 AVAST engine scan C:\WINDOWS\system32
21:27:28.171 AVAST engine scan C:\WINDOWS\system32\drivers
21:29:34.625 AVAST engine scan C:\Documents and Settings\dumontier
00:20:15.531 AVAST engine scan C:\Documents and Settings\All Users
00:27:31.500 Scan finished successfully
08:00:39.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dumontier\My Documents\Downloads\MBR.dat"
08:00:39.984 The log file has been saved successfully to "C:\Documents and Settings\dumontier\My Documents\Downloads\aswMBR.txt"

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 08 June 2012 - 12:25 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#5 bostella

bostella
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 08 June 2012 - 02:50 PM

Here it is:


ComboFix 12-06-08.02 - dumontier 08/06/2012 19:43:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1944.699 [GMT 2:00]
Running from: c:\documents and settings\dumontier\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
c:\documents and settings\dumontier\Favorites\.url
c:\documents and settings\dumontier\WINDOWS
c:\java_me_platform_sdk_3.0\bin\device-manager.exe
c:\windows\qfe62.tmp
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\NeW
c:\windows\system32\operaprefs_fixed.ini
c:\windows\system32\SET855.tmp
c:\windows\system32\SET859.tmp
c:\windows\system32\SET861.tmp
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-01 12:26 . 2012-06-01 12:26 -------- d-----w- c:\documents and settings\dumontier\Application Data\WDPlugin
2012-06-01 12:25 . 2012-04-24 10:56 299656 ----a-w- c:\program files\Mozilla Firefox\plugins\npwdplugin821.dll
2012-06-01 12:25 . 2012-06-01 12:25 -------- d-----w- c:\program files\IBM SmartCloud Meetings
2012-05-29 21:13 . 2012-06-08 19:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-28 00:48 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-05-28 00:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-28 00:46 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-28 00:42 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-05-28 00:34 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-28 00:29 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-25 12:10 . 2011-03-27 02:13 327168 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
2012-05-22 12:52 . 2012-05-22 12:52 -------- d-----w- c:\documents and settings\dumontier\Application Data\Malwarebytes
2012-05-22 12:52 . 2012-05-22 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 12:52 . 2012-05-22 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-22 12:52 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-16 17:26 . 2012-05-16 17:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-05-16 14:09 . 2012-02-23 12:25 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 09:43 . 2012-05-16 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-05-16 09:43 . 2012-05-16 09:43 -------- d-----w- c:\documents and settings\dumontier\Application Data\IObit
2012-05-16 09:43 . 2012-05-16 09:43 -------- d-----w- c:\program files\IObit
2012-05-15 16:37 . 2012-05-15 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-05-15 15:56 . 2012-05-15 15:56 -------- d-----w- c:\documents and settings\dumontier\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-05-15 15:55 . 2012-05-15 15:56 -------- d-----w- c:\program files\Adobe Download Assistant
2012-05-15 13:19 . 2012-05-15 13:19 -------- d-----w- c:\program files\ZetaWare
2012-05-15 12:47 . 2012-05-15 12:47 -------- d-----w- c:\program files\Schlumberger
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 08:27 . 2012-04-11 07:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 08:27 . 2011-05-20 13:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-16 16:05 . 2005-07-29 18:05 68888 ----a-w- c:\windows\isamunin.exe
2012-04-11 13:14 . 2004-08-04 05:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 05:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 12:53 . 2006-01-08 21:23 516173 ----a-w- c:\windows\system32\MSVCP60D.DLL
2012-04-03 12:53 . 2006-01-08 21:23 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2012-03-29 12:16 . 2012-03-29 12:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-29 12:16 . 2010-05-21 07:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-15 16:02 . 2012-03-15 16:02 73728 ----a-r- c:\documents and settings\dumontier\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-15 16:02 . 2012-03-15 16:02 73728 ----a-r- c:\documents and settings\dumontier\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-15 16:02 . 2012-03-15 16:02 53248 ----a-r- c:\documents and settings\dumontier\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-03-15 16:02 . 2012-03-15 16:02 49152 ----a-r- c:\documents and settings\dumontier\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-03-15 16:02 . 2012-03-15 16:02 49152 ----a-r- c:\documents and settings\dumontier\Application Data\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-03-12 18:56 . 2005-04-05 20:46 947472 ----a-w- c:\windows\system32\msjava.dll
2012-03-05 14:18 . 2012-03-05 14:18 10905632 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-05-30 12:19 . 2011-05-30 12:19 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-04-21 00:57 . 2011-03-29 20:32 134072 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SymphonyPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\IBM Lotus Symphony -nogui -nosplash" [X]
"KeyWallet"="c:\progra~1\KEYWAL~1\KWallet.exe" [2001-06-10 274432]
"NetSP - restore settings on power failure"="c:\progra~1\AT&TNE~2\NetSP.exe" [2009-10-07 87392]
"Akamai NetSession Interface"="c:\documents and settings\dumontier\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"stgclean"="c:\sdwork\w32maing.exe" [2012-04-27 291840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-09-09 421888]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-09-09 208896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-22 820520]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2011-07-28 184048]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2012-04-16 498968]
"Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2012-04-16 314648]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2005-09-06 28672]
"ipmcmu"="c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe" [2010-03-26 204800]
"BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe" [2009-09-02 140016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2010-10-08 329072]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2010-09-14 116080]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2010-10-17 1259008]
"CardDetectorICON505"="c:\program files\CardDetector\ICON505\CardDetector.exe" [2009-08-28 282624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-11-04 115560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-3-5 10905632]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-3-5 10905632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-2-10 604776]
SCHEDULE.BAT [2010-2-8 46384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2005-09-06 18:43 49152 ----a-w- c:\windows\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InfoPrint Select Notification.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InfoPrint Select Notification.lnk
backup=c:\windows\pss\InfoPrint Select Notification.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dumontier^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\dumontier\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymphonyPreLoad]
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\IBM Lotus Symphony -nogui -nosplash [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-10-11 15:17 93816 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLSDeviceControlPanel]
2011-07-21 15:02 107816 ----a-w- c:\windows\system32\FLSDEVCP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-03-01 21:14 190808 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyHelpService]
2010-10-27 09:46 94208 ----a-w- c:\program files\IBM\My Help\workspace\service\delayStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\PROGRA~1\\AT&TNE~2\\SwiApiMux.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BigFix Enterprise\\BES Client\\BESClient.exe"=
"c:\\Documents and Settings\\dumontier\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Documents and Settings\\dumontier\\Application Data\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/08/2010 16:42 697328]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 18:21 19496]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [29/05/2012 23:13 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [29/05/2012 23:13 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [29/05/2012 23:13 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [29/05/2012 23:13 3065120]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [16/05/2012 11:43 913752]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 07:00 14336]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [21/07/2011 17:02 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [21/07/2011 17:02 14272]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [21/07/2011 17:02 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [21/07/2011 17:02 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [21/07/2011 17:02 35226]
R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\notes\SUService.exe [16/09/2011 09:31 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/05/2012 14:52 654408]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 13:36 263520]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [14/09/2009 18:16 53248]
R2 RUS;Remote Utility Service;c:\program files\Bouygues Telecom\Kit Internet Mobile\RUS.exe [11/10/2007 13:53 27472]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [27/10/2010 19:19 230768]
R2 TGRAB;Tivoli Endpoint Manager for Remote Control - Text Screen Capture Driver;c:\windows\system32\tgrab.sys [09/02/2012 16:27 8288]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [14/09/2009 18:18 62320]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [04/03/2011 03:31 428640]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [14/09/2009 18:53 2058776]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [08/09/2010 10:41 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [08/09/2010 10:45 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [08/09/2010 10:44 484352]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [29/05/2012 23:13 51632]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [14/09/2009 17:50 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01/06/2012 00:13 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/05/2012 14:52 22344]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [29/08/2007 14:55 20352]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2010 21:35 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [21/05/2009 22:48 45424]
S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [29/08/2007 14:55 103936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/04/2012 09:59 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [04/11/2011 17:28 23888]
S3 dblhost;Diginext DBL Hosting Service;c:\program files\Bouygues Telecom\Kit Internet Mobile\dblhost.exe [11/10/2007 13:52 75088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/12/2011 22:01 13224]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [16/11/2011 10:28 66560]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [16/11/2011 10:28 107520]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [16/11/2011 10:28 8064]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2010 21:35 136176]
S3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [20/11/2009 18:36 9600]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15/03/2012 18:04 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15/03/2012 18:04 8576]
S3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [29/08/2007 14:55 43904]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12/12/2011 21:56 155344]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [29/08/2007 14:55 101248]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [29/08/2007 14:55 73856]
S3 TRCTARGET;Tivoli Endpoint Manager for Remote Control - Target;c:\program files\IBM\Tivoli\Remote Control\Target\trc_base.exe [09/02/2012 16:30 745472]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [01/09/2011 17:21 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:27]
.
2012-06-05 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2009-09-14 15:58]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 19:34]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 19:34]
.
2012-06-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-14 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
TCP: DhcpNameServer = 192.168.0.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} - hxxps://w3.ibm.com/tools/print/plugin/gpwsx-4.1.cab
FF - ProfilePath - c:\documents and settings\dumontier\Application Data\Mozilla\Firefox\Profiles\vyeqh42e.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-pmonmh - c:\program files\IBM\My Help\plugins\com.ibm.myhelp.common_1.6.3\pmonmh.exe
Notify-ACNotify - ACNotify.dll
Notify-atmgrtok - atmgrtok.dll
Notify-NavLogon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-Symantec Antvirus
MSConfigStartUp-Java™ ME Platform SDK 3 - c:\java_me_platform_sdk_3.0\bin\device-manager.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-pmonmh - c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
AddRemove-GridVision Device Management - c:\windows\system32\javaws.exe
AddRemove-GridVision Fabric Management - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-08 21:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3387471723-2493704893-1408173739-1005\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\dumontier\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Documents and Settings\\dumontier\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\dumontier\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\dumontier\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\dumontier\\My Documents\\Sports Interactive\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000010
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009f2c
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="A5-EA80-EB1F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1676)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\IBM\Personal Communications\atmgrtok.dll
c:\program files\IBM\Personal Communications\MILLUTIL.DLL
c:\windows\system32\pcsinst.dll
.
- - - - - - - > 'lsass.exe'(1272)
c:\windows\SYSTEM32\SYSFER.DLL
.
- - - - - - - > 'explorer.exe'(4316)
c:\windows\SYSTEM32\SYSFER.DLL
c:\windows\system32\WININET.dll
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\BigFix Enterprise\BES Client\BESClient.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20101013-2236\win32\x86\symphony.exe
c:\notes\nsd.exe
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20101015-2340\program\soffice.bin
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe
.
**************************************************************************
.
Completion time: 2012-06-08 21:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 19:44
.
Pre-Run: 24 091 226 112 bytes free
Post-Run: 24 628 903 936 bytes free
.
- - End Of File - - BEC3ADF35C4ABCEF62F579685D352049

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 08 June 2012 - 03:08 PM

Looking good.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

What are the remaining issues?

#7 bostella

bostella
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 11 June 2012 - 02:50 AM

Thanks, here's the log. I probably should update my Java ?

Pls note that my (company) PC runs the Symantec Endpoint Protection suite by default so I hope this didn't interfere with the tests/checks you asked me to run (I cannot totally stop it from running, just disabling it temporarily).

Otherwise, I'm not experiencing TCP/IP dropoffs anymore (ok - short sample size as it's been 72h but still worth noting). I get the feeling that my laptop performance remains somewhat slow when multi tasking (e.g. Lotus Notes, Power Point, Excel, Adobe all running at the same time) but hard for me to quantify this more precisely. I'll keep monitoring this.

=====

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Emsisoft Anti-Malware
Symantec Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
IBM 32-bit Runtime Environment for Java 2, v5.0
Java™ Platform, Micro Edition Software Development Kit 3.0
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 25
IBM 32-bit Runtime Environment for Java 2, v5.0
Java DB 10.6.2.1
IBM 32-bit Runtime Environment for Java v6
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox 10.0.4 Firefox out of Date!
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Emsisoft Anti-Malware a2service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 11 June 2012 - 09:48 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


Unless you do development and need these old versions of Java I would remove them also.

IBM 32-bit Runtime Environment for Java 2, v5.0
Java™ Platform, Micro Edition Software Development Kit 3.0
Java™ SE Development Kit 6 Update 25
IBM 32-bit Runtime Environment for Java 2, v5.0
Java DB 10.6.2.1
IBM 32-bit Runtime Environment for Java v6


Delete also this old version of Adobe Reader 9.

===

laptop performance remains somewhat slow when multi tasking (e.g. Lotus Notes, Power Point, Excel, Adobe all running at the same time) but hard for me to quantify this more precisely.


A defragmentation of the Hard Disk may help.

Also check your Virtual Memory setting. Make sure you have it set to the recommended setting.
You can increase it up to 1.5 percent of the amount or RAM in your computer.
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#9 bostella

bostella
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 13 June 2012 - 11:55 AM

Thanks a lot for your help - I just did that.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 19 June 2012 - 10:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users