Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Monitor suddenly goes all black with white box for mouse cursor.


  • Please log in to reply
7 replies to this topic

#1 Togra_blah

Togra_blah

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:OR, USA
  • Local time:04:01 PM

Posted 09 August 2012 - 01:21 AM

Hi, as per my Topic Title, my computer Monitor has been randomly going to a black backround with a white box for mouse cursor, for no apparent reason.

I'm running Windows XP SP3 and my Custom Computer's Hardware/Security Software information can be found on my Profile - if i should post it here as well, i'd be happy to - just ask.

The odd thing is that the box still moves when i move my mouse, so it's clearly not a hard-lock of the system - i can ctrl-alt-del alt-u r to restart the system when it happens, rather than being forced to resort to the reset button on the case.

In the past, i have also had a pink checkered backround, as well as a green backround, both with the same white box for the mouse cursor - unfortunately, however, i did not get a video of them, and those backround colors have not happened since.

I'm inclined to believe the root cause *may* be hardware or software settings related, but as i am far more concerned about it being caused by an infection, i felt i would post here, first.

Hopefully that's ok.

I have looked over Windows' Event Viewer, Norton's Security History, run EVGA's OC Scanner (even tho i do not overclock), run Memtest86+ (just one pass), and run MemtestG80-1.1 all to no avail - nothing in Windows' Event Viewer, Norton's Security History, no Artifacts/errors in EVGA's OC Scanner, Memtest86+ came back fine, as did MemtestG80-1.1 .

Here is a video i took of the issue with a digital camera and uploaded, in case it might be of any help in getting to the bottom of this.

Link to Video on YouTube

Hopefully the root cause of this problem can be discovered and fixed - if there is any further information i can provide, please don't hesitate to ask. :)

Note this is a seperate issue from the one i posted about a few years ago - that one was caused by my old GPU being on its last legs heh - moral of that story is to always have some software to monitor the temp of your GPU and manually adjust fan speed.

Edited by Togra_blah, 09 August 2012 - 01:49 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 PM

Posted 12 August 2012 - 10:00 PM

Hello, I feel it may not be malware.

Well lets run these ....

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Togra_blah

Togra_blah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:OR, USA
  • Local time:04:01 PM

Posted 13 August 2012 - 02:51 AM

TDSS Results are as follows - no restart was initiated by the application:

22:22:36.0500 1824 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:22:38.0500 1824 ============================================================
22:22:38.0500 1824 Current date / time: 2012/08/12 22:22:38.0500
22:22:38.0500 1824 SystemInfo:
22:22:38.0500 1824
22:22:38.0500 1824 OS Version: 5.1.2600 ServicePack: 3.0
22:22:38.0500 1824 Product type: Workstation
22:22:38.0500 1824 ComputerName: KCOMP
22:22:38.0500 1824 UserName: Kevin
22:22:38.0500 1824 Windows directory: C:\WINDOWS
22:22:38.0500 1824 System windows directory: C:\WINDOWS
22:22:38.0500 1824 Processor architecture: Intel x86
22:22:38.0500 1824 Number of processors: 2
22:22:38.0500 1824 Page size: 0x1000
22:22:38.0500 1824 Boot type: Normal boot
22:22:38.0500 1824 ============================================================
22:22:41.0921 1824 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:22:41.0937 1824 Drive \Device\Harddisk1\DR1 - Size: 0x26508DF400 (153.26 Gb), SectorSize: 0x200, Cylinders: 0x4E26, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:22:41.0937 1824 ============================================================
22:22:41.0937 1824 \Device\Harddisk0\DR0:
22:22:41.0937 1824 MBR partitions:
22:22:41.0937 1824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
22:22:41.0937 1824 \Device\Harddisk1\DR1:
22:22:41.0937 1824 MBR partitions:
22:22:41.0937 1824 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x115562F7
22:22:41.0937 1824 ============================================================
22:22:41.0953 1824 C: <-> \Device\Harddisk1\DR1\Partition0
22:22:41.0968 1824 E: <-> \Device\Harddisk0\DR0\Partition0
22:22:41.0968 1824 ============================================================
22:22:41.0968 1824 Initialize success
22:22:41.0968 1824 ============================================================
22:23:01.0843 3620 ============================================================
22:23:01.0843 3620 Scan started
22:23:01.0843 3620 Mode: Manual;
22:23:01.0843 3620 ============================================================
22:23:02.0312 3620 Abiosdsk - ok
22:23:02.0312 3620 abp480n5 - ok
22:23:02.0328 3620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:23:02.0343 3620 ACPI - ok
22:23:02.0359 3620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:23:02.0359 3620 ACPIEC - ok
22:23:02.0406 3620 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:23:02.0406 3620 AdobeFlashPlayerUpdateSvc - ok
22:23:02.0406 3620 adpu160m - ok
22:23:02.0437 3620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:23:02.0453 3620 aec - ok
22:23:02.0468 3620 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:23:02.0468 3620 AFD - ok
22:23:02.0468 3620 Aha154x - ok
22:23:02.0484 3620 aic78u2 - ok
22:23:02.0484 3620 aic78xx - ok
22:23:02.0515 3620 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:23:02.0515 3620 Alerter - ok
22:23:02.0531 3620 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:23:02.0531 3620 ALG - ok
22:23:02.0531 3620 AliIde - ok
22:23:02.0718 3620 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:23:02.0750 3620 Ambfilt - ok
22:23:02.0781 3620 amsint - ok
22:23:02.0796 3620 AppMgmt - ok
22:23:02.0796 3620 asc - ok
22:23:02.0796 3620 asc3350p - ok
22:23:02.0812 3620 asc3550 - ok
22:23:02.0921 3620 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:23:02.0937 3620 aspnet_state - ok
22:23:02.0953 3620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:23:02.0953 3620 AsyncMac - ok
22:23:02.0968 3620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:23:02.0968 3620 atapi - ok
22:23:02.0984 3620 Atdisk - ok
22:23:03.0000 3620 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
22:23:03.0015 3620 atksgt - ok
22:23:03.0015 3620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:23:03.0015 3620 Atmarpc - ok
22:23:03.0031 3620 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:23:03.0031 3620 AudioSrv - ok
22:23:03.0046 3620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:23:03.0046 3620 audstub - ok
22:23:03.0062 3620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:23:03.0062 3620 Beep - ok
22:23:03.0265 3620 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120804.001\BHDrvx86.sys
22:23:03.0281 3620 BHDrvx86 - ok
22:23:03.0312 3620 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:23:03.0312 3620 BITS - ok
22:23:03.0343 3620 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:23:03.0343 3620 Browser - ok
22:23:03.0343 3620 catchme - ok
22:23:03.0359 3620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:23:03.0359 3620 cbidf2k - ok
22:23:03.0390 3620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:23:03.0390 3620 CCDECODE - ok
22:23:03.0390 3620 cd20xrnt - ok
22:23:03.0406 3620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:23:03.0406 3620 Cdaudio - ok
22:23:03.0406 3620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:23:03.0406 3620 Cdfs - ok
22:23:03.0421 3620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:23:03.0421 3620 Cdrom - ok
22:23:03.0421 3620 Changer - ok
22:23:03.0437 3620 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:23:03.0437 3620 cisvc - ok
22:23:03.0437 3620 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:23:03.0437 3620 ClipSrv - ok
22:23:03.0500 3620 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:23:03.0531 3620 clr_optimization_v2.0.50727_32 - ok
22:23:03.0671 3620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:23:03.0687 3620 clr_optimization_v4.0.30319_32 - ok
22:23:03.0687 3620 CmdIde - ok
22:23:03.0703 3620 COMSysApp - ok
22:23:03.0718 3620 Cpqarray - ok
22:23:03.0734 3620 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:23:03.0734 3620 CryptSvc - ok
22:23:03.0734 3620 dac2w2k - ok
22:23:03.0734 3620 dac960nt - ok
22:23:03.0781 3620 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:23:03.0796 3620 DcomLaunch - ok
22:23:03.0812 3620 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:23:03.0812 3620 Dhcp - ok
22:23:03.0812 3620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:23:03.0812 3620 Disk - ok
22:23:03.0812 3620 dmadmin - ok
22:23:03.0875 3620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:23:03.0890 3620 dmboot - ok
22:23:03.0906 3620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:23:03.0906 3620 dmio - ok
22:23:03.0937 3620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:23:03.0937 3620 dmload - ok
22:23:03.0953 3620 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:23:03.0953 3620 dmserver - ok
22:23:03.0984 3620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:23:03.0984 3620 DMusic - ok
22:23:04.0000 3620 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:23:04.0000 3620 Dnscache - ok
22:23:04.0031 3620 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:23:04.0031 3620 Dot3svc - ok
22:23:04.0031 3620 dpti2o - ok
22:23:04.0046 3620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:23:04.0046 3620 drmkaud - ok
22:23:04.0062 3620 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:23:04.0062 3620 EapHost - ok
22:23:04.0156 3620 eeCtrl (85b8b4032a895a746d46a288a9b30ded) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:23:04.0156 3620 eeCtrl - ok
22:23:04.0171 3620 EraserUtilRebootDrv (b5a8a04a6e5b4e86b95b1553aa918f5f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:23:04.0171 3620 EraserUtilRebootDrv - ok
22:23:04.0203 3620 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:23:04.0203 3620 ERSvc - ok
22:23:04.0234 3620 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:23:04.0234 3620 Eventlog - ok
22:23:04.0281 3620 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:23:04.0281 3620 EventSystem - ok
22:23:04.0281 3620 EvoMouseDriverFilterHidUsb - ok
22:23:04.0281 3620 EvoMouseDriverMini - ok
22:23:04.0296 3620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:23:04.0296 3620 Fastfat - ok
22:23:04.0328 3620 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:23:04.0343 3620 FastUserSwitchingCompatibility - ok
22:23:04.0343 3620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:23:04.0359 3620 Fdc - ok
22:23:04.0359 3620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:23:04.0359 3620 Fips - ok
22:23:04.0375 3620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:23:04.0375 3620 Flpydisk - ok
22:23:04.0390 3620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:23:04.0390 3620 FltMgr - ok
22:23:04.0468 3620 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:23:04.0468 3620 FontCache3.0.0.0 - ok
22:23:04.0484 3620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:23:04.0484 3620 Fs_Rec - ok
22:23:04.0500 3620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:23:04.0500 3620 Ftdisk - ok
22:23:04.0500 3620 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
22:23:04.0500 3620 gdrv - ok
22:23:04.0531 3620 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:23:04.0531 3620 GEARAspiWDM - ok
22:23:04.0531 3620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:23:04.0531 3620 Gpc - ok
22:23:04.0546 3620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:23:04.0562 3620 HDAudBus - ok
22:23:04.0687 3620 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:23:04.0687 3620 helpsvc - ok
22:23:04.0718 3620 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:23:04.0718 3620 HidServ - ok
22:23:04.0734 3620 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:23:04.0734 3620 hidusb - ok
22:23:04.0765 3620 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:23:04.0765 3620 hkmsvc - ok
22:23:04.0765 3620 hpn - ok
22:23:04.0796 3620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:23:04.0796 3620 HTTP - ok
22:23:04.0812 3620 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:23:04.0812 3620 HTTPFilter - ok
22:23:04.0812 3620 i2omgmt - ok
22:23:04.0812 3620 i2omp - ok
22:23:04.0843 3620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:23:04.0843 3620 i8042prt - ok
22:23:04.0906 3620 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:23:04.0906 3620 IDriverT - ok
22:23:04.0984 3620 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:23:05.0000 3620 idsvc - ok
22:23:05.0140 3620 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120810.001\IDSxpx86.sys
22:23:05.0140 3620 IDSxpx86 - ok
22:23:05.0203 3620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:23:05.0203 3620 Imapi - ok
22:23:05.0265 3620 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
22:23:05.0265 3620 Imapi Helper - ok
22:23:05.0296 3620 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:23:05.0296 3620 ImapiService - ok
22:23:05.0296 3620 ini910u - ok
22:23:05.0796 3620 IntcAzAudAddService (063dd51cbdc37b8668e09148e0a118bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:23:05.0921 3620 IntcAzAudAddService - ok
22:23:05.0968 3620 IntelIde - ok
22:23:05.0984 3620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:23:05.0984 3620 intelppm - ok
22:23:06.0000 3620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:23:06.0000 3620 Ip6Fw - ok
22:23:06.0015 3620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:23:06.0015 3620 IpFilterDriver - ok
22:23:06.0031 3620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:23:06.0031 3620 IpInIp - ok
22:23:06.0046 3620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:23:06.0046 3620 IpNat - ok
22:23:06.0046 3620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:23:06.0046 3620 IPSec - ok
22:23:06.0062 3620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:23:06.0062 3620 IRENUM - ok
22:23:06.0093 3620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:23:06.0093 3620 isapnp - ok
22:23:06.0125 3620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:23:06.0125 3620 Kbdclass - ok
22:23:06.0140 3620 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:23:06.0140 3620 kbdhid - ok
22:23:06.0187 3620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:23:06.0187 3620 kmixer - ok
22:23:06.0203 3620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:23:06.0203 3620 KSecDD - ok
22:23:06.0218 3620 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
22:23:06.0218 3620 L8042Kbd - ok
22:23:06.0250 3620 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:23:06.0250 3620 LanmanServer - ok
22:23:06.0265 3620 LanmanWorkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:23:06.0265 3620 LanmanWorkstation - ok
22:23:06.0265 3620 lbrtfdc - ok
22:23:06.0281 3620 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:23:06.0281 3620 LHidFilt - ok
22:23:06.0312 3620 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
22:23:06.0312 3620 lirsgt - ok
22:23:06.0312 3620 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:23:06.0312 3620 LmHosts - ok
22:23:06.0328 3620 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:23:06.0328 3620 LMouFilt - ok
22:23:06.0328 3620 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:23:06.0328 3620 Messenger - ok
22:23:06.0359 3620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:23:06.0359 3620 mnmdd - ok
22:23:06.0375 3620 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:23:06.0375 3620 mnmsrvc - ok
22:23:06.0390 3620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:23:06.0390 3620 Modem - ok
22:23:06.0468 3620 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:23:06.0500 3620 Monfilt - ok
22:23:06.0953 3620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:23:06.0953 3620 Mouclass - ok
22:23:06.0984 3620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:23:06.0984 3620 mouhid - ok
22:23:06.0984 3620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:23:06.0984 3620 MountMgr - ok
22:23:06.0984 3620 mraid35x - ok
22:23:07.0015 3620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:23:07.0015 3620 MRxDAV - ok
22:23:07.0062 3620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:23:07.0078 3620 MRxSmb - ok
22:23:07.0093 3620 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:23:07.0109 3620 MSDTC - ok
22:23:07.0109 3620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:23:07.0109 3620 Msfs - ok
22:23:07.0109 3620 MSIServer - ok
22:23:07.0140 3620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:23:07.0140 3620 MSKSSRV - ok
22:23:07.0140 3620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:23:07.0140 3620 MSPCLOCK - ok
22:23:07.0140 3620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:23:07.0140 3620 MSPQM - ok
22:23:07.0171 3620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:23:07.0171 3620 mssmbios - ok
22:23:07.0187 3620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:23:07.0187 3620 MSTEE - ok
22:23:07.0203 3620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:23:07.0203 3620 Mup - ok
22:23:07.0296 3620 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
22:23:07.0296 3620 N360 - ok
22:23:07.0312 3620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:23:07.0328 3620 NABTSFEC - ok
22:23:07.0343 3620 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:23:07.0343 3620 napagent - ok
22:23:07.0531 3620 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120812.007\NAVENG.SYS
22:23:07.0531 3620 NAVENG - ok
22:23:07.0750 3620 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120812.007\NAVEX15.SYS
22:23:07.0765 3620 NAVEX15 - ok
22:23:07.0828 3620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:23:07.0828 3620 NDIS - ok
22:23:07.0843 3620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:23:07.0843 3620 NdisIP - ok
22:23:07.0859 3620 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:23:07.0859 3620 NdisTapi - ok
22:23:07.0875 3620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:23:07.0875 3620 Ndisuio - ok
22:23:07.0890 3620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:23:07.0890 3620 NdisWan - ok
22:23:07.0921 3620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:23:07.0921 3620 NDProxy - ok
22:23:07.0921 3620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:23:07.0921 3620 NetBIOS - ok
22:23:07.0937 3620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:23:07.0953 3620 NetBT - ok
22:23:07.0968 3620 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:23:07.0968 3620 NetDDE - ok
22:23:07.0968 3620 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:23:07.0968 3620 NetDDEdsdm - ok
22:23:07.0984 3620 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:07.0984 3620 Netlogon - ok
22:23:08.0015 3620 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:23:08.0015 3620 Netman - ok
22:23:08.0109 3620 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:23:08.0125 3620 NetTcpPortSharing - ok
22:23:08.0140 3620 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:23:08.0156 3620 Nla - ok
22:23:08.0156 3620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:23:08.0156 3620 Npfs - ok
22:23:08.0187 3620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:23:08.0187 3620 Ntfs - ok
22:23:08.0187 3620 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:08.0187 3620 NtLmSsp - ok
22:23:08.0234 3620 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:23:08.0234 3620 NtmsSvc - ok
22:23:08.0250 3620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:23:08.0250 3620 Null - ok
22:23:09.0000 3620 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:23:09.0312 3620 nv - ok
22:23:09.0406 3620 NVHDA - ok
22:23:09.0437 3620 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
22:23:09.0437 3620 NVSvc - ok
22:23:09.0703 3620 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:23:09.0703 3620 nvUpdatusService - ok
22:23:09.0750 3620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:23:09.0750 3620 NwlnkFlt - ok
22:23:09.0765 3620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:23:09.0765 3620 NwlnkFwd - ok
22:23:09.0765 3620 ovt519 - ok
22:23:09.0781 3620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:23:09.0781 3620 Parport - ok
22:23:09.0812 3620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:23:09.0812 3620 PartMgr - ok
22:23:09.0828 3620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:23:09.0828 3620 ParVdm - ok
22:23:09.0843 3620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:23:09.0843 3620 PCI - ok
22:23:09.0843 3620 PCIDump - ok
22:23:09.0843 3620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:23:09.0843 3620 PCIIde - ok
22:23:09.0875 3620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:23:09.0875 3620 Pcmcia - ok
22:23:09.0875 3620 PDCOMP - ok
22:23:09.0875 3620 PDFRAME - ok
22:23:09.0890 3620 PDRELI - ok
22:23:09.0890 3620 PDRFRAME - ok
22:23:09.0906 3620 perc2 - ok
22:23:09.0921 3620 perc2hib - ok
22:23:09.0953 3620 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:23:09.0953 3620 PlugPlay - ok
22:23:09.0984 3620 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\WINDOWS\system32\DRIVERS\point32.sys
22:23:09.0984 3620 Point32 - ok
22:23:10.0000 3620 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:10.0000 3620 PolicyAgent - ok
22:23:10.0015 3620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:23:10.0015 3620 PptpMiniport - ok
22:23:10.0015 3620 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:10.0015 3620 ProtectedStorage - ok
22:23:10.0031 3620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:23:10.0031 3620 Ptilink - ok
22:23:10.0031 3620 ql1080 - ok
22:23:10.0046 3620 Ql10wnt - ok
22:23:10.0046 3620 ql12160 - ok
22:23:10.0062 3620 ql1240 - ok
22:23:10.0062 3620 ql1280 - ok
22:23:10.0078 3620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:23:10.0078 3620 RasAcd - ok
22:23:10.0109 3620 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:23:10.0109 3620 RasAuto - ok
22:23:10.0109 3620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:23:10.0109 3620 Rasl2tp - ok
22:23:10.0140 3620 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:23:10.0140 3620 RasMan - ok
22:23:10.0140 3620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:23:10.0156 3620 RasPppoe - ok
22:23:10.0171 3620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:23:10.0171 3620 Raspti - ok
22:23:10.0187 3620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:23:10.0187 3620 Rdbss - ok
22:23:10.0203 3620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:23:10.0203 3620 RDPCDD - ok
22:23:10.0234 3620 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
22:23:10.0234 3620 RDPWD - ok
22:23:10.0250 3620 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:23:10.0250 3620 RDSessMgr - ok
22:23:10.0265 3620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:23:10.0265 3620 redbook - ok
22:23:10.0281 3620 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:23:10.0281 3620 RemoteAccess - ok
22:23:10.0296 3620 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:23:10.0296 3620 RpcLocator - ok
22:23:10.0343 3620 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:23:10.0343 3620 RpcSs - ok
22:23:10.0359 3620 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:23:10.0375 3620 RSVP - ok
22:23:10.0453 3620 RTCore32 (293a2a421fd8d064803d22a252b2de97) C:\Program Files\EVGA Precision X\RTCore32.sys
22:23:10.0453 3620 RTCore32 - ok
22:23:10.0500 3620 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:23:10.0500 3620 RTLE8023xp - ok
22:23:10.0500 3620 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:10.0500 3620 SamSs - ok
22:23:10.0515 3620 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:23:10.0515 3620 SCardSvr - ok
22:23:10.0531 3620 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:23:10.0531 3620 Schedule - ok
22:23:10.0531 3620 SeaPort - ok
22:23:10.0546 3620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:23:10.0546 3620 Secdrv - ok
22:23:10.0546 3620 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:23:10.0562 3620 seclogon - ok
22:23:10.0562 3620 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:23:10.0562 3620 SENS - ok
22:23:10.0687 3620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:23:10.0687 3620 serenum - ok
22:23:10.0750 3620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:23:10.0750 3620 Serial - ok
22:23:10.0765 3620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:23:10.0765 3620 Sfloppy - ok
22:23:10.0796 3620 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:23:10.0796 3620 SharedAccess - ok
22:23:10.0828 3620 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:23:10.0828 3620 ShellHWDetection - ok
22:23:10.0828 3620 Simbad - ok
22:23:10.0859 3620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:23:10.0859 3620 SLIP - ok
22:23:10.0859 3620 Sparrow - ok
22:23:10.0890 3620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:23:10.0890 3620 splitter - ok
22:23:10.0921 3620 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:23:10.0921 3620 Spooler - ok
22:23:10.0968 3620 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
22:23:10.0968 3620 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
22:23:10.0968 3620 sptd ( LockedFile.Multi.Generic ) - warning
22:23:10.0968 3620 sptd - detected LockedFile.Multi.Generic (1)
22:23:11.0000 3620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:23:11.0000 3620 sr - ok
22:23:11.0015 3620 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:23:11.0015 3620 srservice - ok
22:23:11.0078 3620 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
22:23:11.0093 3620 SRTSP - ok
22:23:11.0109 3620 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
22:23:11.0109 3620 SRTSPX - ok
22:23:11.0140 3620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:23:11.0156 3620 Srv - ok
22:23:11.0171 3620 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:23:11.0171 3620 SSDPSRV - ok
22:23:11.0187 3620 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:23:11.0187 3620 StillCam - ok
22:23:11.0218 3620 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:23:11.0218 3620 stisvc - ok
22:23:11.0234 3620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:23:11.0234 3620 streamip - ok
22:23:11.0250 3620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:23:11.0250 3620 swenum - ok
22:23:11.0265 3620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:23:11.0265 3620 swmidi - ok
22:23:11.0281 3620 SwPrv - ok
22:23:11.0281 3620 symc810 - ok
22:23:11.0281 3620 symc8xx - ok
22:23:11.0312 3620 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
22:23:11.0312 3620 SymDS - ok
22:23:11.0359 3620 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
22:23:11.0375 3620 SymEFA - ok
22:23:11.0406 3620 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:23:11.0406 3620 SymEvent - ok
22:23:11.0421 3620 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
22:23:11.0421 3620 SymIRON - ok
22:23:11.0453 3620 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
22:23:11.0453 3620 SYMTDI - ok
22:23:11.0453 3620 sym_hi - ok
22:23:11.0453 3620 sym_u3 - ok
22:23:11.0500 3620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:23:11.0500 3620 sysaudio - ok
22:23:11.0515 3620 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:23:11.0515 3620 SysmonLog - ok
22:23:11.0546 3620 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:23:11.0562 3620 TapiSrv - ok
22:23:11.0734 3620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:23:11.0750 3620 Tcpip - ok
22:23:11.0765 3620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:23:11.0765 3620 TDPIPE - ok
22:23:11.0781 3620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:23:11.0781 3620 TDTCP - ok
22:23:11.0781 3620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:23:11.0781 3620 TermDD - ok
22:23:11.0859 3620 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:23:11.0875 3620 TermService - ok
22:23:11.0906 3620 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:23:11.0906 3620 Themes - ok
22:23:11.0937 3620 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
22:23:11.0937 3620 tifsfilter - ok
22:23:11.0984 3620 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
22:23:12.0000 3620 timounter - ok
22:23:12.0000 3620 TosIde - ok
22:23:12.0015 3620 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:23:12.0015 3620 TrkWks - ok
22:23:12.0031 3620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:23:12.0031 3620 Udfs - ok
22:23:12.0046 3620 ultra - ok
22:23:12.0062 3620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:23:12.0078 3620 Update - ok
22:23:12.0093 3620 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:23:12.0093 3620 upnphost - ok
22:23:12.0093 3620 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:23:12.0093 3620 UPS - ok
22:23:12.0125 3620 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:23:12.0125 3620 usbaudio - ok
22:23:12.0140 3620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:23:12.0140 3620 usbccgp - ok
22:23:12.0156 3620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:23:12.0156 3620 usbehci - ok
22:23:12.0187 3620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:23:12.0187 3620 usbhub - ok
22:23:12.0203 3620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:23:12.0203 3620 usbscan - ok
22:23:12.0234 3620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:23:12.0234 3620 USBSTOR - ok
22:23:12.0250 3620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:23:12.0250 3620 usbuhci - ok
22:23:12.0250 3620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:23:12.0265 3620 VgaSave - ok
22:23:12.0265 3620 ViaIde - ok
22:23:12.0265 3620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:23:12.0265 3620 VolSnap - ok
22:23:12.0281 3620 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:23:12.0296 3620 VSS - ok
22:23:12.0312 3620 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:23:12.0312 3620 W32Time - ok
22:23:12.0343 3620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:23:12.0343 3620 Wanarp - ok
22:23:12.0375 3620 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:23:12.0375 3620 Wdf01000 - ok
22:23:12.0390 3620 WDICA - ok
22:23:12.0421 3620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:23:12.0421 3620 wdmaud - ok
22:23:12.0437 3620 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:23:12.0437 3620 WebClient - ok
22:23:12.0484 3620 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:23:12.0484 3620 winmgmt - ok
22:23:12.0781 3620 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:23:12.0812 3620 wlidsvc - ok
22:23:12.0890 3620 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:23:12.0906 3620 WmdmPmSN - ok
22:23:12.0921 3620 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:23:12.0921 3620 WmiApSrv - ok
22:23:12.0984 3620 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:23:13.0000 3620 WMPNetworkSvc - ok
22:23:13.0140 3620 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:13.0156 3620 WPFFontCache_v0400 - ok
22:23:13.0203 3620 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:23:13.0218 3620 wscsvc - ok
22:23:13.0265 3620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:23:13.0265 3620 WSTCODEC - ok
22:23:13.0281 3620 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:23:13.0281 3620 wuauserv - ok
22:23:13.0296 3620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:23:13.0296 3620 WudfPf - ok
22:23:13.0312 3620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:23:13.0312 3620 WudfRd - ok
22:23:13.0328 3620 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:23:13.0343 3620 WudfSvc - ok
22:23:13.0375 3620 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
22:23:13.0390 3620 WUSB54GCv3 - ok
22:23:13.0421 3620 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:23:13.0421 3620 WZCSVC - ok
22:23:13.0453 3620 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:23:13.0453 3620 xmlprov - ok
22:23:13.0468 3620 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
22:23:13.0468 3620 xusb21 - ok
22:23:13.0468 3620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:23:13.0484 3620 \Device\Harddisk0\DR0 - ok
22:23:13.0484 3620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:23:13.0906 3620 \Device\Harddisk1\DR1 - ok
22:23:13.0906 3620 Boot (0x1200) (892db7cd5e80e38977959277a0391bed) \Device\Harddisk0\DR0\Partition0
22:23:13.0906 3620 \Device\Harddisk0\DR0\Partition0 - ok
22:23:13.0906 3620 Boot (0x1200) (0e9cdf6405757b7d9acc9364ef4f92df) \Device\Harddisk1\DR1\Partition0
22:23:13.0906 3620 \Device\Harddisk1\DR1\Partition0 - ok
22:23:13.0906 3620 ============================================================
22:23:13.0906 3620 Scan finished
22:23:13.0906 3620 ============================================================
22:23:13.0921 3388 Detected object count: 1
22:23:13.0921 3388 Actual detected object count: 1
22:23:55.0843 3388 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:23:55.0843 3388 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


<edited addition>

After becoming very nervous at the sight of that suspicious "sptd ( LockedFile.Multi.Generic )" i did some searching and found it to be (only?) a part of Daemon Tools.

If sptd is only a part of Daemon Tools, as i no longer use Daemon Tools, i would like to remove sptd at some point, preferably sooner rather than later, whether it is the root cause of my current issue, or not.

When we reach a point in this troubleshooting in which you would be ok with me removing it, i would very much appreciate instructions on how to do so properly.

Also, here is some information that may or may not be relevant to my current computer problem that i just remembered - at one point, several months ago, while fiddling with the Windows Registry without saving a Backup first (shame on me, i know - i won't make that mistake again), i had to use some tools found here to get some Windows Theme-related stuff working again:

http://www.kellys-korner-xp.com/xp_tweaks.htm (Line 187, had to use Restore Themes Functionality and Restore Luna Theme)

That whole fiasco was caused by me trying to fix an oddity in which, during Windows Startup, it would display a Backround (briefly, before Login screen) that i had switched away from - the whole experience was quite a battle, and Themes are still a tad weird on this machine (tho i would suspect my meddling far b4 i would suspect malware being the cause of that particular irritation).

Mid-edit, i realized i had forgotten my manners - be it due to the hour or my nervousness (potential computer security issues freak me out), i don't know, but i want to correct my mistake by thanking you for helping me out with this, boopme. :)

<end edited addition>


As you suggested might be the case in your Note regarding ESET Online Scanner, as no Malware was found, i could find no log - here's a cropped screenshot, tho:

Posted Image

Edited by Togra_blah, 13 August 2012 - 04:30 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 PM

Posted 13 August 2012 - 01:54 PM

OK, none of those files are an issue.. I suspect a hard or software issue.

Repost in XP. Mention we cleaned it here so they don't send you back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Togra_blah

Togra_blah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:OR, USA
  • Local time:04:01 PM

Posted 13 August 2012 - 03:18 PM

Sounds good - i thought i would ask real quick tho whether it would be safe/wise to remove that sptd thing, or if i should just leave it.

If it would be ok to remove, can i do so with that TDSS application?

Thank you for your continued support on this. :)

<edited addition>

Also, if it's not too much trouble, i'd appreciate it if you removed my outdated Signature.

<end edited addition>

Edited by Togra_blah, 13 August 2012 - 03:22 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 PM

Posted 13 August 2012 - 07:05 PM

SPTD is a new method of access to storage devices. It is similar to other access layers used by other programs (eg. ASPI from Adaptec, or standard SPTI from Microsoft) who provide access to storage devices.
The key feature of SPTD is its ability to provide direct control of devices without risk of compromising it by some malicious 3rd party filter drivers or other "rootkit" applications that are common today.
So it should stay.

I see you removed the signature.

Edited by boopme, 13 August 2012 - 07:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Togra_blah

Togra_blah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:OR, USA
  • Local time:04:01 PM

Posted 13 August 2012 - 08:56 PM

Ok, SPTD stays then - thank you for helping me understand it.

Heh i actually cannot change my Signature untill i have 19 more Posts (i can only presume the rules for being able to create/modify a sig have changed since when i created my Account and setup that old sig).

What i've been doing is doing using the "Click to configure post options" button, and unchecking "Enable Signature" individually for each post (when i've remembered to), as i couldn't find a way to globally disable it.

Eh it's only 2 clicks per post, so i can continue to use that method, but if there is some way for me to either remove that old sig or globally disable its display, i would go for it.

http://www.bleepingcomputer.com/forums/user-572734/togra-blah/page__tab__aboutme

Posted Image

<edited addition>

Thank you for fixing that Signature issue for me, boopme, and again for your help in troubleshooting the computer issue - i really appreciate it.

I underclocked my GPU a bit and, so far, the issue has yet to rear its ugly head again - for the time being, i'm going to adopt a wait-and-see approach, in case that ends up solving the problem.

If it happens again, i will repost in XP and mention we cleaned things here.

<end edited addition>

Edited by Togra_blah, 14 August 2012 - 05:30 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:01 PM

Posted 15 August 2012 - 09:08 AM

Ok, good luck and thanks for the update.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users