Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection Windows XP


  • This topic is locked This topic is locked
7 replies to this topic

#1 hljdesign

hljdesign

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 09 August 2012 - 02:20 PM

Hi, I found out my computer has the Sirefef Trojan and came across this forum, which is close to identical to my problem:
http://www.bleepingcomputer.com/forums/topic456396.html

I ran TDSkiller, and I'm in the process of the GMER scan, then I will run aswMBR. While GMER is running, would it help to post the TDSkiller report, or should I just wait until they're all completed?

Thank you!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 09 August 2012 - 02:24 PM

Hello hljdesign, post all reports and this one please.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hljdesign

hljdesign
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 10 August 2012 - 02:31 PM

Thank you!

So far, I have the TDSSkiller and GMER scans done, and below are their logs. As far as the aswMBR, it's hard to tell if it's still running, because it's said it was "scanning" the same file for over 40 minutes now, and that whole file is less than 4MB. I also keep getting a weird popup about not being able to delete cookies when I've taken no action that would give reason for it...I've been closing that popup out each time. Do you suggest I start aswMBR over again? It's confusing as to whether or not it's frozen up...

As far as your instruction to download MiniToolBox, etc, can I do that while aswMBR is still scanning, or do I need to wait until it's done?


TDSSkiller Log:

10:22:15.0468 0452 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:22:15.0859 0452 ============================================================
10:22:15.0859 0452 Current date / time: 2012/08/09 10:22:15.0859
10:22:15.0859 0452 SystemInfo:
10:22:15.0859 0452
10:22:15.0859 0452 OS Version: 5.1.2600 ServicePack: 3.0
10:22:15.0859 0452 Product type: Workstation
10:22:15.0859 0452 ComputerName: HEATHER-MKTG
10:22:15.0859 0452 UserName: hjones
10:22:15.0859 0452 Windows directory: C:\WINDOWS
10:22:15.0859 0452 System windows directory: C:\WINDOWS
10:22:15.0859 0452 Processor architecture: Intel x86
10:22:15.0859 0452 Number of processors: 2
10:22:15.0859 0452 Page size: 0x1000
10:22:15.0859 0452 Boot type: Safe boot with network
10:22:15.0859 0452 ============================================================
10:22:19.0312 0452 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb),

SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF,

Type 'K0', Flags 0x00000054
10:22:19.0312 0452 Drive \Device\Harddisk1\DR2 - Size: 0xAEA8CDE000 (698.64 Gb),

SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF,

Type 'W'
10:22:28.0203 0452 ============================================================
10:22:28.0203 0452 \Device\Harddisk0\DR0:
10:22:28.0203 0452 MBR partitions:
10:22:28.0203 0452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F,

BlocksNum 0xFFFAC05
10:22:28.0203 0452 \Device\Harddisk1\DR2:
10:22:28.0203 0452 MBR partitions:
10:22:28.0203 0452 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F,

BlocksNum 0x575452C2
10:22:28.0203 0452 ============================================================
10:22:28.0265 0452 C: <-> \Device\Harddisk0\DR0\Partition0
10:22:28.0265 0452 F: <-> \Device\Harddisk1\DR2\Partition0
10:22:28.0296 0452 ============================================================
10:22:28.0296 0452 Initialize success
10:22:28.0296 0452 ============================================================
10:23:21.0375 3352 ============================================================
10:23:21.0375 3352 Scan started
10:23:21.0375 3352 Mode: Manual; TDLFS;
10:23:21.0375 3352 ============================================================
10:23:23.0468 3352 Abiosdsk - ok
10:23:23.0515 3352 abp480n5 - ok
10:23:23.0578 3352 ACPI (8fd99680a539792a30e97944fdaecf17)

C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:23:23.0593 3352 ACPI - ok
10:23:23.0640 3352 ACPIEC (9859c0f6936e723e4892d7141b1327d5)

C:\WINDOWS\system32\drivers\ACPIEC.sys
10:23:23.0640 3352 ACPIEC - ok
10:23:23.0781 3352 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8)

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:23:23.0796 3352 AdobeFlashPlayerUpdateSvc - ok
10:23:23.0906 3352 AdobeVersionCue (fc9d93d13127e3252466d4a33039b54b) C:\Program

Files\Adobe\Adobe Version Cue\service\VersionCue.exe
10:23:23.0906 3352 AdobeVersionCue - ok
10:23:23.0937 3352 adpu160m - ok
10:23:24.0015 3352 aec (8bed39e3c35d6a489438b8141717a557)

C:\WINDOWS\system32\drivers\aec.sys
10:23:24.0031 3352 aec - ok
10:23:24.0093 3352 AFD (7e775010ef291da96ad17ca4b17137d7)

C:\WINDOWS\System32\drivers\afd.sys
10:23:24.0093 3352 AFD - ok
10:23:24.0125 3352 Aha154x - ok
10:23:24.0156 3352 aic78u2 - ok
10:23:24.0203 3352 aic78xx - ok
10:23:24.0515 3352 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program

files\common files\akamai/netsession_win_4f7fccd.dll
10:23:24.0515 3352 Suspicious file (Hidden): c:\program files\common

files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
10:23:24.0531 3352 Akamai ( HiddenFile.Multi.Generic ) - warning
10:23:24.0531 3352 Akamai - detected HiddenFile.Multi.Generic (1)
10:23:24.0671 3352 Alerter (a9a3daa780ca6c9671a19d52456705b4)

C:\WINDOWS\system32\alrsvc.dll
10:23:24.0671 3352 Alerter - ok
10:23:24.0703 3352 ALG (8c515081584a38aa007909cd02020b3d)

C:\WINDOWS\System32\alg.exe
10:23:24.0718 3352 ALG - ok
10:23:24.0734 3352 AliIde - ok
10:23:24.0765 3352 amsint - ok
10:23:24.0937 3352 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383)

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:23:24.0953 3352 Apple Mobile Device - ok
10:23:25.0015 3352 AppMgmt (d8849f77c0b66226335a59d26cb4edc6)

C:\WINDOWS\System32\appmgmts.dll
10:23:25.0015 3352 AppMgmt - ok
10:23:25.0031 3352 asc - ok
10:23:25.0062 3352 asc3350p - ok
10:23:25.0078 3352 asc3550 - ok
10:23:25.0234 3352 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad)

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:23:25.0250 3352 aspnet_state - ok
10:23:25.0296 3352 astcc (0c83fc56707bf68db04947052a8188b1)

C:\WINDOWS\SYSTEM32\astsrv.exe
10:23:25.0296 3352 astcc - ok
10:23:25.0359 3352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:23:25.0359 3352 AsyncMac - ok
10:23:25.0406 3352 atapi (9f3a2f5aa6875c72bf062c712cfa2674)

C:\WINDOWS\system32\DRIVERS\atapi.sys
10:23:25.0406 3352 atapi - ok
10:23:25.0421 3352 Atdisk - ok
10:23:25.0515 3352 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed)

C:\WINDOWS\System32\Ati2evxx.exe
10:23:25.0515 3352 Ati HotKey Poller - ok
10:23:25.0593 3352 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e)

C:\WINDOWS\system32\ati2sgag.exe
10:23:25.0593 3352 ATI Smart - ok
10:23:25.0703 3352 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd)

C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:23:25.0734 3352 ati2mtag - ok
10:23:25.0765 3352 atidgllk - ok
10:23:25.0875 3352 Atmarpc (9916c1225104ba14794209cfa8012159)

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:23:25.0875 3352 Atmarpc - ok
10:23:25.0937 3352 AudioSrv (def7a7882bec100fe0b2ce2549188f9d)

C:\WINDOWS\System32\audiosrv.dll
10:23:25.0937 3352 AudioSrv - ok
10:23:26.0000 3352 audstub (d9f724aa26c010a217c97606b160ed68)

C:\WINDOWS\system32\DRIVERS\audstub.sys
10:23:26.0000 3352 audstub - ok
10:23:26.0046 3352 Beep (da1f27d85e0d1525f6621372e7b685e9)

C:\WINDOWS\system32\drivers\Beep.sys
10:23:26.0046 3352 Beep - ok
10:23:26.0187 3352 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program

Files\Bonjour\mDNSResponder.exe
10:23:26.0203 3352 Bonjour Service - ok
10:23:26.0250 3352 Browser (a06ce3399d16db864f55faeb1f1927a9)

C:\WINDOWS\System32\browser.dll
10:23:26.0250 3352 Browser - ok
10:23:26.0296 3352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)

C:\WINDOWS\system32\drivers\cbidf2k.sys
10:23:26.0296 3352 cbidf2k - ok
10:23:26.0328 3352 cd20xrnt - ok
10:23:26.0390 3352 Cdaudio (c1b486a7658353d33a10cc15211a873b)

C:\WINDOWS\system32\drivers\Cdaudio.sys
10:23:26.0390 3352 Cdaudio - ok
10:23:26.0437 3352 Cdfs (c885b02847f5d2fd45a24e219ed93b32)

C:\WINDOWS\system32\drivers\Cdfs.sys
10:23:26.0437 3352 Cdfs - ok
10:23:26.0468 3352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe)

C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:23:26.0468 3352 Cdrom - ok
10:23:26.0500 3352 Changer - ok
10:23:26.0562 3352 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde)

C:\WINDOWS\System32\cisvc.exe
10:23:26.0578 3352 cisvc - ok
10:23:26.0593 3352 ClipSrv (34cbe729f38138217f9c80212a2a0c82)

C:\WINDOWS\system32\clipsrv.exe
10:23:26.0609 3352 ClipSrv - ok
10:23:26.0703 3352 clr_optimization_v2.0.50727_32

(d87acaed61e417bba546ced5e7e36d9c)

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:23:26.0703 3352 clr_optimization_v2.0.50727_32 - ok
10:23:26.0718 3352 CmdIde - ok
10:23:26.0765 3352 COMSysApp - ok
10:23:26.0828 3352 Cpqarray - ok
10:23:26.0890 3352 CryptSvc (3d4e199942e29207970e04315d02ad3b)

C:\WINDOWS\System32\cryptsvc.dll
10:23:26.0890 3352 CryptSvc - ok
10:23:26.0968 3352 Cwbrxd (b22149a6def5c65483b1130232ce063d)

C:\WINDOWS\CWBRXD.EXE
10:23:27.0500 3352 Cwbrxd - ok
10:23:27.0515 3352 dac2w2k - ok
10:23:27.0546 3352 dac960nt - ok
10:23:27.0656 3352 DcomLaunch (6b27a5c03dfb94b4245739065431322c)

C:\WINDOWS\system32\rpcss.dll
10:23:27.0718 3352 DcomLaunch - ok
10:23:27.0781 3352 Dhcp (5e38d7684a49cacfb752b046357e0589)

C:\WINDOWS\System32\dhcpcsvc.dll
10:23:27.0781 3352 Dhcp - ok
10:23:27.0812 3352 Disk (044452051f3e02e7963599fc8f4f3e25)

C:\WINDOWS\system32\DRIVERS\disk.sys
10:23:27.0812 3352 Disk - ok
10:23:27.0828 3352 dmadmin - ok
10:23:27.0906 3352 dmboot (d992fe1274bde0f84ad826acae022a41)

C:\WINDOWS\system32\drivers\dmboot.sys
10:23:27.0937 3352 dmboot - ok
10:23:27.0984 3352 dmio (7c824cf7bbde77d95c08005717a95f6f)

C:\WINDOWS\system32\drivers\dmio.sys
10:23:27.0984 3352 dmio - ok
10:23:28.0000 3352 dmload (e9317282a63ca4d188c0df5e09c6ac5f)

C:\WINDOWS\system32\drivers\dmload.sys
10:23:28.0000 3352 dmload - ok
10:23:28.0062 3352 dmserver (57edec2e5f59f0335e92f35184bc8631)

C:\WINDOWS\System32\dmserver.dll
10:23:28.0062 3352 dmserver - ok
10:23:28.0125 3352 DMusic (8a208dfcf89792a484e76c40e5f50b45)

C:\WINDOWS\system32\drivers\DMusic.sys
10:23:28.0140 3352 DMusic - ok
10:23:28.0218 3352 Dnscache (474b4dc3983173e4b4c9740b0dac98a6)

C:\WINDOWS\System32\dnsrslvr.dll
10:23:28.0218 3352 Dnscache - ok
10:23:28.0312 3352 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814)

C:\WINDOWS\System32\dot3svc.dll
10:23:28.0328 3352 Dot3svc - ok
10:23:28.0359 3352 dpti2o - ok
10:23:28.0421 3352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)

C:\WINDOWS\system32\drivers\drmkaud.sys
10:23:28.0421 3352 drmkaud - ok
10:23:28.0484 3352 E100B (d57a8fc800b501ac05b10d00f66d127a)

C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:23:28.0484 3352 E100B - ok
10:23:28.0531 3352 EapHost (2187855a7703adef0cef9ee4285182cc)

C:\WINDOWS\System32\eapsvc.dll
10:23:28.0531 3352 EapHost - ok
10:23:28.0578 3352 ERSvc (bc93b4a066477954555966d77fec9ecb)

C:\WINDOWS\System32\ersvc.dll
10:23:28.0578 3352 ERSvc - ok
10:23:28.0656 3352 Eventlog (65df52f5b8b6e9bbd183505225c37315)

C:\WINDOWS\system32\services.exe
10:23:28.0656 3352 Eventlog - ok
10:23:28.0718 3352 EventSystem (d4991d98f2db73c60d042f1aef79efae)

C:\WINDOWS\System32\es.dll
10:23:28.0718 3352 EventSystem - ok
10:23:28.0765 3352 Fastfat (38d332a6d56af32635675f132548343e)

C:\WINDOWS\system32\drivers\Fastfat.sys
10:23:28.0765 3352 Fastfat - ok
10:23:28.0828 3352 FastUserSwitchingCompatibility

(1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:23:28.0843 3352 FastUserSwitchingCompatibility - ok
10:23:28.0875 3352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)

C:\WINDOWS\system32\drivers\Fdc.sys
10:23:28.0875 3352 Fdc - ok
10:23:28.0937 3352 Fips (d45926117eb9fa946a6af572fbe1caa3)

C:\WINDOWS\system32\drivers\Fips.sys
10:23:28.0953 3352 Fips - ok
10:23:29.0000 3352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)

C:\WINDOWS\system32\drivers\Flpydisk.sys
10:23:29.0000 3352 Flpydisk - ok
10:23:29.0031 3352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)

C:\WINDOWS\system32\drivers\fltmgr.sys
10:23:29.0031 3352 FltMgr - ok
10:23:29.0156 3352 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789)

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:23:29.0171 3352 FontCache3.0.0.0 - ok
10:23:29.0203 3352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)

C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:23:29.0203 3352 Fs_Rec - ok
10:23:29.0281 3352 Ftdisk (6ac26732762483366c3969c9e4d2259d)

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:23:29.0296 3352 Ftdisk - ok
10:23:29.0343 3352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e)

C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:23:29.0343 3352 GEARAspiWDM - ok
10:23:29.0390 3352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)

C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:23:29.0406 3352 Gpc - ok
10:23:29.0531 3352 gupdate1c9d8e358406bc4 (626a24ed1228580b9518c01930936df9)

C:\Program Files\Google\Update\GoogleUpdate.exe
10:23:29.0531 3352 gupdate1c9d8e358406bc4 - ok
10:23:29.0546 3352 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program

Files\Google\Update\GoogleUpdate.exe
10:23:29.0546 3352 gupdatem - ok
10:23:29.0656 3352 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:23:29.0656 3352 gusvc - ok
10:23:29.0703 3352 HDAudBus (573c7d0a32852b48f3058cfd8026f511)

C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:23:29.0703 3352 HDAudBus - ok
10:23:29.0812 3352 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd)

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:23:29.0812 3352 helpsvc - ok
10:23:29.0890 3352 HidServ (deb04da35cc871b6d309b77e1443c796)

C:\WINDOWS\System32\hidserv.dll
10:23:29.0890 3352 HidServ - ok
10:23:29.0953 3352 hidusb (ccf82c5ec8a7326c3066de870c06daf1)

C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:23:29.0953 3352 hidusb - ok
10:23:30.0078 3352 hkmsvc (8878bd685e490239777bfe51320b88e9)

C:\WINDOWS\System32\kmsvc.dll
10:23:30.0078 3352 hkmsvc - ok
10:23:30.0093 3352 hpn - ok
10:23:30.0125 3352 hpt3xx - ok
10:23:30.0187 3352 HPZid412 (9f1d80908658eb7f1bf70809e0b51470)

C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:23:30.0187 3352 HPZid412 - ok
10:23:30.0203 3352 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3)

C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:23:30.0218 3352 HPZipr12 - ok
10:23:30.0250 3352 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b)

C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:23:30.0250 3352 HPZius12 - ok
10:23:30.0296 3352 HTTP (f80a415ef82cd06ffaf0d971528ead38)

C:\WINDOWS\system32\Drivers\HTTP.sys
10:23:30.0312 3352 HTTP - ok
10:23:30.0343 3352 HTTPFilter (6100a808600f44d999cebdef8841c7a3)

C:\WINDOWS\System32\w3ssl.dll
10:23:30.0359 3352 HTTPFilter - ok
10:23:30.0375 3352 i2omgmt - ok
10:23:30.0390 3352 i2omp - ok
10:23:30.0437 3352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)

C:\WINDOWS\system32\drivers\i8042prt.sys
10:23:30.0437 3352 i8042prt - ok
10:23:30.0546 3352 idsvc (c01ac32dc5c03076cfb852cb5da5229c)

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:23:30.0578 3352 idsvc - ok
10:23:30.0609 3352 Imapi (083a052659f5310dd8b6a6cb05edcf8e)

C:\WINDOWS\system32\drivers\Imapi.sys
10:23:30.0609 3352 Imapi - ok
10:23:30.0671 3352 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1)

C:\WINDOWS\System32\imapi.exe
10:23:30.0687 3352 ImapiService - ok
10:23:30.0718 3352 ini910u - ok
10:23:30.0859 3352 IntelC51 (fcab28ffd3a8964581e16455efaf81c8)

C:\WINDOWS\system32\DRIVERS\IntelC51.sys
10:23:30.0890 3352 IntelC51 - ok
10:23:30.0968 3352 IntelC52 (a288e7e3a6255255b9066686d860fbc5)

C:\WINDOWS\system32\DRIVERS\IntelC52.sys
10:23:30.0984 3352 IntelC52 - ok
10:23:31.0015 3352 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598)

C:\WINDOWS\system32\DRIVERS\IntelC53.sys
10:23:31.0015 3352 IntelC53 - ok
10:23:31.0046 3352 IntelIde - ok
10:23:31.0109 3352 intelppm (8c953733d8f36eb2133f5bb58808b66b)

C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:23:31.0109 3352 intelppm - ok
10:23:31.0156 3352 ip6fw (3bb22519a194418d5fec05d800a19ad0)

C:\WINDOWS\system32\drivers\ip6fw.sys
10:23:31.0156 3352 ip6fw - ok
10:23:31.0187 3352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:23:31.0187 3352 IpFilterDriver - ok
10:23:31.0218 3352 IpInIp (b87ab476dcf76e72010632b5550955f5)

C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:23:31.0234 3352 IpInIp - ok
10:23:31.0265 3352 IpNat (cc748ea12c6effde940ee98098bf96bb)

C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:23:31.0265 3352 IpNat - ok
10:23:31.0437 3352 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program

Files\iPod\bin\iPodService.exe
10:23:31.0453 3352 iPod Service - ok
10:23:31.0484 3352 IPSec (23c74d75e36e7158768dd63d92789a91)

C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:23:31.0484 3352 IPSec - ok
10:23:31.0515 3352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)

C:\WINDOWS\system32\DRIVERS\irenum.sys
10:23:31.0515 3352 IRENUM - ok
10:23:31.0578 3352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)

C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:23:31.0578 3352 isapnp - ok
10:23:31.0656 3352 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29)

C:\Program Files\Java\jre6\bin\jqs.exe
10:23:31.0671 3352 JavaQuickStarterService - ok
10:23:31.0734 3352 Kbdclass (463c1ec80cd17420a542b7f36a36f128)

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:23:31.0734 3352 Kbdclass - ok
10:23:31.0781 3352 kbdhid (9ef487a186dea361aa06913a75b3fa99)

C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:23:31.0781 3352 kbdhid - ok
10:23:31.0828 3352 kmixer (692bcf44383d056aed41b045a323d378)

C:\WINDOWS\system32\drivers\kmixer.sys
10:23:31.0843 3352 kmixer - ok
10:23:31.0875 3352 KSecDD (b467646c54cc746128904e1654c750c1)

C:\WINDOWS\system32\drivers\KSecDD.sys
10:23:31.0890 3352 KSecDD - ok
10:23:31.0953 3352 lanmanserver (f385f4b02c535bffe1d70cab80838123)

C:\WINDOWS\System32\srvsvc.dll
10:23:31.0953 3352 lanmanserver - ok
10:23:32.0015 3352 lanmanworkstation (a8888a5327621856c0cec4e385f69309)

C:\WINDOWS\System32\wkssvc.dll
10:23:32.0031 3352 lanmanworkstation - ok
10:23:32.0046 3352 lbrtfdc - ok
10:23:32.0140 3352 LmHosts (a7db739ae99a796d91580147e919cc59)

C:\WINDOWS\System32\lmhsvc.dll
10:23:32.0140 3352 LmHosts - ok
10:23:32.0187 3352 Messenger (986b1ff5814366d71e0ac5755c88f2d3)

C:\WINDOWS\System32\msgsvc.dll
10:23:32.0187 3352 Messenger - ok
10:23:32.0296 3352 Microsoft Office Groove Audit Service

(7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft

Office\Office12\GrooveAuditService.exe
10:23:32.0296 3352 Microsoft Office Groove Audit Service - ok
10:23:32.0328 3352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)

C:\WINDOWS\system32\drivers\mnmdd.sys
10:23:32.0328 3352 mnmdd - ok
10:23:32.0375 3352 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd)

C:\WINDOWS\System32\mnmsrvc.exe
10:23:32.0375 3352 mnmsrvc - ok
10:23:32.0406 3352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)

C:\WINDOWS\system32\drivers\Modem.sys
10:23:32.0406 3352 Modem - ok
10:23:32.0468 3352 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65)

C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:23:32.0468 3352 MODEMCSA - ok
10:23:32.0500 3352 mohfilt (c6a08c4f34b3048a73bbb2951150f98d)

C:\WINDOWS\system32\DRIVERS\mohfilt.sys
10:23:32.0500 3352 mohfilt - ok
10:23:32.0531 3352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)

C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:23:32.0531 3352 Mouclass - ok
10:23:32.0562 3352 mouhid (b1c303e17fb9d46e87a98e4ba6769685)

C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:23:32.0562 3352 mouhid - ok
10:23:32.0625 3352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)

C:\WINDOWS\system32\drivers\MountMgr.sys
10:23:32.0625 3352 MountMgr - ok
10:23:32.0765 3352 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc)

C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:23:32.0765 3352 MozillaMaintenance - ok
10:23:32.0859 3352 MpFilter (d993bea500e7382dc4e760bf4f35efcb)

C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:23:32.0859 3352 MpFilter - ok
10:23:32.0875 3352 Mpkvcbtusr_h - ok
10:23:32.0906 3352 mraid35x - ok
10:23:32.0968 3352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:23:32.0968 3352 MRxDAV - ok
10:23:33.0046 3352 MRxSmb (60ae98742484e7ab80c3c1450e708148)

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:23:33.0062 3352 MRxSmb - ok
10:23:33.0093 3352 MSDTC (a137f1470499a205abbb9aafb3b6f2b1)

C:\WINDOWS\System32\msdtc.exe
10:23:33.0109 3352 MSDTC - ok
10:23:33.0156 3352 Msfs (c941ea2454ba8350021d774daf0f1027)

C:\WINDOWS\system32\drivers\Msfs.sys
10:23:33.0171 3352 Msfs - ok
10:23:33.0187 3352 MSIServer - ok
10:23:33.0265 3352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)

C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:23:33.0265 3352 MSKSSRV - ok
10:23:33.0375 3352 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program

Files\Microsoft Security Client\MsMpEng.exe
10:23:33.0375 3352 MsMpSvc - ok
10:23:33.0406 3352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:23:33.0406 3352 MSPCLOCK - ok
10:23:33.0421 3352 MSPQM (bad59648ba099da4a17680b39730cb3d)

C:\WINDOWS\system32\drivers\MSPQM.sys
10:23:33.0421 3352 MSPQM - ok
10:23:33.0468 3352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:23:33.0468 3352 mssmbios - ok
10:23:33.0515 3352 Mup (2f625d11385b1a94360bfc70aaefdee1)

C:\WINDOWS\system32\drivers\Mup.sys
10:23:33.0515 3352 Mup - ok
10:23:33.0562 3352 napagent (0102140028fad045756796e1c685d695)

C:\WINDOWS\System32\qagentrt.dll
10:23:33.0578 3352 napagent - ok
10:23:33.0625 3352 NDIS (1df7f42665c94b825322fae71721130d)

C:\WINDOWS\system32\drivers\NDIS.sys
10:23:33.0640 3352 NDIS - ok
10:23:33.0656 3352 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f)

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:23:33.0656 3352 NdisTapi - ok
10:23:33.0734 3352 Ndisuio (f927a4434c5028758a842943ef1a3849)

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:23:33.0734 3352 Ndisuio - ok
10:23:33.0781 3352 NdisWan (edc1531a49c80614b2cfda43ca8659ab)

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:23:33.0781 3352 NdisWan - ok
10:23:33.0812 3352 NDProxy (6215023940cfd3702b46abc304e1d45a)

C:\WINDOWS\system32\drivers\NDProxy.sys
10:23:33.0812 3352 NDProxy - ok
10:23:33.0859 3352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)

C:\WINDOWS\system32\DRIVERS\netbios.sys
10:23:33.0859 3352 NetBIOS - ok
10:23:33.0921 3352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)

C:\WINDOWS\system32\DRIVERS\netbt.sys
10:23:33.0937 3352 NetBT - ok
10:23:33.0968 3352 NetDDE (b857ba82860d7ff85ae29b095645563b)

C:\WINDOWS\system32\netdde.exe
10:23:33.0984 3352 NetDDE - ok
10:23:34.0000 3352 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b)

C:\WINDOWS\system32\netdde.exe
10:23:34.0000 3352 NetDDEdsdm - ok
10:23:34.0062 3352 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\System32\lsass.exe
10:23:34.0062 3352 Netlogon - ok
10:23:34.0109 3352 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de)

C:\WINDOWS\System32\netman.dll
10:23:34.0125 3352 Netman - ok
10:23:34.0234 3352 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae)

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:23:34.0234 3352 NetTcpPortSharing - ok
10:23:34.0296 3352 Nla (832e4dd8964ab7acc880b2837cb1ed20)

C:\WINDOWS\System32\mswsock.dll
10:23:34.0296 3352 Nla - ok
10:23:34.0359 3352 Npfs (3182d64ae053d6fb034f44b6def8034a)

C:\WINDOWS\system32\drivers\Npfs.sys
10:23:34.0359 3352 Npfs - ok
10:23:34.0437 3352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)

C:\WINDOWS\system32\drivers\Ntfs.sys
10:23:34.0453 3352 Ntfs - ok
10:23:34.0468 3352 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\System32\lsass.exe
10:23:34.0468 3352 NtLmSsp - ok
10:23:34.0546 3352 NtmsSvc (156f64a3345bd23c600655fb4d10bc08)

C:\WINDOWS\system32\ntmssvc.dll
10:23:34.0562 3352 NtmsSvc - ok
10:23:34.0609 3352 Null (73c1e1f395918bc2c6dd67af7591a3ad)

C:\WINDOWS\system32\drivers\Null.sys
10:23:34.0609 3352 Null - ok
10:23:34.0640 3352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:23:34.0640 3352 NwlnkFlt - ok
10:23:34.0671 3352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:23:34.0671 3352 NwlnkFwd - ok
10:23:34.0828 3352 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program

Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:23:34.0843 3352 odserv - ok
10:23:34.0859 3352 OMCI - ok
10:23:34.0953 3352 ose (5a432a042dae460abe7199b758e8606c) C:\Program

Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:23:34.0953 3352 ose - ok
10:23:35.0031 3352 Parport (5575faf8f97ce5e713d108c2a58d7c7c)

C:\WINDOWS\system32\drivers\Parport.sys
10:23:35.0031 3352 Parport - ok
10:23:35.0078 3352 PartMgr (beb3ba25197665d82ec7065b724171c6)

C:\WINDOWS\system32\drivers\PartMgr.sys
10:23:35.0078 3352 PartMgr - ok
10:23:35.0125 3352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)

C:\WINDOWS\system32\drivers\ParVdm.sys
10:23:35.0125 3352 ParVdm - ok
10:23:35.0171 3352 PCI (a219903ccf74233761d92bef471a07b1)

C:\WINDOWS\system32\DRIVERS\pci.sys
10:23:35.0187 3352 PCI - ok
10:23:35.0203 3352 PCIDump - ok
10:23:35.0250 3352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0)

C:\WINDOWS\system32\DRIVERS\pciide.sys
10:23:35.0250 3352 PCIIde - ok
10:23:35.0296 3352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)

C:\WINDOWS\system32\drivers\Pcmcia.sys
10:23:35.0296 3352 Pcmcia - ok
10:23:35.0312 3352 PDCOMP - ok
10:23:35.0343 3352 PDFRAME - ok
10:23:35.0375 3352 PDRELI - ok
10:23:35.0406 3352 PDRFRAME - ok
10:23:35.0421 3352 perc2 - ok
10:23:35.0453 3352 perc2hib - ok
10:23:35.0578 3352 PlugPlay (65df52f5b8b6e9bbd183505225c37315)

C:\WINDOWS\system32\services.exe
10:23:35.0593 3352 PlugPlay - ok
10:23:35.0656 3352 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493)

C:\WINDOWS\system32\HPZipm12.exe
10:23:35.0656 3352 Pml Driver HPZ12 - ok
10:23:35.0671 3352 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\System32\lsass.exe
10:23:35.0671 3352 PolicyAgent - ok
10:23:35.0734 3352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)

C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:23:35.0750 3352 PptpMiniport - ok
10:23:35.0781 3352 Processor (a32bebaf723557681bfc6bd93e98bd26)

C:\WINDOWS\system32\DRIVERS\processr.sys
10:23:35.0781 3352 Processor - ok
10:23:35.0812 3352 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\system32\lsass.exe
10:23:35.0812 3352 ProtectedStorage - ok
10:23:35.0859 3352 PSched (09298ec810b07e5d582cb3a3f9255424)

C:\WINDOWS\system32\DRIVERS\psched.sys
10:23:35.0859 3352 PSched - ok
10:23:35.0906 3352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)

C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:23:35.0906 3352 Ptilink - ok
10:23:35.0921 3352 ql1080 - ok
10:23:35.0968 3352 Ql10wnt - ok
10:23:36.0000 3352 ql12160 - ok
10:23:36.0046 3352 ql1240 - ok
10:23:36.0093 3352 ql1280 - ok
10:23:36.0140 3352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)

C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:23:36.0140 3352 RasAcd - ok
10:23:36.0203 3352 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073)

C:\WINDOWS\System32\rasauto.dll
10:23:36.0218 3352 RasAuto - ok
10:23:36.0265 3352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:23:36.0265 3352 Rasl2tp - ok
10:23:36.0312 3352 RasMan (76a9a3cbeadd68cc57cda5e1d7448235)

C:\WINDOWS\System32\rasmans.dll
10:23:36.0328 3352 RasMan - ok
10:23:36.0359 3352 RasPppoe (5bc962f2654137c9909c3d4603587dee)

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:23:36.0359 3352 RasPppoe - ok
10:23:36.0390 3352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)

C:\WINDOWS\system32\DRIVERS\raspti.sys
10:23:36.0390 3352 Raspti - ok
10:23:36.0468 3352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)

C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:23:36.0468 3352 Rdbss - ok
10:23:36.0484 3352 RDPCDD (4912d5b403614ce99c28420f75353332)

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:23:36.0500 3352 RDPCDD - ok
10:23:36.0578 3352 rdpdr (15cabd0f7c00c47c70124907916af3f1)

C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:23:36.0593 3352 rdpdr - ok
10:23:36.0640 3352 RDPWD (6728e45b66f93c08f11de2e316fc70dd)

C:\WINDOWS\system32\drivers\RDPWD.sys
10:23:36.0640 3352 RDPWD - ok
10:23:36.0703 3352 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa)

C:\WINDOWS\system32\sessmgr.exe
10:23:36.0703 3352 RDSessMgr - ok
10:23:36.0765 3352 redbook (f828dd7e1419b6653894a8f97a0094c5)

C:\WINDOWS\system32\DRIVERS\redbook.sys
10:23:36.0765 3352 redbook - ok
10:23:36.0859 3352 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5)

C:\WINDOWS\System32\mprdim.dll
10:23:36.0859 3352 RemoteAccess - ok
10:23:36.0906 3352 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f)

C:\WINDOWS\system32\regsvc.dll
10:23:36.0906 3352 RemoteRegistry - ok
10:23:36.0953 3352 RpcLocator (aaed593f84afa419bbae8572af87cf6a)

C:\WINDOWS\System32\locator.exe
10:23:36.0953 3352 RpcLocator - ok
10:23:37.0031 3352 RpcSs (6b27a5c03dfb94b4245739065431322c)

C:\WINDOWS\system32\rpcss.dll
10:23:37.0031 3352 RpcSs - ok
10:23:37.0093 3352 RSVP (471b3f9741d762abe75e9deea4787e47)

C:\WINDOWS\System32\rsvp.exe
10:23:37.0093 3352 RSVP - ok
10:23:37.0140 3352 SamSs (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\system32\lsass.exe
10:23:37.0140 3352 SamSs - ok
10:23:37.0156 3352 SBRE - ok
10:23:37.0234 3352 SCardSvr (86d007e7a654b9a71d1d7d856b104353)

C:\WINDOWS\System32\SCardSvr.exe
10:23:37.0234 3352 SCardSvr - ok
10:23:37.0281 3352 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa)

C:\WINDOWS\system32\schedsvc.dll
10:23:37.0296 3352 Schedule - ok
10:23:37.0406 3352 SeaPort (ca7e42e0b8d117165ed553a7d681352a) C:\Program

Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:23:37.0421 3352 SeaPort - ok
10:23:37.0453 3352 Secdrv (90a3935d05b494a5a39d37e71f09a677)

C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:23:37.0468 3352 Secdrv - ok
10:23:37.0500 3352 seclogon (cbe612e2bb6a10e3563336191eda1250)

C:\WINDOWS\System32\seclogon.dll
10:23:37.0500 3352 seclogon - ok
10:23:37.0531 3352 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0)

C:\WINDOWS\system32\sens.dll
10:23:37.0531 3352 SENS - ok
10:23:37.0578 3352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)

C:\WINDOWS\system32\drivers\Serial.sys
10:23:37.0593 3352 Serial - ok
10:23:37.0656 3352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)

C:\WINDOWS\system32\drivers\Sfloppy.sys
10:23:37.0656 3352 Sfloppy - ok
10:23:37.0859 3352 ShellHWDetection (1926899bf9ffe2602b63074971700412)

C:\WINDOWS\System32\shsvcs.dll
10:23:37.0859 3352 ShellHWDetection - ok
10:23:37.0890 3352 Simbad - ok
10:23:37.0921 3352 Sparrow - ok
10:23:38.0015 3352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)

C:\WINDOWS\system32\drivers\splitter.sys
10:23:38.0015 3352 splitter - ok
10:23:38.0046 3352 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b)

C:\WINDOWS\system32\spoolsv.exe
10:23:38.0046 3352 Spooler - ok
10:23:38.0078 3352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)

C:\WINDOWS\system32\DRIVERS\sr.sys
10:23:38.0078 3352 sr - ok
10:23:38.0125 3352 srservice (3805df0ac4296a34ba4bf93b346cc378)

C:\WINDOWS\System32\srsvc.dll
10:23:38.0125 3352 srservice - ok
10:23:38.0187 3352 Srv (da852e3e0bf1cea75d756f9866241e57)

C:\WINDOWS\system32\DRIVERS\srv.sys
10:23:38.0203 3352 Srv - ok
10:23:38.0250 3352 SSDPSRV (0a5679b3714edab99e357057ee88fca6)

C:\WINDOWS\System32\ssdpsrv.dll
10:23:38.0250 3352 SSDPSRV - ok
10:23:38.0296 3352 STacSV (f70ab08582e06a8bda3e470592d1a394)

C:\WINDOWS\system32\STacSV.exe
10:23:38.0312 3352 STacSV - ok
10:23:38.0406 3352 STHDA (2a2dc39623adef8ab3703ab9fac4b440)

C:\WINDOWS\system32\drivers\sthda.sys
10:23:38.0421 3352 STHDA - ok
10:23:38.0500 3352 stisvc (8bad69cbac032d4bbacfce0306174c30)

C:\WINDOWS\system32\wiaservc.dll
10:23:38.0515 3352 stisvc - ok
10:23:38.0562 3352 swenum (3941d127aef12e93addf6fe6ee027e0f)

C:\WINDOWS\system32\DRIVERS\swenum.sys
10:23:38.0562 3352 swenum - ok
10:23:38.0687 3352 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program

Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:23:38.0703 3352 SwitchBoard - ok
10:23:38.0781 3352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)

C:\WINDOWS\system32\drivers\swmidi.sys
10:23:38.0781 3352 swmidi - ok
10:23:38.0796 3352 SwPrv - ok
10:23:38.0843 3352 symc810 - ok
10:23:38.0875 3352 symc8xx - ok
10:23:38.0906 3352 sym_hi - ok
10:23:38.0953 3352 sym_u3 - ok
10:23:39.0000 3352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)

C:\WINDOWS\system32\drivers\sysaudio.sys
10:23:39.0000 3352 sysaudio - ok
10:23:39.0046 3352 SysmonLog (c7abbc59b43274b1109df6b24d617051)

C:\WINDOWS\system32\smlogsvc.exe
10:23:39.0062 3352 SysmonLog - ok
10:23:39.0093 3352 TapiSrv (3cb78c17bb664637787c9a1c98f79c38)

C:\WINDOWS\System32\tapisrv.dll
10:23:39.0109 3352 TapiSrv - ok
10:23:39.0171 3352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)

C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:23:39.0171 3352 Tcpip - ok
10:23:39.0218 3352 TDPIPE (6471a66807f5e104e4885f5b67349397)

C:\WINDOWS\system32\drivers\TDPIPE.sys
10:23:39.0218 3352 TDPIPE - ok
10:23:39.0265 3352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)

C:\WINDOWS\system32\drivers\TDTCP.sys
10:23:39.0265 3352 TDTCP - ok
10:23:39.0296 3352 TermDD (88155247177638048422893737429d9e)

C:\WINDOWS\system32\DRIVERS\termdd.sys
10:23:39.0296 3352 TermDD - ok
10:23:39.0343 3352 TermService (ff3477c03be7201c294c35f684b3479f)

C:\WINDOWS\System32\termsrv.dll
10:23:39.0343 3352 TermService - ok
10:23:39.0390 3352 Themes (1926899bf9ffe2602b63074971700412)

C:\WINDOWS\System32\shsvcs.dll
10:23:39.0390 3352 Themes - ok
10:23:39.0437 3352 TlntSvr (db7205804759ff62c34e3efd8a4cc76a)

C:\WINDOWS\System32\tlntsvr.exe
10:23:39.0437 3352 TlntSvr - ok
10:23:39.0453 3352 TosIde - ok
10:23:39.0531 3352 TrkWks (55bca12f7f523d35ca3cb833c725f54e)

C:\WINDOWS\system32\trkwks.dll
10:23:39.0531 3352 TrkWks - ok
10:23:39.0593 3352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)

C:\WINDOWS\system32\drivers\Udfs.sys
10:23:39.0593 3352 Udfs - ok
10:23:39.0640 3352 ultra - ok
10:23:39.0718 3352 Update (402ddc88356b1bac0ee3dd1580c76a31)

C:\WINDOWS\system32\DRIVERS\update.sys
10:23:39.0718 3352 Update - ok
10:23:39.0781 3352 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91)

C:\WINDOWS\System32\upnphost.dll
10:23:39.0781 3352 upnphost - ok
10:23:39.0812 3352 UPS (05365fb38fca1e98f7a566aaaf5d1815)

C:\WINDOWS\System32\ups.exe
10:23:39.0812 3352 UPS - ok
10:23:39.0859 3352 usbccgp (173f317ce0db8e21322e71b7e60a27e8)

C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:23:39.0859 3352 usbccgp - ok
10:23:39.0906 3352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)

C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:23:39.0906 3352 usbehci - ok
10:23:39.0937 3352 usbhub (1ab3cdde553b6e064d2e754efe20285c)

C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:23:39.0937 3352 usbhub - ok
10:23:39.0984 3352 usbprint (a717c8721046828520c9edf31288fc00)

C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:23:39.0984 3352 usbprint - ok
10:23:40.0046 3352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4)

C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:23:40.0046 3352 usbscan - ok
10:23:40.0125 3352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9)

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:23:40.0125 3352 USBSTOR - ok
10:23:40.0171 3352 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:23:40.0171 3352 usbuhci - ok
10:23:40.0218 3352 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f)

C:\WINDOWS\system32\DRIVERS\usb8023.sys
10:23:40.0218 3352 USB_RNDIS - ok
10:23:40.0265 3352 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a)

C:\WINDOWS\system32\DRIVERS\usb8023x.sys
10:23:40.0265 3352 usb_rndisx - ok
10:23:40.0281 3352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)

C:\WINDOWS\System32\drivers\vga.sys
10:23:40.0296 3352 VgaSave - ok
10:23:40.0312 3352 ViaIde - ok
10:23:40.0421 3352 Viewpoint Manager Service (5f974fde801c73952770736becde11e7)

C:\Program Files\Viewpoint\Common\ViewpointService.exe
10:23:40.0421 3352 Viewpoint Manager Service - ok
10:23:40.0437 3352 VolSnap (4c8fcb5cc53aab716d810740fe59d025)

C:\WINDOWS\system32\drivers\VolSnap.sys
10:23:40.0453 3352 VolSnap - ok
10:23:40.0500 3352 VSS (7a9db3a67c333bf0bd42e42b8596854b)

C:\WINDOWS\System32\vssvc.exe
10:23:40.0515 3352 VSS - ok
10:23:40.0578 3352 W32Time (54af4b1d5459500ef0937f6d33b1914f)

C:\WINDOWS\System32\w32time.dll
10:23:40.0593 3352 W32Time - ok
10:23:40.0640 3352 Wanarp (e20b95baedb550f32dd489265c1da1f6)

C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:23:40.0640 3352 Wanarp - ok
10:23:40.0656 3352 WDICA - ok
10:23:40.0750 3352 wdmaud (6768acf64b18196494413695f0c3a00f)

C:\WINDOWS\system32\drivers\wdmaud.sys
10:23:40.0750 3352 wdmaud - ok
10:23:40.0812 3352 WebClient (77a354e28153ad2d5e120a5a8687bc06)

C:\WINDOWS\System32\webclnt.dll
10:23:40.0828 3352 WebClient - ok
10:23:40.0937 3352 winmgmt (2d0e4ed081963804ccc196a0929275b5)

C:\WINDOWS\system32\wbem\WMIsvc.dll
10:23:40.0953 3352 winmgmt - ok
10:23:41.0140 3352 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:23:41.0171 3352 wlidsvc - ok
10:23:41.0296 3352 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d)

C:\WINDOWS\system32\MsPMSNSv.dll
10:23:41.0296 3352 WmdmPmSN - ok
10:23:41.0375 3352 Wmi (e76f8807070ed04e7408a86d6d3a6137)

C:\WINDOWS\System32\advapi32.dll
10:23:41.0375 3352 Wmi - ok
10:23:41.0453 3352 WmiApSrv (e0673f1106e62a68d2257e376079f821)

C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:23:41.0453 3352 WmiApSrv - ok
10:23:41.0625 3352 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program

Files\Windows Media Player\WMPNetwk.exe
10:23:41.0640 3352 WMPNetworkSvc - ok
10:23:41.0671 3352 WSearch - ok
10:23:41.0765 3352 WudfPf (f15feafffbb3644ccc80c5da584e6311)

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:23:41.0765 3352 WudfPf - ok
10:23:41.0812 3352 WudfRd (28b524262bce6de1f7ef9f510ba3985b)

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:23:41.0812 3352 WudfRd - ok
10:23:41.0859 3352 WudfSvc (05231c04253c5bc30b26cbaae680ed89)

C:\WINDOWS\System32\WUDFSvc.dll
10:23:41.0921 3352 WudfSvc - ok
10:23:42.0015 3352 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b)

C:\WINDOWS\System32\wzcsvc.dll
10:23:42.0031 3352 WZCSVC - ok
10:23:42.0078 3352 xmlprov (295d21f14c335b53cb8154e5b1f892b9)

C:\WINDOWS\System32\xmlprov.dll
10:23:42.0093 3352 xmlprov - ok
10:23:42.0171 3352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861)

\Device\Harddisk0\DR0
10:23:43.0015 3352 \Device\Harddisk0\DR0 - ok
10:23:43.0031 3352 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2)

\Device\Harddisk1\DR2
10:23:43.0562 3352 \Device\Harddisk1\DR2 - ok
10:23:43.0578 3352 Boot (0x1200) (edcfdbad1d3d701106d394d808ccd344)

\Device\Harddisk0\DR0\Partition0
10:23:43.0578 3352 \Device\Harddisk0\DR0\Partition0 - ok
10:23:43.0609 3352 Boot (0x1200) (5ba653d180e7dc254d08cd852ddfa318)

\Device\Harddisk1\DR2\Partition0
10:23:43.0640 3352 \Device\Harddisk1\DR2\Partition0 - ok
10:23:43.0640 3352 ============================================================
10:23:43.0640 3352 Scan finished
10:23:43.0640 3352 ============================================================
10:23:43.0703 3344 Detected object count: 1
10:23:43.0703 3344 Actual detected object count: 1
10:24:04.0687 3344 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:24:04.0687 3344 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:05:07.0375 1812 ============================================================
11:05:07.0375 1812 Scan started
11:05:07.0375 1812 Mode: Manual; SigCheck; TDLFS;
11:05:07.0375 1812 ============================================================
11:05:08.0796 1812 Abiosdsk - ok
11:05:08.0828 1812 abp480n5 - ok
11:05:08.0953 1812 ACPI (8fd99680a539792a30e97944fdaecf17)

C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:05:12.0390 1812 ACPI - ok
11:05:12.0437 1812 ACPIEC (9859c0f6936e723e4892d7141b1327d5)

C:\WINDOWS\system32\drivers\ACPIEC.sys
11:05:12.0671 1812 ACPIEC - ok
11:05:12.0937 1812 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8)

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:05:12.0953 1812 AdobeFlashPlayerUpdateSvc - ok
11:05:13.0390 1812 AdobeVersionCue (fc9d93d13127e3252466d4a33039b54b) C:\Program

Files\Adobe\Adobe Version Cue\service\VersionCue.exe
11:05:13.0406 1812 AdobeVersionCue ( UnsignedFile.Multi.Generic ) - warning
11:05:13.0406 1812 AdobeVersionCue - detected UnsignedFile.Multi.Generic (1)
11:05:13.0437 1812 adpu160m - ok
11:05:13.0687 1812 aec (8bed39e3c35d6a489438b8141717a557)

C:\WINDOWS\system32\drivers\aec.sys
11:05:13.0921 1812 aec - ok
11:05:14.0078 1812 AFD (7e775010ef291da96ad17ca4b17137d7)

C:\WINDOWS\System32\drivers\afd.sys
11:05:14.0171 1812 AFD - ok
11:05:14.0171 1812 Aha154x - ok
11:05:14.0187 1812 aic78u2 - ok
11:05:14.0234 1812 aic78xx - ok
11:05:16.0578 1812 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program

files\common files\akamai/netsession_win_4f7fccd.dll
11:05:16.0578 1812 Suspicious file (Hidden): c:\program files\common

files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
11:05:16.0593 1812 Akamai ( HiddenFile.Multi.Generic ) - warning
11:05:16.0593 1812 Akamai - detected HiddenFile.Multi.Generic (1)
11:05:17.0046 1812 Alerter (a9a3daa780ca6c9671a19d52456705b4)

C:\WINDOWS\system32\alrsvc.dll
11:05:17.0265 1812 Alerter - ok
11:05:17.0359 1812 ALG (8c515081584a38aa007909cd02020b3d)

C:\WINDOWS\System32\alg.exe
11:05:17.0609 1812 ALG - ok
11:05:17.0703 1812 AliIde - ok
11:05:17.0734 1812 amsint - ok
11:05:26.0640 1812 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383)

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:05:26.0656 1812 Apple Mobile Device - ok
11:05:26.0984 1812 AppMgmt (d8849f77c0b66226335a59d26cb4edc6)

C:\WINDOWS\System32\appmgmts.dll
11:05:27.0218 1812 AppMgmt - ok
11:05:27.0250 1812 asc - ok
11:05:27.0281 1812 asc3350p - ok
11:05:27.0312 1812 asc3550 - ok
11:05:27.0734 1812 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad)

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:05:27.0750 1812 aspnet_state - ok
11:05:27.0906 1812 astcc (0c83fc56707bf68db04947052a8188b1)

C:\WINDOWS\SYSTEM32\astsrv.exe
11:05:27.0953 1812 astcc ( UnsignedFile.Multi.Generic ) - warning
11:05:27.0953 1812 astcc - detected UnsignedFile.Multi.Generic (1)
11:05:28.0046 1812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:05:28.0265 1812 AsyncMac - ok
11:05:28.0437 1812 atapi (9f3a2f5aa6875c72bf062c712cfa2674)

C:\WINDOWS\system32\DRIVERS\atapi.sys
11:05:28.0687 1812 atapi - ok
11:05:28.0718 1812 Atdisk - ok
11:05:29.0140 1812 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed)

C:\WINDOWS\System32\Ati2evxx.exe
11:05:29.0265 1812 Ati HotKey Poller - ok
11:05:29.0453 1812 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e)

C:\WINDOWS\system32\ati2sgag.exe
11:05:29.0562 1812 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
11:05:29.0562 1812 ATI Smart - detected UnsignedFile.Multi.Generic (1)
11:05:30.0046 1812 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd)

C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:05:30.0140 1812 ati2mtag - ok
11:05:30.0171 1812 atidgllk - ok
11:05:30.0546 1812 Atmarpc (9916c1225104ba14794209cfa8012159)

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:05:30.0796 1812 Atmarpc - ok
11:05:30.0953 1812 AudioSrv (def7a7882bec100fe0b2ce2549188f9d)

C:\WINDOWS\System32\audiosrv.dll
11:05:31.0156 1812 AudioSrv - ok
11:05:31.0218 1812 audstub (d9f724aa26c010a217c97606b160ed68)

C:\WINDOWS\system32\DRIVERS\audstub.sys
11:05:31.0421 1812 audstub - ok
11:05:31.0484 1812 Beep (da1f27d85e0d1525f6621372e7b685e9)

C:\WINDOWS\system32\drivers\Beep.sys
11:05:31.0703 1812 Beep - ok
11:05:31.0984 1812 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program

Files\Bonjour\mDNSResponder.exe
11:05:32.0031 1812 Bonjour Service - ok
11:05:32.0203 1812 Browser (a06ce3399d16db864f55faeb1f1927a9)

C:\WINDOWS\System32\browser.dll
11:05:32.0437 1812 Browser - ok
11:05:32.0515 1812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)

C:\WINDOWS\system32\drivers\cbidf2k.sys
11:05:32.0765 1812 cbidf2k - ok
11:05:32.0796 1812 cd20xrnt - ok
11:05:32.0906 1812 Cdaudio (c1b486a7658353d33a10cc15211a873b)

C:\WINDOWS\system32\drivers\Cdaudio.sys
11:05:33.0109 1812 Cdaudio - ok
11:05:33.0250 1812 Cdfs (c885b02847f5d2fd45a24e219ed93b32)

C:\WINDOWS\system32\drivers\Cdfs.sys
11:05:33.0484 1812 Cdfs - ok
11:05:33.0703 1812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe)

C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:05:33.0937 1812 Cdrom - ok
11:05:33.0953 1812 Changer - ok
11:05:34.0000 1812 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde)

C:\WINDOWS\System32\cisvc.exe
11:05:34.0218 1812 cisvc - ok
11:05:34.0296 1812 ClipSrv (34cbe729f38138217f9c80212a2a0c82)

C:\WINDOWS\system32\clipsrv.exe
11:05:34.0515 1812 ClipSrv - ok
11:05:34.0718 1812 clr_optimization_v2.0.50727_32

(d87acaed61e417bba546ced5e7e36d9c)

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:34.0734 1812 clr_optimization_v2.0.50727_32 - ok
11:05:34.0781 1812 CmdIde - ok
11:05:34.0796 1812 COMSysApp - ok
11:05:34.0875 1812 Cpqarray - ok
11:05:34.0937 1812 CryptSvc (3d4e199942e29207970e04315d02ad3b)

C:\WINDOWS\System32\cryptsvc.dll
11:05:35.0140 1812 CryptSvc - ok
11:05:35.0312 1812 Cwbrxd (b22149a6def5c65483b1130232ce063d)

C:\WINDOWS\CWBRXD.EXE
11:05:35.0328 1812 Cwbrxd ( UnsignedFile.Multi.Generic ) - warning
11:05:35.0328 1812 Cwbrxd - detected UnsignedFile.Multi.Generic (1)
11:05:35.0375 1812 dac2w2k - ok
11:05:35.0390 1812 dac960nt - ok
11:05:35.0671 1812 DcomLaunch (6b27a5c03dfb94b4245739065431322c)

C:\WINDOWS\system32\rpcss.dll
11:05:35.0796 1812 DcomLaunch - ok
11:05:35.0968 1812 Dhcp (5e38d7684a49cacfb752b046357e0589)

C:\WINDOWS\System32\dhcpcsvc.dll
11:05:36.0187 1812 Dhcp - ok
11:05:36.0265 1812 Disk (044452051f3e02e7963599fc8f4f3e25)

C:\WINDOWS\system32\DRIVERS\disk.sys
11:05:36.0468 1812 Disk - ok
11:05:36.0515 1812 dmadmin - ok
11:05:36.0750 1812 dmboot (d992fe1274bde0f84ad826acae022a41)

C:\WINDOWS\system32\drivers\dmboot.sys
11:05:37.0000 1812 dmboot - ok
11:05:37.0093 1812 dmio (7c824cf7bbde77d95c08005717a95f6f)

C:\WINDOWS\system32\drivers\dmio.sys
11:05:37.0328 1812 dmio - ok
11:05:37.0375 1812 dmload (e9317282a63ca4d188c0df5e09c6ac5f)

C:\WINDOWS\system32\drivers\dmload.sys
11:05:37.0609 1812 dmload - ok
11:05:37.0734 1812 dmserver (57edec2e5f59f0335e92f35184bc8631)

C:\WINDOWS\System32\dmserver.dll
11:05:37.0953 1812 dmserver - ok
11:05:38.0046 1812 DMusic (8a208dfcf89792a484e76c40e5f50b45)

C:\WINDOWS\system32\drivers\DMusic.sys
11:05:38.0234 1812 DMusic - ok
11:05:38.0406 1812 Dnscache (474b4dc3983173e4b4c9740b0dac98a6)

C:\WINDOWS\System32\dnsrslvr.dll
11:05:38.0625 1812 Dnscache - ok
11:05:38.0765 1812 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814)

C:\WINDOWS\System32\dot3svc.dll
11:05:38.0984 1812 Dot3svc - ok
11:05:39.0015 1812 dpti2o - ok
11:05:39.0093 1812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)

C:\WINDOWS\system32\drivers\drmkaud.sys
11:05:39.0265 1812 drmkaud - ok
11:05:39.0343 1812 E100B (d57a8fc800b501ac05b10d00f66d127a)

C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:05:39.0406 1812 E100B - ok
11:05:39.0437 1812 EapHost (2187855a7703adef0cef9ee4285182cc)

C:\WINDOWS\System32\eapsvc.dll
11:05:39.0671 1812 EapHost - ok
11:05:39.0750 1812 ERSvc (bc93b4a066477954555966d77fec9ecb)

C:\WINDOWS\System32\ersvc.dll
11:05:39.0953 1812 ERSvc - ok
11:05:40.0109 1812 Eventlog (65df52f5b8b6e9bbd183505225c37315)

C:\WINDOWS\system32\services.exe
11:05:40.0156 1812 Eventlog - ok
11:05:40.0390 1812 EventSystem (d4991d98f2db73c60d042f1aef79efae)

C:\WINDOWS\System32\es.dll
11:05:40.0515 1812 EventSystem - ok
11:05:40.0796 1812 Fastfat (38d332a6d56af32635675f132548343e)

C:\WINDOWS\system32\drivers\Fastfat.sys
11:05:41.0000 1812 Fastfat - ok
11:05:41.0062 1812 FastUserSwitchingCompatibility

(1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
11:05:41.0265 1812 FastUserSwitchingCompatibility - ok
11:05:41.0359 1812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)

C:\WINDOWS\system32\drivers\Fdc.sys
11:05:41.0578 1812 Fdc - ok
11:05:41.0718 1812 Fips (d45926117eb9fa946a6af572fbe1caa3)

C:\WINDOWS\system32\drivers\Fips.sys
11:05:41.0984 1812 Fips - ok
11:05:42.0062 1812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)

C:\WINDOWS\system32\drivers\Flpydisk.sys
11:05:42.0281 1812 Flpydisk - ok
11:05:42.0375 1812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)

C:\WINDOWS\system32\drivers\fltmgr.sys
11:05:42.0609 1812 FltMgr - ok
11:05:42.0781 1812 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789)

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:05:42.0781 1812 FontCache3.0.0.0 - ok
11:05:42.0859 1812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)

C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:05:43.0062 1812 Fs_Rec - ok
11:05:43.0125 1812 Ftdisk (6ac26732762483366c3969c9e4d2259d)

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:05:43.0343 1812 Ftdisk - ok
11:05:43.0515 1812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e)

C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:05:43.0515 1812 GEARAspiWDM - ok
11:05:43.0593 1812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)

C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:05:43.0796 1812 Gpc - ok
11:05:44.0156 1812 gupdate1c9d8e358406bc4 (626a24ed1228580b9518c01930936df9)

C:\Program Files\Google\Update\GoogleUpdate.exe
11:05:44.0187 1812 gupdate1c9d8e358406bc4 - ok
11:05:44.0203 1812 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program

Files\Google\Update\GoogleUpdate.exe
11:05:44.0218 1812 gupdatem - ok
11:05:44.0359 1812 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:05:44.0390 1812 gusvc - ok
11:05:44.0515 1812 HDAudBus (573c7d0a32852b48f3058cfd8026f511)

C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:05:44.0781 1812 HDAudBus - ok
11:05:44.0968 1812 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd)

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:05:45.0203 1812 helpsvc - ok
11:05:45.0359 1812 HidServ (deb04da35cc871b6d309b77e1443c796)

C:\WINDOWS\System32\hidserv.dll
11:05:45.0562 1812 HidServ - ok
11:05:45.0640 1812 hidusb (ccf82c5ec8a7326c3066de870c06daf1)

C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:05:45.0875 1812 hidusb - ok
11:05:46.0015 1812 hkmsvc (8878bd685e490239777bfe51320b88e9)

C:\WINDOWS\System32\kmsvc.dll
11:05:46.0218 1812 hkmsvc - ok
11:05:46.0250 1812 hpn - ok
11:05:46.0296 1812 hpt3xx - ok
11:05:46.0375 1812 HPZid412 (9f1d80908658eb7f1bf70809e0b51470)

C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:05:46.0500 1812 HPZid412 - ok
11:05:46.0593 1812 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3)

C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:05:46.0781 1812 HPZipr12 - ok
11:05:46.0875 1812 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b)

C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:05:47.0078 1812 HPZius12 - ok
11:05:47.0593 1812 HTTP (f80a415ef82cd06ffaf0d971528ead38)

C:\WINDOWS\system32\Drivers\HTTP.sys
11:05:47.0718 1812 HTTP - ok
11:05:47.0781 1812 HTTPFilter (6100a808600f44d999cebdef8841c7a3)

C:\WINDOWS\System32\w3ssl.dll
11:05:47.0984 1812 HTTPFilter - ok
11:05:48.0015 1812 i2omgmt - ok
11:05:48.0046 1812 i2omp - ok
11:05:48.0187 1812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)

C:\WINDOWS\system32\drivers\i8042prt.sys
11:05:48.0390 1812 i8042prt - ok
11:05:49.0421 1812 idsvc (c01ac32dc5c03076cfb852cb5da5229c)

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:05:49.0609 1812 idsvc - ok
11:05:49.0718 1812 Imapi (083a052659f5310dd8b6a6cb05edcf8e)

C:\WINDOWS\system32\drivers\Imapi.sys
11:05:49.0921 1812 Imapi - ok
11:05:50.0015 1812 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1)

C:\WINDOWS\System32\imapi.exe
11:05:50.0250 1812 ImapiService - ok
11:05:50.0281 1812 ini910u - ok
11:05:51.0078 1812 IntelC51 (fcab28ffd3a8964581e16455efaf81c8)

C:\WINDOWS\system32\DRIVERS\IntelC51.sys
11:05:51.0296 1812 IntelC51 - ok
11:05:52.0031 1812 IntelC52 (a288e7e3a6255255b9066686d860fbc5)

C:\WINDOWS\system32\DRIVERS\IntelC52.sys
11:05:52.0171 1812 IntelC52 - ok
11:05:52.0281 1812 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598)

C:\WINDOWS\system32\DRIVERS\IntelC53.sys
11:05:52.0343 1812 IntelC53 - ok
11:05:52.0359 1812 IntelIde - ok
11:05:52.0453 1812 intelppm (8c953733d8f36eb2133f5bb58808b66b)

C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:05:52.0640 1812 intelppm - ok
11:05:52.0718 1812 ip6fw (3bb22519a194418d5fec05d800a19ad0)

C:\WINDOWS\system32\drivers\ip6fw.sys
11:05:52.0906 1812 ip6fw - ok
11:05:53.0000 1812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:05:53.0234 1812 IpFilterDriver - ok
11:05:53.0328 1812 IpInIp (b87ab476dcf76e72010632b5550955f5)

C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:05:53.0531 1812 IpInIp - ok
11:05:53.0843 1812 IpNat (cc748ea12c6effde940ee98098bf96bb)

C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:05:54.0031 1812 IpNat - ok
11:05:54.0281 1812 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program

Files\iPod\bin\iPodService.exe
11:05:54.0328 1812 iPod Service - ok
11:05:54.0468 1812 IPSec (23c74d75e36e7158768dd63d92789a91)

C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:05:54.0687 1812 IPSec - ok
11:05:54.0718 1812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)

C:\WINDOWS\system32\DRIVERS\irenum.sys
11:05:54.0921 1812 IRENUM - ok
11:05:55.0015 1812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)

C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:05:55.0234 1812 isapnp - ok
11:05:55.0484 1812 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29)

C:\Program Files\Java\jre6\bin\jqs.exe
11:05:55.0515 1812 JavaQuickStarterService - ok
11:05:55.0578 1812 Kbdclass (463c1ec80cd17420a542b7f36a36f128)

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:05:55.0812 1812 Kbdclass - ok
11:05:55.0843 1812 kbdhid (9ef487a186dea361aa06913a75b3fa99)

C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:05:56.0031 1812 kbdhid - ok
11:05:56.0171 1812 kmixer (692bcf44383d056aed41b045a323d378)

C:\WINDOWS\system32\drivers\kmixer.sys
11:05:56.0359 1812 kmixer - ok
11:05:56.0453 1812 KSecDD (b467646c54cc746128904e1654c750c1)

C:\WINDOWS\system32\drivers\KSecDD.sys
11:05:56.0609 1812 KSecDD - ok
11:05:56.0859 1812 lanmanserver (f385f4b02c535bffe1d70cab80838123)

C:\WINDOWS\System32\srvsvc.dll
11:05:57.0078 1812 lanmanserver - ok
11:05:57.0359 1812 lanmanworkstation (a8888a5327621856c0cec4e385f69309)

C:\WINDOWS\System32\wkssvc.dll
11:05:57.0468 1812 lanmanworkstation - ok
11:05:57.0484 1812 lbrtfdc - ok
11:05:57.0625 1812 LmHosts (a7db739ae99a796d91580147e919cc59)

C:\WINDOWS\System32\lmhsvc.dll
11:05:57.0843 1812 LmHosts - ok
11:05:57.0906 1812 Messenger (986b1ff5814366d71e0ac5755c88f2d3)

C:\WINDOWS\System32\msgsvc.dll
11:05:58.0109 1812 Messenger - ok
11:05:58.0296 1812 Microsoft Office Groove Audit Service

(7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft

Office\Office12\GrooveAuditService.exe
11:05:58.0312 1812 Microsoft Office Groove Audit Service - ok
11:05:58.0343 1812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)

C:\WINDOWS\system32\drivers\mnmdd.sys
11:05:58.0625 1812 mnmdd - ok
11:05:58.0718 1812 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd)

C:\WINDOWS\System32\mnmsrvc.exe
11:05:58.0906 1812 mnmsrvc - ok
11:05:59.0000 1812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)

C:\WINDOWS\system32\drivers\Modem.sys
11:05:59.0187 1812 Modem - ok
11:05:59.0296 1812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65)

C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:05:59.0546 1812 MODEMCSA - ok
11:05:59.0656 1812 mohfilt (c6a08c4f34b3048a73bbb2951150f98d)

C:\WINDOWS\system32\DRIVERS\mohfilt.sys
11:05:59.0656 1812 mohfilt - ok
11:05:59.0781 1812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)

C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:05:59.0984 1812 Mouclass - ok
11:06:00.0046 1812 mouhid (b1c303e17fb9d46e87a98e4ba6769685)

C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:06:00.0296 1812 mouhid - ok
11:06:00.0437 1812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)

C:\WINDOWS\system32\drivers\MountMgr.sys
11:06:00.0656 1812 MountMgr - ok
11:06:00.0750 1812 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc)

C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:06:00.0812 1812 MozillaMaintenance - ok
11:06:00.0937 1812 MpFilter (d993bea500e7382dc4e760bf4f35efcb)

C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:06:01.0000 1812 MpFilter - ok
11:06:01.0031 1812 Mpkvcbtusr_h - ok
11:06:01.0093 1812 mraid35x - ok
11:06:01.0171 1812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:06:01.0390 1812 MRxDAV - ok
11:06:02.0156 1812 MRxSmb (60ae98742484e7ab80c3c1450e708148)

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:06:02.0265 1812 MRxSmb - ok
11:06:02.0312 1812 MSDTC (a137f1470499a205abbb9aafb3b6f2b1)

C:\WINDOWS\System32\msdtc.exe
11:06:02.0546 1812 MSDTC - ok
11:06:02.0640 1812 Msfs (c941ea2454ba8350021d774daf0f1027)

C:\WINDOWS\system32\drivers\Msfs.sys
11:06:02.0843 1812 Msfs - ok
11:06:02.0859 1812 MSIServer - ok
11:06:02.0921 1812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)

C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:06:03.0109 1812 MSKSSRV - ok
11:06:03.0234 1812 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program

Files\Microsoft Security Client\MsMpEng.exe
11:06:03.0250 1812 MsMpSvc - ok
11:06:03.0296 1812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:06:03.0500 1812 MSPCLOCK - ok
11:06:03.0531 1812 MSPQM (bad59648ba099da4a17680b39730cb3d)

C:\WINDOWS\system32\drivers\MSPQM.sys
11:06:03.0750 1812 MSPQM - ok
11:06:03.0859 1812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:06:04.0078 1812 mssmbios - ok
11:06:04.0234 1812 Mup (2f625d11385b1a94360bfc70aaefdee1)

C:\WINDOWS\system32\drivers\Mup.sys
11:06:04.0421 1812 Mup - ok
11:06:04.0640 1812 napagent (0102140028fad045756796e1c685d695)

C:\WINDOWS\System32\qagentrt.dll
11:06:04.0859 1812 napagent - ok
11:06:04.0968 1812 NDIS (1df7f42665c94b825322fae71721130d)

C:\WINDOWS\system32\drivers\NDIS.sys
11:06:05.0171 1812 NDIS - ok
11:06:05.0234 1812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f)

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:06:05.0421 1812 NdisTapi - ok
11:06:05.0484 1812 Ndisuio (f927a4434c5028758a842943ef1a3849)

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:06:05.0703 1812 Ndisuio - ok
11:06:05.0781 1812 NdisWan (edc1531a49c80614b2cfda43ca8659ab)

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:06:05.0968 1812 NdisWan - ok
11:06:06.0093 1812 NDProxy (6215023940cfd3702b46abc304e1d45a)

C:\WINDOWS\system32\drivers\NDProxy.sys
11:06:06.0296 1812 NDProxy - ok
11:06:06.0390 1812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)

C:\WINDOWS\system32\DRIVERS\netbios.sys
11:06:06.0593 1812 NetBIOS - ok
11:06:06.0890 1812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)

C:\WINDOWS\system32\DRIVERS\netbt.sys
11:06:07.0093 1812 NetBT - ok
11:06:07.0203 1812 NetDDE (b857ba82860d7ff85ae29b095645563b)

C:\WINDOWS\system32\netdde.exe
11:06:07.0421 1812 NetDDE - ok
11:06:07.0437 1812 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b)

C:\WINDOWS\system32\netdde.exe
11:06:07.0640 1812 NetDDEdsdm - ok
11:06:07.0734 1812 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\System32\lsass.exe
11:06:07.0953 1812 Netlogon - ok
11:06:08.0093 1812 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de)

C:\WINDOWS\System32\netman.dll
11:06:08.0312 1812 Netman - ok
11:06:08.0500 1812 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae)

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:06:08.0515 1812 NetTcpPortSharing - ok
11:06:08.0671 1812 Nla (832e4dd8964ab7acc880b2837cb1ed20)

C:\WINDOWS\System32\mswsock.dll
11:06:08.0734 1812 Nla - ok
11:06:08.0875 1812 Npfs (3182d64ae053d6fb034f44b6def8034a)

C:\WINDOWS\system32\drivers\Npfs.sys
11:06:09.0046 1812 Npfs - ok
11:06:09.0328 1812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)

C:\WINDOWS\system32\drivers\Ntfs.sys
11:06:09.0593 1812 Ntfs - ok
11:06:09.0625 1812 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\System32\lsass.exe
11:06:09.0812 1812 NtLmSsp - ok
11:06:10.0031 1812 NtmsSvc (156f64a3345bd23c600655fb4d10bc08)

C:\WINDOWS\system32\ntmssvc.dll
11:06:10.0281 1812 NtmsSvc - ok
11:06:10.0328 1812 Null (73c1e1f395918bc2c6dd67af7591a3ad)

C:\WINDOWS\system32\drivers\Null.sys
11:06:10.0562 1812 Null - ok
11:06:10.0640 1812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:06:10.0859 1812 NwlnkFlt - ok
11:06:10.0937 1812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:06:11.0171 1812 NwlnkFwd - ok
11:06:11.0484 1812 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program

Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:06:11.0562 1812 odserv - ok
11:06:11.0578 1812 OMCI - ok
11:06:11.0671 1812 ose (5a432a042dae460abe7199b758e8606c) C:\Program

Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:06:11.0718 1812 ose - ok
11:06:11.0859 1812 Parport (5575faf8f97ce5e713d108c2a58d7c7c)

C:\WINDOWS\system32\drivers\Parport.sys
11:06:12.0093 1812 Parport - ok
11:06:12.0218 1812 PartMgr (beb3ba25197665d82ec7065b724171c6)

C:\WINDOWS\system32\drivers\PartMgr.sys
11:06:12.0406 1812 PartMgr - ok
11:06:12.0468 1812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)

C:\WINDOWS\system32\drivers\ParVdm.sys
11:06:12.0656 1812 ParVdm - ok
11:06:12.0750 1812 PCI (a219903ccf74233761d92bef471a07b1)

C:\WINDOWS\system32\DRIVERS\pci.sys
11:06:12.0953 1812 PCI - ok
11:06:12.0968 1812 PCIDump - ok
11:06:13.0031 1812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0)

C:\WINDOWS\system32\DRIVERS\pciide.sys
11:06:13.0250 1812 PCIIde - ok
11:06:13.0359 1812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)

C:\WINDOWS\system32\drivers\Pcmcia.sys
11:06:13.0609 1812 Pcmcia - ok
11:06:13.0625 1812 PDCOMP - ok
11:06:13.0656 1812 PDFRAME - ok
11:06:13.0687 1812 PDRELI - ok
11:06:13.0734 1812 PDRFRAME - ok
11:06:13.0765 1812 perc2 - ok
11:06:13.0796 1812 perc2hib - ok
11:06:13.0984 1812 PlugPlay (65df52f5b8b6e9bbd183505225c37315)

C:\WINDOWS\system32\services.exe
11:06:14.0046 1812 PlugPlay - ok
11:06:14.0171 1812 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493)

C:\WINDOWS\system32\HPZipm12.exe
11:06:14.0203 1812 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:06:14.0218 1812 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:06:14.0250 1812 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\System32\lsass.exe
11:06:14.0421 1812 PolicyAgent - ok
11:06:14.0609 1812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)

C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:06:14.0859 1812 PptpMiniport - ok
11:06:14.0953 1812 Processor (a32bebaf723557681bfc6bd93e98bd26)

C:\WINDOWS\system32\DRIVERS\processr.sys
11:06:15.0187 1812 Processor - ok
11:06:15.0203 1812 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\system32\lsass.exe
11:06:15.0406 1812 ProtectedStorage - ok
11:06:15.0500 1812 PSched (09298ec810b07e5d582cb3a3f9255424)

C:\WINDOWS\system32\DRIVERS\psched.sys
11:06:15.0718 1812 PSched - ok
11:06:15.0828 1812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)

C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:06:16.0015 1812 Ptilink - ok
11:06:16.0062 1812 ql1080 - ok
11:06:16.0078 1812 Ql10wnt - ok
11:06:16.0109 1812 ql12160 - ok
11:06:16.0140 1812 ql1240 - ok
11:06:16.0171 1812 ql1280 - ok
11:06:16.0250 1812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)

C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:06:16.0437 1812 RasAcd - ok
11:06:16.0562 1812 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073)

C:\WINDOWS\System32\rasauto.dll
11:06:16.0750 1812 RasAuto - ok
11:06:16.0890 1812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:06:17.0125 1812 Rasl2tp - ok
11:06:17.0218 1812 RasMan (76a9a3cbeadd68cc57cda5e1d7448235)

C:\WINDOWS\System32\rasmans.dll
11:06:17.0406 1812 RasMan - ok
11:06:17.0484 1812 RasPppoe (5bc962f2654137c9909c3d4603587dee)

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:06:17.0671 1812 RasPppoe - ok
11:06:17.0703 1812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)

C:\WINDOWS\system32\DRIVERS\raspti.sys
11:06:17.0906 1812 Raspti - ok
11:06:18.0078 1812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)

C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:06:18.0296 1812 Rdbss - ok
11:06:18.0328 1812 RDPCDD (4912d5b403614ce99c28420f75353332)

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:06:18.0531 1812 RDPCDD - ok
11:06:18.0656 1812 rdpdr (15cabd0f7c00c47c70124907916af3f1)

C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:06:18.0875 1812 rdpdr - ok
11:06:19.0093 1812 RDPWD (6728e45b66f93c08f11de2e316fc70dd)

C:\WINDOWS\system32\drivers\RDPWD.sys
11:06:19.0296 1812 RDPWD - ok
11:06:19.0437 1812 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa)

C:\WINDOWS\system32\sessmgr.exe
11:06:19.0625 1812 RDSessMgr - ok
11:06:19.0734 1812 redbook (f828dd7e1419b6653894a8f97a0094c5)

C:\WINDOWS\system32\DRIVERS\redbook.sys
11:06:19.0921 1812 redbook - ok
11:06:20.0000 1812 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5)

C:\WINDOWS\System32\mprdim.dll
11:06:20.0218 1812 RemoteAccess - ok
11:06:20.0328 1812 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f)

C:\WINDOWS\system32\regsvc.dll
11:06:20.0562 1812 RemoteRegistry - ok
11:06:20.0687 1812 RpcLocator (aaed593f84afa419bbae8572af87cf6a)

C:\WINDOWS\System32\locator.exe
11:06:20.0843 1812 RpcLocator - ok
11:06:21.0078 1812 RpcSs (6b27a5c03dfb94b4245739065431322c)

C:\WINDOWS\system32\rpcss.dll
11:06:21.0171 1812 RpcSs - ok
11:06:21.0250 1812 RSVP (471b3f9741d762abe75e9deea4787e47)

C:\WINDOWS\System32\rsvp.exe
11:06:21.0484 1812 RSVP - ok
11:06:21.0609 1812 SamSs (bf2466b3e18e970d8a976fb95fc1ca85)

C:\WINDOWS\system32\lsass.exe
11:06:21.0796 1812 SamSs - ok
11:06:21.0828 1812 SBRE - ok
11:06:21.0953 1812 SCardSvr (86d007e7a654b9a71d1d7d856b104353)

C:\WINDOWS\System32\SCardSvr.exe
11:06:22.0156 1812 SCardSvr - ok
11:06:22.0375 1812 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa)

C:\WINDOWS\system32\schedsvc.dll
11:06:22.0593 1812 Schedule - ok
11:06:22.0890 1812 SeaPort (ca7e42e0b8d117165ed553a7d681352a) C:\Program

Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:06:22.0921 1812 SeaPort - ok
11:06:22.0984 1812 Secdrv (90a3935d05b494a5a39d37e71f09a677)

C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:06:23.0187 1812 Secdrv - ok
11:06:23.0265 1812 seclogon (cbe612e2bb6a10e3563336191eda1250)

C:\WINDOWS\System32\seclogon.dll
11:06:23.0484 1812 seclogon - ok
11:06:23.0546 1812 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0)

C:\WINDOWS\system32\sens.dll
11:06:23.0765 1812 SENS - ok
11:06:23.0890 1812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)

C:\WINDOWS\system32\drivers\Serial.sys
11:06:24.0125 1812 Serial - ok
11:06:24.0250 1812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)

C:\WINDOWS\system32\drivers\Sfloppy.sys
11:06:24.0468 1812 Sfloppy - ok
11:06:24.0640 1812 ShellHWDetection (1926899bf9ffe2602b63074971700412)

C:\WINDOWS\System32\shsvcs.dll
11:06:24.0828 1812 ShellHWDetection - ok
11:06:24.0859 1812 Simbad - ok
11:06:24.0906 1812 Sparrow - ok
11:06:24.0984 1812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)

C:\WINDOWS\system32\drivers\splitter.sys
11:06:25.0203 1812 splitter - ok
11:06:25.0359 1812 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b)

C:\WINDOWS\system32\spoolsv.exe
11:06:25.0593 1812 Spooler - ok
11:06:25.0703 1812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)

C:\WINDOWS\system32\DRIVERS\sr.sys
11:06:25.0875 1812 sr - ok
11:06:26.0062 1812 srservice (3805df0ac4296a34ba4bf93b346cc378)

C:\WINDOWS\System32\srsvc.dll
11:06:26.0296 1812 srservice - ok
11:06:26.0734 1812 Srv (da852e3e0bf1cea75d756f9866241e57)

C:\WINDOWS\system32\DRIVERS\srv.sys
11:06:26.0859 1812 Srv - ok
11:06:26.0906 1812 SSDPSRV (0a5679b3714edab99e357057ee88fca6)

C:\WINDOWS\System32\ssdpsrv.dll
11:06:27.0125 1812 SSDPSRV - ok
11:06:27.0468 1812 STacSV (f70ab08582e06a8bda3e470592d1a394)

C:\WINDOWS\system32\STacSV.exe
11:06:27.0562 1812 STacSV - ok
11:06:28.0140 1812 STHDA (2a2dc39623adef8ab3703ab9fac4b440)

C:\WINDOWS\system32\drivers\sthda.sys
11:06:28.0375 1812 STHDA - ok
11:06:28.0609 1812 stisvc (8bad69cbac032d4bbacfce0306174c30)

C:\WINDOWS\system32\wiaservc.dll
11:06:28.0843 1812 stisvc - ok
11:06:28.0937 1812 swenum (3941d127aef12e93addf6fe6ee027e0f)

C:\WINDOWS\system32\DRIVERS\swenum.sys
11:06:29.0125 1812 swenum - ok
11:06:29.0953 1812 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program

Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:06:30.0078 1812 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:06:30.0078 1812 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:06:30.0171 1812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)

C:\WINDOWS\system32\drivers\swmidi.sys
11:06:30.0421 1812 swmidi - ok
11:06:30.0437 1812 SwPrv - ok
11:06:30.0484 1812 symc810 - ok
11:06:30.0531 1812 symc8xx - ok
11:06:30.0562 1812 sym_hi - ok
11:06:30.0609 1812 sym_u3 - ok
11:06:30.0687 1812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)

C:\WINDOWS\system32\drivers\sysaudio.sys
11:06:30.0921 1812 sysaudio - ok
11:06:31.0046 1812 SysmonLog (c7abbc59b43274b1109df6b24d617051)

C:\WINDOWS\system32\smlogsvc.exe
11:06:31.0250 1812 SysmonLog - ok
11:06:31.0484 1812 TapiSrv (3cb78c17bb664637787c9a1c98f79c38)

C:\WINDOWS\System32\tapisrv.dll
11:06:31.0703 1812 TapiSrv - ok
11:06:32.0031 1812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)

C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:06:32.0093 1812 Tcpip - ok
11:06:32.0171 1812 TDPIPE (6471a66807f5e104e4885f5b67349397)

C:\WINDOWS\system32\drivers\TDPIPE.sys
11:06:32.0375 1812 TDPIPE - ok
11:06:32.0437 1812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)

C:\WINDOWS\system32\drivers\TDTCP.sys
11:06:32.0625 1812 TDTCP - ok
11:06:32.0796 1812 TermDD (88155247177638048422893737429d9e)

C:\WINDOWS\system32\DRIVERS\termdd.sys
11:06:32.0984 1812 TermDD - ok
11:06:33.0125 1812 TermService (ff3477c03be7201c294c35f684b3479f)

C:\WINDOWS\System32\termsrv.dll
11:06:33.0343 1812 TermService - ok
11:06:33.0562 1812 Themes (1926899bf9ffe2602b63074971700412)

C:\WINDOWS\System32\shsvcs.dll
11:06:33.0765 1812 Themes - ok
11:06:33.0859 1812 TlntSvr (db7205804759ff62c34e3efd8a4cc76a)

C:\WINDOWS\System32\tlntsvr.exe
11:06:34.0078 1812 TlntSvr - ok
11:06:34.0093 1812 TosIde - ok
11:06:34.0171 1812 TrkWks (55bca12f7f523d35ca3cb833c725f54e)

C:\WINDOWS\system32\trkwks.dll
11:06:34.0406 1812 TrkWks - ok
11:06:34.0531 1812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)

C:\WINDOWS\system32\drivers\Udfs.sys
11:06:34.0765 1812 Udfs - ok
11:06:34.0828 1812 ultra - ok
11:06:35.0234 1812 Update (402ddc88356b1bac0ee3dd1580c76a31)

C:\WINDOWS\system32\DRIVERS\update.sys
11:06:35.0484 1812 Update - ok
11:06:35.0625 1812 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91)

C:\WINDOWS\System32\upnphost.dll
11:06:35.0843 1812 upnphost - ok
11:06:35.0906 1812 UPS (05365fb38fca1e98f7a566aaaf5d1815)

C:\WINDOWS\System32\ups.exe
11:06:36.0109 1812 UPS - ok
11:06:36.0187 1812 usbccgp (173f317ce0db8e21322e71b7e60a27e8)

C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:06:36.0390 1812 usbccgp - ok
11:06:36.0468 1812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)

C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:06:36.0671 1812 usbehci - ok
11:06:36.0781 1812 usbhub (1ab3cdde553b6e064d2e754efe20285c)

C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:06:36.0953 1812 usbhub - ok
11:06:37.0093 1812 usbprint (a717c8721046828520c9edf31288fc00)

C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:06:37.0296 1812 usbprint - ok
11:06:37.0390 1812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4)

C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:06:37.0609 1812 usbscan - ok
11:06:37.0734 1812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9)

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:06:37.0937 1812 USBSTOR - ok
11:06:38.0000 1812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:06:38.0187 1812 usbuhci - ok
11:06:38.0234 1812 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f)

C:\WINDOWS\system32\DRIVERS\usb8023.sys
11:06:38.0437 1812 USB_RNDIS - ok
11:06:38.0500 1812 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a)

C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:06:38.0703 1812 usb_rndisx - ok
11:06:38.0796 1812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)

C:\WINDOWS\System32\drivers\vga.sys
11:06:39.0015 1812 VgaSave - ok
11:06:39.0046 1812 ViaIde - ok
11:06:39.0250 1812 Viewpoint Manager Service (5f974fde801c73952770736becde11e7)

C:\Program Files\Viewpoint\Common\ViewpointService.exe
11:06:39.0281 1812 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) -

warning
11:06:39.0281 1812 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic

(1)
11:06:39.0437 1812 VolSnap (4c8fcb5cc53aab716d810740fe59d025)

C:\WINDOWS\system32\drivers\VolSnap.sys
11:06:39.0656 1812 VolSnap - ok
11:06:39.0750 1812 VSS (7a9db3a67c333bf0bd42e42b8596854b)

C:\WINDOWS\System32\vssvc.exe
11:06:39.0968 1812 VSS - ok
11:06:40.0281 1812 W32Time (54af4b1d5459500ef0937f6d33b1914f)

C:\WINDOWS\System32\w32time.dll
11:06:40.0515 1812 W32Time - ok
11:06:40.0640 1812 Wanarp (e20b95baedb550f32dd489265c1da1f6)

C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:06:40.0859 1812 Wanarp - ok
11:06:40.0875 1812 WDICA - ok
11:06:41.0031 1812 wdmaud (6768acf64b18196494413695f0c3a00f)

C:\WINDOWS\system32\drivers\wdmaud.sys
11:06:41.0250 1812 wdmaud - ok
11:06:41.0468 1812 WebClient (77a354e28153ad2d5e120a5a8687bc06)

C:\WINDOWS\System32\webclnt.dll
11:06:41.0703 1812 WebClient - ok
11:06:41.0921 1812 winmgmt (2d0e4ed081963804ccc196a0929275b5)

C:\WINDOWS\system32\wbem\WMIsvc.dll
11:06:42.0109 1812 winmgmt - ok
11:06:42.0843 1812 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:06:43.0000 1812 wlidsvc - ok
11:06:43.0656 1812 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d)

C:\WINDOWS\system32\MsPMSNSv.dll
11:06:43.0750 1812 WmdmPmSN - ok
11:06:44.0000 1812 Wmi (e76f8807070ed04e7408a86d6d3a6137)

C:\WINDOWS\System32\advapi32.dll
11:06:44.0125 1812 Wmi - ok
11:06:44.0390 1812 WmiApSrv (e0673f1106e62a68d2257e376079f821)

C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:06:44.0593 1812 WmiApSrv - ok
11:06:45.0062 1812 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program

Files\Windows Media Player\WMPNetwk.exe
11:06:45.0218 1812 WMPNetworkSvc - ok
11:06:45.0234 1812 WSearch - ok
11:06:45.0500 1812 WudfPf (f15feafffbb3644ccc80c5da584e6311)

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:06:45.0625 1812 WudfPf - ok
11:06:45.0687 1812 WudfRd (28b524262bce6de1f7ef9f510ba3985b)

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:06:45.0750 1812 WudfRd - ok
11:06:45.0812 1812 WudfSvc (05231c04253c5bc30b26cbaae680ed89)

C:\WINDOWS\System32\WUDFSvc.dll
11:06:45.0859 1812 WudfSvc - ok
11:06:46.0093 1812 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b)

C:\WINDOWS\System32\wzcsvc.dll
11:06:46.0343 1812 WZCSVC - ok
11:06:46.0437 1812 xmlprov (295d21f14c335b53cb8154e5b1f892b9)

C:\WINDOWS\System32\xmlprov.dll
11:06:46.0656 1812 xmlprov - ok
11:06:46.0718 1812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861)

\Device\Harddisk0\DR0
11:06:48.0546 1812 \Device\Harddisk0\DR0 - ok
11:06:57.0421 1812 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2)

\Device\Harddisk1\DR2
11:06:57.0890 1812 \Device\Harddisk1\DR2 - ok
11:06:57.0921 1812 Boot (0x1200) (edcfdbad1d3d701106d394d808ccd344)

\Device\Harddisk0\DR0\Partition0
11:06:57.0968 1812 \Device\Harddisk0\DR0\Partition0 - ok
11:06:58.0000 1812 Boot (0x1200) (5ba653d180e7dc254d08cd852ddfa318)

\Device\Harddisk1\DR2\Partition0
11:06:58.0031 1812 \Device\Harddisk1\DR2\Partition0 - ok
11:06:58.0062 1812 ============================================================
11:06:58.0062 1812 Scan finished
11:06:58.0062 1812 ============================================================
11:06:58.0203 3264 Detected object count: 8
11:06:58.0203 3264 Actual detected object count: 8
11:08:08.0546 3264 AdobeVersionCue ( UnsignedFile.Multi.Generic ) - skipped by

user
11:08:08.0546 3264 AdobeVersionCue ( UnsignedFile.Multi.Generic ) - User select

action: Skip
11:08:08.0546 3264 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:08:08.0546 3264 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:08:08.0546 3264 astcc ( UnsignedFile.Multi.Generic ) - skipped by user
11:08:08.0546 3264 astcc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:08:08.0546 3264 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
11:08:08.0546 3264 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action:

Skip
11:08:08.0546 3264 Cwbrxd ( UnsignedFile.Multi.Generic ) - skipped by user
11:08:08.0546 3264 Cwbrxd ( UnsignedFile.Multi.Generic ) - User select action:

Skip
11:08:08.0546 3264 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by

user
11:08:08.0546 3264 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select

action: Skip
11:08:08.0546 3264 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:08:08.0546 3264 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select

action: Skip
11:08:08.0546 3264 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) -

skipped by user
11:08:08.0546 3264 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User

select action: Skip


(end)




******************************************************




GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-10 10:50:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

SAMSUNG_HD161HJ rev.JF100-22
Running: ho9etlg0[1].exe; Driver: C:\DOCUME~1\hjones\LOCALS~1\Temp\fwrdiaod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\hjones\LOCALS~1\Temp\aswMBR.sys

The system cannot find the file specified.

!

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1332]

USER32.dll!DialogBoxIndirectParamAorW 7E4249D0

5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetCursorPos

7E42974E 5 Bytes JMP 00B3000A
.text C:\WINDOWS\System32\svchost.exe[1332] ole32.dll!CoCreateInstance

7750057E 5 Bytes JMP 00B2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP

3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP

3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP

3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP

3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP

3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP

3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP

3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP

3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP

3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP

3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP

3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP

3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP

3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2400]

ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP

3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP

3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP

3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP

3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP

3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP

3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP

3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP

3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP

3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424]

USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP

3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP

3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP

3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP

3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP

3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP

3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP

3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP

3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP

3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP

3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP

3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP

3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP

3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP

3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176]

ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP

3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP

3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP

3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP

3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP

3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP

3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP

3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP

3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP

3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP

3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP

3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP

3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP

3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP

3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3940]

ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP

3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2400] @

C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program

Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for

XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3176] @

C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program

Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for

XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3940] @

C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program

Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for

XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat

fltmgr.sys (Microsoft Filesystem Filter

Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE

[1944] 0x013E0000





---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Web\bullet.gif

64 bytes
File C:\WINDOWS\Web\deskmovr.htt

830 bytes
File C:\WINDOWS\Web\exclam.gif

2642 bytes
File C:\WINDOWS\Web\printers

0 bytes
File C:\WINDOWS\Web\printers\images

0 bytes
File C:\WINDOWS\Web\printers\images\ipp_0002.gif

1518 bytes
File C:\WINDOWS\Web\printers\images\ipp_0003.gif

899 bytes
File C:\WINDOWS\Web\printers\images\ipp_0004.gif

895 bytes
File C:\WINDOWS\Web\printers\images\ipp_0005.gif

255 bytes
File C:\WINDOWS\Web\printers\images\ipp_0012.gif

1265 bytes
File C:\WINDOWS\Web\printers\images\ipp_0015.gif

902 bytes
File C:\WINDOWS\Web\printers\ipp_0000.inc

11114 bytes
File C:\WINDOWS\Web\printers\ipp_0001.asp

10541 bytes
File C:\WINDOWS\Web\printers\ipp_0002.asp

1970 bytes
File C:\WINDOWS\Web\printers\ipp_0003.asp

369 bytes
File C:\WINDOWS\Web\printers\ipp_0004.asp

9402 bytes
File C:\WINDOWS\Web\printers\ipp_0005.asp

0 bytes
File C:\WINDOWS\Web\printers\ipp_0006.asp

0 bytes
File C:\WINDOWS\Web\printers\ipp_0007.asp

0 bytes
File C:\WINDOWS\Web\printers\ipp_0010.asp

0 bytes
File C:\WINDOWS\Web\printers\ipp_0013.asp

0 bytes
File C:\WINDOWS\Web\printers\ipp_0014.asp

0 bytes
File C:\WINDOWS\Web\printers\ipp_0015.asp

0 bytes
File C:\WINDOWS\Web\printers\ipp_adsi.inc

0 bytes
File C:\WINDOWS\Web\printers\ipp_res.inc

0 bytes
File C:\WINDOWS\Web\printers\ipp_util.inc

0 bytes
File C:\WINDOWS\Web\printers\page1.asp

0 bytes
File C:\WINDOWS\Web\printers\prtwebvw.css

0 bytes
File C:\WINDOWS\Web\safemode.htt

0 bytes
File C:\WINDOWS\Web\tip.htm

0 bytes
File C:\WINDOWS\Web\tips.gif

0 bytes
File C:\WINDOWS\Web\Wallpaper

0 bytes

---- EOF - GMER 1.0.15 ----



(end)


******************************************************

#4 hljdesign

hljdesign
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 10 August 2012 - 02:50 PM

The popup said: Cookies is a Windows system folder and is required for Windows to run properly. It cannot be deleted.

And I had to restart aswMBR, it shut itself down.

Thanks for your help

#5 hljdesign

hljdesign
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 10 August 2012 - 03:23 PM

MiniToolBox Result:


MiniToolBox by Farbar Version: 23-07-2012
Ran by hjones (administrator) on 10-08-2012 at 13:17:54
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

192.168.1.42 rogue rogue.phobo.com
192.168.1.42 www2.ritzcamera.com
192.168.1.42 www2.boatersworld.com
192.168.1.42 www2.wolfcamera.com
192.168.1.42 www2.eangler.com
192.168.1.42 www2.cameraworld.com
192.168.1.42 www2.photoalley.com
192.168.1.42 www2.ritzelectronics.com
192.168.1.42 www2.outerbanksoutfitters.com
192.168.1.42 www2.fishingonly.com
192.168.1.42 www2.shopatshark.com
192.168.1.42 www2.boatersworldgov.com
192.168.1.42 www2.ritzcameragov.com
192.168.1.42 www2.scrapbookingalley.com
192.168.1.42 www2.needlecraftsetc.com
192.168.1.42 www2.boatingonly.com
192.168.1.42 www2.boatcoverexperts.com
192.168.1.42 www2.umallelectronics.com
192.168.1.42 www2.ceilingfansandmore.com
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : heather-mktg

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-88-E9-BB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.98

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.3

DNS Servers . . . . . . . . . . . : 4.2.2.2

4.2.2.1

Lease Obtained. . . . . . . . . . : Friday, August 10, 2012 11:04:28 AM

Lease Expires . . . . . . . . . . : Saturday, August 18, 2012 11:04:28 AM



Pinging google.com [74.125.239.14] with 32 bytes of data:



Reply from 74.125.239.14: bytes=32 time=25ms TTL=59

Reply from 74.125.239.14: bytes=32 time=17ms TTL=59



Ping statistics for 74.125.239.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 25ms, Average = 21ms



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=25ms TTL=58

Reply from 72.30.38.140: bytes=32 time=29ms TTL=58



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 29ms, Average = 27ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 88 e9 bb ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.98 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.98 192.168.1.98 20
192.168.1.98 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.98 192.168.1.98 20
224.0.0.0 240.0.0.0 192.168.1.98 192.168.1.98 20
255.255.255.255 255.255.255.255 192.168.1.98 192.168.1.98 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/10/2012 00:34:34 PM) (Source: Application Error) (User: )
Description: Faulting application aswmbr[1].exe, version 0.9.9.1665, faulting module unknown, version 0.0.0.0, fault address 0x01b413e8.
Processing media-specific event for [aswmbr[1].exe!ws!]

Error: (08/10/2012 10:57:15 AM) (Source: Application Error) (User: )
Description: Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version 0.0.0.0, fault address 0x00000004.
Processing media-specific event for [sttray.exe!ws!]

Error: (08/10/2012 10:57:04 AM) (Source: STacSV) (User: NT AUTHORITY)NT AUTHORITY
Description: Connection to the Storage interface failed

Error: (08/09/2012 02:05:21 PM) (Source: Application Error) (User: )
Description: Faulting application 45zqc8go[1].exe, version 1.0.15.15641, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0001101a.
Processing media-specific event for [45zqc8go[1].exe!ws!]

Error: (08/09/2012 09:37:33 AM) (Source: Application Error) (User: )
Description: Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version 0.0.0.0, fault address 0x00000004.
Processing media-specific event for [sttray.exe!ws!]

Error: (08/09/2012 09:36:29 AM) (Source: STacSV) (User: NT AUTHORITY)NT AUTHORITY
Description: Connection to the Storage interface failed

Error: (08/08/2012 03:45:48 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/08/2012 03:43:54 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (08/08/2012 03:41:46 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (08/08/2012 03:40:37 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL


System errors:
=============
Error: (08/08/2012 03:19:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (07/10/2012 09:19:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 85637 seconds with 4680 seconds of active time. This session ended with a crash.

Error: (06/11/2012 02:16:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 17874 seconds with 840 seconds of active time. This session ended with a crash.

Error: (05/11/2012 03:25:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 83497 seconds with 3480 seconds of active time. This session ended with a crash.

Error: (05/07/2012 09:49:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 225 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/29/2012 10:05:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 261362 seconds with 14760 seconds of active time. This session ended with a crash.

Error: (03/05/2012 10:29:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 650 seconds with 300 seconds of active time. This session ended with a crash.

Error: (02/22/2012 10:59:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 90444 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (02/08/2012 11:44:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 81252 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (12/09/2011 04:22:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 259 seconds with 180 seconds of active time. This session ended with a crash.

Error: (11/01/2011 04:48:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 113491 seconds with 5100 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Acrobat.com (Version: 2.3.0)
Acrobat.com (Version: 2.3.0.0)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Connect Add-in
Adobe Creative Suite (Version: 2.0)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Fireworks CS5 (Version: 11.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Shockwave Player 11 (Version: 11)
Adobe SVG Viewer 3.0 (Version: 3.0)
AIM 7
AiO_Scan (Version: 47.0.1.000)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.13.1.0)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
Audible Download Manager (Version: 6.6.0.6)
AudibleManager (Version: 2089882806.2089882868.2090316064.2089882826)
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
AXIS Media Control Embedded
Bonjour (Version: 3.0.0.10)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Creative Vado HD Codec
Creative Vado HD Codec (Version: 1.0.0.1)
CuteFTP 8 Professional (Version: 8.3.4)
Dell Resource CD (Version: 1.00.0000)
Download Updater (AOL LLC)
FileZilla Client 3.5.3 (Version: 3.5.3)
Free Video Dub version 1.4
Free Video Flip and Rotate version 1.4
Genuine Fractals 6.0 Professional Edition (Version: 6.0)
Google Chrome (Version: 21.0.1180.75)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
HP Image Zone 4.7 (Version: 4.7)
HP Product Detection (Version: 10.7.9.0)
HP PSC & OfficeJet 4.7
IBM iSeries Access for Windows
IIS 6.0 Resource Kit Tools (Version: 6.00.0000)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
KODAK Gallery Upload Software (Version: 1.00.0000)
Macromedia Contribute 3.11 (Version: 3.11.0.2419)
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Flash 8 (Version: 8.00.0000)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 2.0.264.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN Toolbar (Version: 4.0.0401.0)
MSN Toolbar Platform (Version: 4.0.0401.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings CS5 (Version: 10.0)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
Scan (Version: 4.5.0.0)
SHARP AR-351/355/451/455 Series PCL Printer Driver
SigmaTel Audio (Version: 5.10.4600.0)
SmartSound Quicktracks for Premiere Elements (Version: 3.11.3090)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
TextPad 4.7 (Version: 4.7.2)
TN3270 Plus
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WinZip (Version: 10.0 (7245))
Yahoo! Messenger
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2046.07 MB
Available physical RAM: 1300.77 MB
Total Pagefile: 3942.52 MB
Available Pagefile: 3300.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.32 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:127.99 GB) (Free:18.14 GB) NTFS
3 Drive f: (My Book) (Fixed) (Total:698.46 GB) (Free:116.83 GB) FAT32
4 Drive x: (Departments) (Network) (Total:833.86 GB) (Free:662.45 GB) NTFS
5 Drive z: (Backups) (Network) (Total:891.62 GB) (Free:497.54 GB) NTFS

========================= Users: ========================================

User accounts for \\HEATHER-MKTG

Administrator Guest HelpAssistant
hjones SUPPORT_388945a0


**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 10 August 2012 - 03:35 PM

Ok, Looks like a rootkit we cannot remove here.

Stop aswMBR if its still going.



Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the GMER log you posted earlier.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 hljdesign

hljdesign
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 10 August 2012 - 04:08 PM

Thanks for your help. I created the new one here:
http://www.bleepingcomputer.com/forums/topic464685.html

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 10 August 2012 - 07:30 PM

You're welcome!
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users