Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.gen, trojan.gen.2, and trojan.zeroaccess infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 miss0033

miss0033

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 23 August 2012 - 07:33 PM

Please help me! My Norton antivirus keeps popping up with notifications for trojan.gen, trojan.gen.2 and trojan.zeroaccess. The computer is almost un-useable right now with all the pop-ups.

I am running windows XP 32bit

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 PM

Posted 23 August 2012 - 08:04 PM

Hello, I moved this to the Am I Infected forum for now..

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
[/b] and click on Run as Administrator.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 23 August 2012 - 11:14 PM

Thank you very much. I just want to make sure I understand clearly before starting.

I check the internet settings and use a proxy was already unchecked so I did nothing. It never had an option for me to "run as administrator" I assume that is normal?

If the computer needs a restart from Rkill or TDSSKiller should the reboot be in safe mode or normal mode? You first mention "now reboot to normal mode" right before the step of running Malwarebytes, so I assume any prior reboot would need to be in safe mode. Is this correct?

Also, I now have a problem others have called google re-direct. Where every 3rd link, roughly, I click on from a google search takes me to a completely unrelated page... does this change anything that needs to be done?

I just want to be clear so that I dont screw anything up further.

Thank you again.

#4 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 24 August 2012 - 01:10 AM

Looks like I didn't have to worry about restarts, none were needed. The first 2 programs found nothing (I will post the logs in the following posts), SUPERAntiSpyware kept saying "Installation has encountered an error and needs to close" both versions you suggested said the same thing so I was never able to get that to run. When I rebooted normal MBAM was scanning, the instant it completed the Norton warnings started popping up again... But I cleaned the items it found and it required a reboot. No so far so good in therms of that...

Although something strange happened. During one of the reboots my screen flickered and now my laptop display cannot display near the full range of colors and has blinking red pixels. I swapped out the screen and the cord with the same model (I have 2 of these machines) that I confirmed worked and had the same results. Would this have honestly harmed my graphics card? I am not blaming you or anything, I have over worked this machine for a couple years now. hooking it up to an external monitor and it looks awesome. If i try and grab a screen shot, everything looks normal. I hope this is a registry setting or something that got tripped by the programs, but I highly doubt it... It is just strange that the primary display is now horrible and an external monitor looks brand new...

Anyway on to the logs...

Rkill by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/download/rkill/

Program started at: 08/24/2012 12:13:32 AM in x86 mode.
Windows Version: Windows XP

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/24/2012 12:13:44 AM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

TDSSKiller report:

00:14:54.0140 1792 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
00:14:54.0171 1792 ============================================================
00:14:54.0171 1792 Current date / time: 2012/08/24 00:14:54.0171
00:14:54.0171 1792 SystemInfo:
00:14:54.0171 1792
00:14:54.0171 1792 OS Version: 5.1.2600 ServicePack: 3.0
00:14:54.0171 1792 Product type: Workstation
00:14:54.0171 1792 ComputerName: DATALINK-330563
00:14:54.0171 1792 UserName: Neil Missling
00:14:54.0171 1792 Windows directory: C:\WINDOWS
00:14:54.0171 1792 System windows directory: C:\WINDOWS
00:14:54.0171 1792 Processor architecture: Intel x86
00:14:54.0171 1792 Number of processors: 2
00:14:54.0171 1792 Page size: 0x1000
00:14:54.0171 1792 Boot type: Safe boot with network
00:14:54.0171 1792 ============================================================
00:14:56.0921 1792 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:14:56.0921 1792 ============================================================
00:14:56.0921 1792 \Device\Harddisk0\DR0:
00:14:56.0953 1792 MBR partitions:
00:14:56.0953 1792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
00:14:56.0953 1792 ============================================================
00:14:56.0984 1792 C: <-> \Device\Harddisk0\DR0\Partition1
00:14:56.0984 1792 ============================================================
00:14:56.0984 1792 Initialize success
00:14:56.0984 1792 ============================================================
00:15:09.0000 1760 ============================================================
00:15:09.0000 1760 Scan started
00:15:09.0000 1760 Mode: Manual; TDLFS;
00:15:09.0000 1760 ============================================================
00:15:10.0250 1760 ================ Scan system memory ========================
00:15:10.0250 1760 System memory - ok
00:15:10.0250 1760 ================ Scan services =============================
00:15:10.0468 1760 Abiosdsk - ok
00:15:10.0484 1760 abp480n5 - ok
00:15:10.0562 1760 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:15:10.0578 1760 ACPI - ok
00:15:10.0625 1760 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:15:10.0625 1760 ACPIEC - ok
00:15:10.0640 1760 adpu160m - ok
00:15:10.0796 1760 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
00:15:10.0812 1760 AdvancedSystemCareService5 - ok
00:15:10.0843 1760 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:15:10.0843 1760 aec - ok
00:15:10.0906 1760 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:15:10.0906 1760 AFD - ok
00:15:10.0921 1760 Aha154x - ok
00:15:10.0953 1760 aic78u2 - ok
00:15:10.0984 1760 aic78xx - ok
00:15:11.0031 1760 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:15:11.0031 1760 Alerter - ok
00:15:11.0062 1760 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:15:11.0062 1760 ALG - ok
00:15:11.0078 1760 AliIde - ok
00:15:11.0109 1760 amsint - ok
00:15:11.0250 1760 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:15:11.0250 1760 Apple Mobile Device - ok
00:15:11.0296 1760 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:15:11.0312 1760 AppMgmt - ok
00:15:11.0359 1760 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:15:11.0359 1760 Arp1394 - ok
00:15:11.0375 1760 asc - ok
00:15:11.0406 1760 asc3350p - ok
00:15:11.0437 1760 asc3550 - ok
00:15:11.0500 1760 [ A8FD25A183FAEDD810EFCDDB8118CA50 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
00:15:11.0500 1760 ASFIPmon - ok
00:15:11.0687 1760 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:15:11.0734 1760 aspnet_state - ok
00:15:11.0781 1760 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:15:11.0781 1760 AsyncMac - ok
00:15:11.0812 1760 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:15:11.0812 1760 atapi - ok
00:15:11.0828 1760 Atdisk - ok
00:15:11.0890 1760 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:15:11.0906 1760 Atmarpc - ok
00:15:11.0953 1760 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:15:11.0953 1760 AudioSrv - ok
00:15:12.0000 1760 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:15:12.0000 1760 audstub - ok
00:15:12.0093 1760 [ CDD20E2F35FFBFA3F31376D65BB9DD48 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
00:15:12.0093 1760 Autodesk Licensing Service - ok
00:15:12.0140 1760 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:15:12.0140 1760 b57w2k - ok
00:15:12.0203 1760 [ 3D87B0484BE1093C6614062701F375C5 ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
00:15:12.0203 1760 BASFND - ok
00:15:12.0328 1760 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:15:12.0375 1760 BCM43XX - ok
00:15:12.0437 1760 [ 40F8C4C10ED67B1DE44ABF82582BAC37 ] BCOREUSB C:\WINDOWS\system32\Drivers\BCOREUSB.sys
00:15:12.0453 1760 BCOREUSB - ok
00:15:12.0500 1760 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:15:12.0500 1760 Beep - ok
00:15:12.0562 1760 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
00:15:12.0734 1760 BITS - ok
00:15:12.0796 1760 [ B26E18ADAA16E507166E3B61E79A1E25 ] Bluetooth Hid Switch Service C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
00:15:12.0796 1760 Bluetooth Hid Switch Service - ok
00:15:12.0890 1760 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:15:12.0890 1760 Bonjour Service - ok
00:15:12.0953 1760 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
00:15:12.0953 1760 Browser - ok
00:15:13.0015 1760 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:15:13.0015 1760 BthEnum - ok
00:15:13.0046 1760 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:15:13.0046 1760 BthPan - ok
00:15:13.0109 1760 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
00:15:13.0109 1760 BTHPORT - ok
00:15:13.0156 1760 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
00:15:13.0156 1760 BthServ - ok
00:15:13.0171 1760 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:15:13.0187 1760 BTHUSB - ok
00:15:13.0234 1760 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:15:13.0234 1760 cbidf2k - ok
00:15:13.0296 1760 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:15:13.0296 1760 CCDECODE - ok
00:15:13.0390 1760 [ 04945313BC60488E0C14AD1167160659 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
00:15:13.0390 1760 ccEvtMgr - ok
00:15:13.0453 1760 [ 2203161EC24C210D51DB69C604F4A504 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
00:15:13.0453 1760 ccSetMgr - ok
00:15:13.0468 1760 cd20xrnt - ok
00:15:13.0531 1760 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:15:13.0531 1760 Cdaudio - ok
00:15:13.0578 1760 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:15:13.0578 1760 Cdfs - ok
00:15:13.0625 1760 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:15:13.0625 1760 Cdrom - ok
00:15:13.0656 1760 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
00:15:13.0656 1760 cercsr6 - ok
00:15:13.0671 1760 Changer - ok
00:15:13.0734 1760 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:15:13.0734 1760 CiSvc - ok
00:15:13.0781 1760 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:15:13.0781 1760 ClipSrv - ok
00:15:13.0859 1760 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:15:13.0953 1760 clr_optimization_v2.0.50727_32 - ok
00:15:14.0015 1760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:15:14.0093 1760 clr_optimization_v4.0.30319_32 - ok
00:15:14.0156 1760 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:15:14.0156 1760 CmBatt - ok
00:15:14.0171 1760 CmdIde - ok
00:15:14.0203 1760 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:15:14.0203 1760 Compbatt - ok
00:15:14.0218 1760 COMSysApp - ok
00:15:14.0281 1760 Cpqarray - ok
00:15:14.0343 1760 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:15:14.0343 1760 CryptSvc - ok
00:15:14.0390 1760 [ 8E1945984E147562F9F08E1D344A69CC ] CSRBC C:\WINDOWS\system32\Drivers\csrbcxp.sys
00:15:14.0390 1760 CSRBC - ok
00:15:14.0406 1760 dac2w2k - ok
00:15:14.0437 1760 dac960nt - ok
00:15:14.0500 1760 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:15:14.0515 1760 DcomLaunch - ok
00:15:14.0578 1760 [ 9709D3D9E592D3217353F3FAFE29FAA3 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
00:15:14.0578 1760 DefWatch - ok
00:15:14.0625 1760 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:15:14.0640 1760 Dhcp - ok
00:15:14.0687 1760 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:15:14.0687 1760 Disk - ok
00:15:14.0703 1760 dlcc_device - ok
00:15:14.0734 1760 dmadmin - ok
00:15:14.0796 1760 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:15:14.0812 1760 dmboot - ok
00:15:14.0843 1760 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:15:14.0843 1760 dmio - ok
00:15:14.0875 1760 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:15:14.0875 1760 dmload - ok
00:15:14.0921 1760 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:15:14.0921 1760 dmserver - ok
00:15:14.0953 1760 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:15:14.0953 1760 DMusic - ok
00:15:15.0000 1760 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:15:15.0000 1760 Dnscache - ok
00:15:15.0062 1760 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:15:15.0062 1760 Dot3svc - ok
00:15:15.0078 1760 dpti2o - ok
00:15:15.0125 1760 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:15:15.0125 1760 drmkaud - ok
00:15:15.0171 1760 [ B15F9E526BA511A48B1B1B8537815740 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
00:15:15.0187 1760 drvmcdb - ok
00:15:15.0218 1760 [ FA4670CAE95AE2BB857C68E535661145 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
00:15:15.0218 1760 drvnddm - ok
00:15:15.0250 1760 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:15:15.0250 1760 EapHost - ok
00:15:15.0296 1760 [ DF197FEB19746F8A6A310D32655814A0 ] easytether C:\WINDOWS\system32\DRIVERS\easytthr.sys
00:15:15.0296 1760 easytether - ok
00:15:15.0359 1760 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:15:15.0375 1760 eeCtrl - ok
00:15:15.0515 1760 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
00:15:15.0531 1760 EpsonBidirectionalService - ok
00:15:15.0593 1760 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:15:15.0593 1760 EraserUtilRebootDrv - ok
00:15:15.0625 1760 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:15:15.0625 1760 ERSvc - ok
00:15:15.0687 1760 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:15:15.0703 1760 Eventlog - ok
00:15:15.0750 1760 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
00:15:15.0765 1760 EventSystem - ok
00:15:15.0812 1760 [ 8B5C73DFB031D5D5112CD7BE5B0F85AD ] fanio C:\WINDOWS\system32\drivers\fanio.sys
00:15:15.0812 1760 fanio - ok
00:15:15.0875 1760 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:15:15.0875 1760 Fastfat - ok
00:15:15.0921 1760 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:15:15.0921 1760 FastUserSwitchingCompatibility - ok
00:15:15.0953 1760 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:15:15.0953 1760 Fdc - ok
00:15:16.0015 1760 [ B73EC688C29F81F9DA0FCF63682B3ECB ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
00:15:16.0015 1760 FilterService - ok
00:15:16.0062 1760 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:15:16.0062 1760 Fips - ok
00:15:16.0125 1760 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:15:16.0140 1760 FLEXnet Licensing Service - ok
00:15:16.0187 1760 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:15:16.0187 1760 Flpydisk - ok
00:15:16.0234 1760 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:15:16.0250 1760 FltMgr - ok
00:15:16.0343 1760 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:15:16.0343 1760 FontCache3.0.0.0 - ok
00:15:16.0375 1760 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:15:16.0375 1760 Fs_Rec - ok
00:15:16.0390 1760 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:15:16.0390 1760 Ftdisk - ok
00:15:16.0437 1760 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
00:15:16.0437 1760 GEARAspiWDM - ok
00:15:16.0484 1760 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:15:16.0484 1760 Gpc - ok
00:15:16.0531 1760 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
00:15:16.0531 1760 guardian2 - ok
00:15:16.0640 1760 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:15:16.0656 1760 gupdate - ok
00:15:16.0671 1760 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:15:16.0671 1760 gupdatem - ok
00:15:16.0734 1760 [ 5467F1FF0AF264566740F67E8B810735 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:15:16.0734 1760 gusvc - ok
00:15:16.0796 1760 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:15:16.0796 1760 HDAudBus - ok
00:15:16.0843 1760 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:15:16.0859 1760 helpsvc - ok
00:15:16.0875 1760 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
00:15:16.0875 1760 HidBth - ok
00:15:16.0921 1760 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:15:16.0921 1760 HidServ - ok
00:15:16.0984 1760 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:15:16.0984 1760 hidusb - ok
00:15:17.0031 1760 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:15:17.0031 1760 hkmsvc - ok
00:15:17.0046 1760 hpn - ok
00:15:17.0140 1760 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
00:15:17.0156 1760 HSF_DPV - ok
00:15:17.0203 1760 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
00:15:17.0203 1760 HSXHWAZL - ok
00:15:17.0250 1760 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
00:15:17.0250 1760 HTCAND32 - ok
00:15:17.0296 1760 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
00:15:17.0296 1760 htcnprot - ok
00:15:17.0343 1760 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:15:17.0359 1760 HTTP - ok
00:15:17.0406 1760 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:15:17.0421 1760 HTTPFilter - ok
00:15:17.0437 1760 i2omgmt - ok
00:15:17.0468 1760 i2omp - ok
00:15:17.0531 1760 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:15:17.0531 1760 i8042prt - ok
00:15:17.0640 1760 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:15:17.0640 1760 IDriverT - ok
00:15:17.0750 1760 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:15:17.0765 1760 idsvc - ok
00:15:17.0812 1760 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:15:17.0812 1760 Imapi - ok
00:15:17.0875 1760 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:15:17.0875 1760 ImapiService - ok
00:15:17.0906 1760 ini910u - ok
00:15:17.0953 1760 IntelIde - ok
00:15:18.0015 1760 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:15:18.0015 1760 intelppm - ok
00:15:18.0109 1760 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
00:15:18.0109 1760 IntuitUpdateService - ok
00:15:18.0187 1760 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
00:15:18.0187 1760 IntuitUpdateServiceV4 - ok
00:15:18.0203 1760 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:15:18.0203 1760 Ip6Fw - ok
00:15:18.0250 1760 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:15:18.0265 1760 IpFilterDriver - ok
00:15:18.0281 1760 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:15:18.0281 1760 IpInIp - ok
00:15:18.0343 1760 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:15:18.0343 1760 IpNat - ok
00:15:18.0437 1760 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:15:18.0453 1760 iPod Service - ok
00:15:18.0484 1760 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:15:18.0484 1760 IPSec - ok
00:15:18.0500 1760 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:15:18.0500 1760 IRENUM - ok
00:15:18.0546 1760 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:15:18.0546 1760 isapnp - ok
00:15:18.0671 1760 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
00:15:18.0687 1760 JavaQuickStarterService - ok
00:15:18.0734 1760 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:15:18.0734 1760 Kbdclass - ok
00:15:18.0781 1760 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:15:18.0781 1760 kmixer - ok
00:15:18.0812 1760 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:15:18.0812 1760 KSecDD - ok
00:15:18.0875 1760 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:15:18.0875 1760 lanmanserver - ok
00:15:18.0921 1760 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:15:18.0937 1760 lanmanworkstation - ok
00:15:18.0937 1760 lbrtfdc - ok
00:15:19.0125 1760 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
00:15:19.0171 1760 LiveUpdate - ok
00:15:19.0218 1760 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:15:19.0218 1760 LmHosts - ok
00:15:19.0281 1760 [ 9FB982DE1C8DD769F8ED681DD878B12F ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
00:15:19.0281 1760 lvpopflt - ok
00:15:19.0328 1760 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
00:15:19.0328 1760 LVPr2Mon - ok
00:15:19.0390 1760 [ B6E1CCD6572984ADCAE68439AFD07011 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
00:15:19.0390 1760 LVRS - ok
00:15:19.0578 1760 [ 6C42815DD57E397F0CD988304B5EB4B3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
00:15:19.0750 1760 LVUVC - ok
00:15:19.0796 1760 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
00:15:19.0796 1760 MBAMSwissArmy - ok
00:15:19.0843 1760 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:15:19.0843 1760 mdmxsdk - ok
00:15:19.0890 1760 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:15:19.0890 1760 Messenger - ok
00:15:19.0984 1760 [ AA0C4A2C33CE075DF2C272D678734991 ] mi-raysat_VIZ2008_32 C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
00:15:20.0000 1760 mi-raysat_VIZ2008_32 - ok
00:15:20.0093 1760 Microsoft SharePoint Workspace Audit Service - ok
00:15:20.0156 1760 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:15:20.0156 1760 mnmdd - ok
00:15:20.0203 1760 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:15:20.0203 1760 mnmsrvc - ok
00:15:20.0265 1760 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:15:20.0265 1760 Modem - ok
00:15:20.0312 1760 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:15:20.0312 1760 Mouclass - ok
00:15:20.0343 1760 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:15:20.0343 1760 mouhid - ok
00:15:20.0375 1760 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:15:20.0375 1760 MountMgr - ok
00:15:20.0468 1760 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:15:20.0468 1760 MozillaMaintenance - ok
00:15:20.0484 1760 mraid35x - ok
00:15:20.0531 1760 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:15:20.0531 1760 MRxDAV - ok
00:15:20.0593 1760 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:15:20.0609 1760 MRxSmb - ok
00:15:20.0656 1760 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:15:20.0656 1760 MSDTC - ok
00:15:20.0718 1760 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:15:20.0718 1760 Msfs - ok
00:15:20.0734 1760 MSIServer - ok
00:15:20.0781 1760 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:15:20.0781 1760 MSKSSRV - ok
00:15:20.0812 1760 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:15:20.0812 1760 MSPCLOCK - ok
00:15:20.0843 1760 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:15:20.0843 1760 MSPQM - ok
00:15:20.0859 1760 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:15:20.0875 1760 mssmbios - ok
00:15:20.0890 1760 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:15:20.0890 1760 MSTEE - ok
00:15:20.0937 1760 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:15:20.0937 1760 Mup - ok
00:15:20.0984 1760 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:15:20.0984 1760 NABTSFEC - ok
00:15:21.0046 1760 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:15:21.0046 1760 napagent - ok
00:15:21.0171 1760 [ F11033730B38260B6892E837C457FB4B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120819.007\naveng.sys
00:15:21.0171 1760 NAVENG - ok
00:15:21.0281 1760 [ 4E4E7C0259D3BB97DE24A636C0E06ABA ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120819.007\navex15.sys
00:15:21.0296 1760 NAVEX15 - ok
00:15:21.0359 1760 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:15:21.0359 1760 NDIS - ok
00:15:21.0421 1760 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:15:21.0421 1760 NdisIP - ok
00:15:21.0468 1760 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:15:21.0468 1760 NdisTapi - ok
00:15:21.0500 1760 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:15:21.0500 1760 Ndisuio - ok
00:15:21.0531 1760 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:15:21.0531 1760 NdisWan - ok
00:15:21.0578 1760 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:15:21.0578 1760 NDProxy - ok
00:15:21.0656 1760 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:15:21.0656 1760 NetBIOS - ok
00:15:21.0687 1760 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:15:21.0687 1760 NetBT - ok
00:15:21.0734 1760 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:15:21.0734 1760 NetDDE - ok
00:15:21.0750 1760 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:15:21.0765 1760 NetDDEdsdm - ok
00:15:21.0812 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:15:21.0812 1760 Netlogon - ok
00:15:21.0843 1760 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:15:21.0859 1760 Netman - ok
00:15:21.0906 1760 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:15:21.0906 1760 NetTcpPortSharing - ok
00:15:21.0937 1760 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:15:21.0937 1760 NIC1394 - ok
00:15:21.0968 1760 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:15:21.0984 1760 Nla - ok
00:15:22.0031 1760 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:15:22.0031 1760 Npfs - ok
00:15:22.0062 1760 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:15:22.0078 1760 Ntfs - ok
00:15:22.0093 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:15:22.0109 1760 NtLmSsp - ok
00:15:22.0171 1760 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:15:22.0171 1760 NtmsSvc - ok
00:15:22.0203 1760 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:15:22.0203 1760 Null - ok
00:15:22.0468 1760 [ 77F427E51479C66C09F967D15B639B37 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:15:22.0718 1760 nv - ok
00:15:22.0781 1760 [ 143F50273CFB6D970F06A1C2D7FBBF78 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
00:15:22.0796 1760 NVSvc - ok
00:15:22.0843 1760 [ 601DC32F8028315848304BFA47F4B5E5 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
00:15:22.0843 1760 NWADI - ok
00:15:22.0906 1760 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:15:22.0906 1760 NwlnkFlt - ok
00:15:22.0921 1760 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:15:22.0937 1760 NwlnkFwd - ok
00:15:22.0984 1760 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:15:22.0984 1760 ohci1394 - ok
00:15:23.0046 1760 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:15:23.0046 1760 ose - ok
00:15:23.0281 1760 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:15:23.0484 1760 osppsvc - ok
00:15:23.0546 1760 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
00:15:23.0546 1760 Parport - ok
00:15:23.0562 1760 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:15:23.0578 1760 PartMgr - ok
00:15:23.0625 1760 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:15:23.0625 1760 ParVdm - ok
00:15:23.0718 1760 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
00:15:23.0718 1760 PassThru Service - ok
00:15:23.0734 1760 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:15:23.0750 1760 PCI - ok
00:15:23.0765 1760 PCIDump - ok
00:15:23.0828 1760 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:15:23.0828 1760 PCIIde - ok
00:15:23.0859 1760 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:15:23.0859 1760 Pcmcia - ok
00:15:23.0875 1760 PDCOMP - ok
00:15:23.0906 1760 PDFRAME - ok
00:15:23.0937 1760 PDRELI - ok
00:15:23.0968 1760 PDRFRAME - ok
00:15:24.0000 1760 perc2 - ok
00:15:24.0015 1760 perc2hib - ok
00:15:24.0140 1760 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:15:24.0140 1760 PlugPlay - ok
00:15:24.0187 1760 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
00:15:24.0187 1760 Point32 - ok
00:15:24.0218 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:15:24.0218 1760 PolicyAgent - ok
00:15:24.0281 1760 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:15:24.0281 1760 PptpMiniport - ok
00:15:24.0296 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:15:24.0296 1760 ProtectedStorage - ok
00:15:24.0328 1760 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:15:24.0328 1760 PSched - ok
00:15:24.0375 1760 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:15:24.0375 1760 Ptilink - ok
00:15:24.0421 1760 [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:15:24.0421 1760 PxHelp20 - ok
00:15:24.0437 1760 ql1080 - ok
00:15:24.0468 1760 Ql10wnt - ok
00:15:24.0500 1760 ql12160 - ok
00:15:24.0531 1760 ql1240 - ok
00:15:24.0562 1760 ql1280 - ok
00:15:24.0671 1760 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
00:15:24.0687 1760 RapportCerberus_42020 - ok
00:15:24.0843 1760 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
00:15:24.0859 1760 RapportEI - ok
00:15:24.0937 1760 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
00:15:24.0937 1760 RapportIaso - ok
00:15:24.0968 1760 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys
00:15:24.0968 1760 RapportKELL - ok
00:15:25.0031 1760 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
00:15:25.0046 1760 RapportMgmtService - ok
00:15:25.0093 1760 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
00:15:25.0093 1760 RapportPG - ok
00:15:25.0140 1760 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:15:25.0140 1760 RasAcd - ok
00:15:25.0187 1760 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:15:25.0187 1760 RasAuto - ok
00:15:25.0234 1760 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:15:25.0234 1760 Rasl2tp - ok
00:15:25.0281 1760 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:15:25.0296 1760 RasMan - ok
00:15:25.0328 1760 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:15:25.0328 1760 RasPppoe - ok
00:15:25.0375 1760 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:15:25.0375 1760 Raspti - ok
00:15:25.0406 1760 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:15:25.0406 1760 Rdbss - ok
00:15:25.0453 1760 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:15:25.0453 1760 RDPCDD - ok
00:15:25.0484 1760 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:15:25.0484 1760 rdpdr - ok
00:15:25.0562 1760 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:15:25.0562 1760 RDPWD - ok
00:15:25.0609 1760 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:15:25.0609 1760 RDSessMgr - ok
00:15:25.0656 1760 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:15:25.0656 1760 redbook - ok
00:15:25.0703 1760 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:15:25.0703 1760 RemoteAccess - ok
00:15:25.0750 1760 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:15:25.0750 1760 RemoteRegistry - ok
00:15:25.0796 1760 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:15:25.0796 1760 RFCOMM - ok
00:15:25.0843 1760 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
00:15:25.0843 1760 RpcLocator - ok
00:15:25.0875 1760 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:15:25.0875 1760 RpcSs - ok
00:15:25.0937 1760 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:15:25.0937 1760 RSVP - ok
00:15:25.0953 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:15:25.0953 1760 SamSs - ok
00:15:26.0015 1760 [ 5387EAE86FB5F6B72052F5273BDD3E86 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
00:15:26.0015 1760 SavRoam - ok
00:15:26.0046 1760 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
00:15:26.0046 1760 SAVRT - ok
00:15:26.0078 1760 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
00:15:26.0078 1760 SAVRTPEL - ok
00:15:26.0140 1760 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:15:26.0140 1760 SCardSvr - ok
00:15:26.0187 1760 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:15:26.0203 1760 Schedule - ok
00:15:26.0265 1760 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:15:26.0265 1760 Secdrv - ok
00:15:26.0281 1760 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:15:26.0281 1760 seclogon - ok
00:15:26.0328 1760 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:15:26.0328 1760 SENS - ok
00:15:26.0375 1760 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:15:26.0375 1760 serenum - ok
00:15:26.0390 1760 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:15:26.0390 1760 Serial - ok
00:15:26.0515 1760 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:15:26.0515 1760 Sfloppy - ok
00:15:26.0562 1760 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:15:26.0562 1760 ShellHWDetection - ok
00:15:26.0578 1760 Simbad - ok
00:15:26.0625 1760 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:15:26.0625 1760 SLIP - ok
00:15:26.0703 1760 [ A16722715D3206AB7E1A6463CE0B747E ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
00:15:26.0703 1760 SNDSrvc - ok
00:15:26.0750 1760 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
00:15:26.0765 1760 SONYPVU1 - ok
00:15:26.0781 1760 Sparrow - ok
00:15:26.0859 1760 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:15:26.0875 1760 SPBBCDrv - ok
00:15:26.0937 1760 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
00:15:26.0953 1760 SPBBCSvc - ok
00:15:27.0000 1760 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:15:27.0000 1760 splitter - ok
00:15:27.0046 1760 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:15:27.0062 1760 Spooler - ok
00:15:27.0109 1760 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:15:27.0109 1760 sr - ok
00:15:27.0156 1760 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:15:27.0156 1760 srservice - ok
00:15:27.0218 1760 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:15:27.0234 1760 Srv - ok
00:15:27.0281 1760 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
00:15:27.0281 1760 sscdbhk5 - ok
00:15:27.0312 1760 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:15:27.0312 1760 SSDPSRV - ok
00:15:27.0328 1760 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
00:15:27.0328 1760 ssrtln - ok
00:15:27.0421 1760 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
00:15:27.0453 1760 STHDA - ok
00:15:27.0500 1760 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:15:27.0515 1760 stisvc - ok
00:15:27.0546 1760 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:15:27.0546 1760 streamip - ok
00:15:27.0593 1760 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:15:27.0593 1760 swenum - ok
00:15:27.0718 1760 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:15:27.0718 1760 SwitchBoard - ok
00:15:27.0781 1760 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:15:27.0781 1760 swmidi - ok
00:15:27.0796 1760 SwPrv - ok
00:15:27.0906 1760 [ 0023CC5610B9C48CF68571DEE4C686FC ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
00:15:27.0937 1760 Symantec AntiVirus - ok
00:15:27.0953 1760 symc810 - ok
00:15:27.0984 1760 symc8xx - ok
00:15:28.0031 1760 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:15:28.0031 1760 SymEvent - ok
00:15:28.0062 1760 [ 626F733BE7F951116C5C0804B068666C ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
00:15:28.0062 1760 SYMREDRV - ok
00:15:28.0109 1760 [ CB7CC4DDBE09E224D4CD876760BA982C ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
00:15:28.0109 1760 SYMTDI - ok
00:15:28.0125 1760 sym_hi - ok
00:15:28.0156 1760 sym_u3 - ok
00:15:28.0218 1760 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:15:28.0218 1760 sysaudio - ok
00:15:28.0281 1760 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:15:28.0281 1760 SysmonLog - ok
00:15:28.0312 1760 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:15:28.0312 1760 TapiSrv - ok
00:15:28.0375 1760 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:15:28.0390 1760 Tcpip - ok
00:15:28.0406 1760 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:15:28.0406 1760 TDPIPE - ok
00:15:28.0437 1760 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:15:28.0437 1760 TDTCP - ok
00:15:28.0468 1760 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:15:28.0468 1760 TermDD - ok
00:15:28.0515 1760 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:15:28.0515 1760 TermService - ok
00:15:28.0593 1760 [ 1D265CD2FB1673A0873BF8CEC19DDC7F ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
00:15:28.0593 1760 tfsnboio - ok
00:15:28.0625 1760 [ 62E4901295E0467CAC78E5B4B131AE5C ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
00:15:28.0625 1760 tfsncofs - ok
00:15:28.0671 1760 [ A2F380F9252AB3464C859ADF91EEAD9C ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
00:15:28.0671 1760 tfsndrct - ok
00:15:28.0703 1760 [ EEE79BBEFE9C6A2A3CE6C8753CFEA950 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
00:15:28.0718 1760 tfsndres - ok
00:15:28.0734 1760 [ 9D644EB11FEC9487450C4CFCD63A5DF4 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
00:15:28.0734 1760 tfsnifs - ok
00:15:28.0781 1760 [ E656AF05C67EDB7C0E9230A5DF71ED1B ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
00:15:28.0781 1760 tfsnopio - ok
00:15:28.0828 1760 [ 64FCCB9CCE703CA507DFFC3CEBF6B2CB ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
00:15:28.0828 1760 tfsnpool - ok
00:15:28.0843 1760 [ 48BC9D8AB4E4B9BFF70FB18E55CEC3D6 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
00:15:28.0843 1760 tfsnudf - ok
00:15:28.0890 1760 [ 79F60822224256B49BFC855DA8D651D5 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
00:15:28.0890 1760 tfsnudfa - ok
00:15:28.0921 1760 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:15:28.0921 1760 Themes - ok
00:15:28.0968 1760 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:15:28.0968 1760 TlntSvr - ok
00:15:29.0031 1760 [ E362D54FD394999C4178936396664E57 ] toshidpt C:\WINDOWS\system32\drivers\Toshidpt.sys
00:15:29.0031 1760 toshidpt - ok
00:15:29.0046 1760 TosIde - ok
00:15:29.0078 1760 [ 0470BF2D5F49FF98464AC2C838E6A080 ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
00:15:29.0078 1760 tosporte - ok
00:15:29.0109 1760 [ 077869082A635E8FF2C205DC95C78775 ] Tosrfbd C:\WINDOWS\system32\Drivers\tosrfbd.sys
00:15:29.0109 1760 Tosrfbd - ok
00:15:29.0140 1760 [ 613E09572F4C5B92CA6BE8BDC4CC5B7D ] Tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
00:15:29.0140 1760 Tosrfbnp - ok
00:15:29.0156 1760 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
00:15:29.0156 1760 Tosrfcom - ok
00:15:29.0203 1760 [ F4E4795528D17FF8D1D6D98EBBB92655 ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
00:15:29.0203 1760 Tosrfhid - ok
00:15:29.0218 1760 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
00:15:29.0218 1760 tosrfnds - ok
00:15:29.0265 1760 [ B5518ADB2B0029FF95D22E8E7336F49F ] TosRfSnd C:\WINDOWS\system32\drivers\TosRfSnd.sys
00:15:29.0265 1760 TosRfSnd - ok
00:15:29.0281 1760 [ AC2123E788230C712D0919ED0FEC9DDD ] Tosrfusb C:\WINDOWS\system32\Drivers\tosrfusb.sys
00:15:29.0281 1760 Tosrfusb - ok
00:15:29.0343 1760 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:15:29.0343 1760 TrkWks - ok
00:15:29.0390 1760 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:15:29.0390 1760 Udfs - ok
00:15:29.0406 1760 UIUSys - ok
00:15:29.0437 1760 ultra - ok
00:15:29.0546 1760 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
00:15:29.0546 1760 UMVPFSrv - ok
00:15:29.0625 1760 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:15:29.0625 1760 Update - ok
00:15:29.0671 1760 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:15:29.0687 1760 upnphost - ok
00:15:29.0718 1760 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:15:29.0718 1760 UPS - ok
00:15:29.0812 1760 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:15:29.0812 1760 USBAAPL - ok
00:15:29.0921 1760 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
00:15:29.0921 1760 usbaudio - ok
00:15:29.0968 1760 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:15:29.0984 1760 usbccgp - ok
00:15:30.0031 1760 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
00:15:30.0031 1760 USBCCID - ok
00:15:30.0078 1760 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:15:30.0078 1760 usbehci - ok
00:15:30.0125 1760 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:15:30.0125 1760 usbhub - ok
00:15:30.0171 1760 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:15:30.0171 1760 usbprint - ok
00:15:30.0203 1760 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:15:30.0203 1760 usbscan - ok
00:15:30.0234 1760 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:15:30.0234 1760 USBSTOR - ok
00:15:30.0265 1760 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:15:30.0265 1760 usbuhci - ok
00:15:30.0281 1760 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
00:15:30.0296 1760 usbvideo - ok
00:15:30.0328 1760 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:15:30.0328 1760 usb_rndisx - ok
00:15:30.0375 1760 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:15:30.0375 1760 VgaSave - ok
00:15:30.0390 1760 ViaIde - ok
00:15:30.0421 1760 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:15:30.0437 1760 VolSnap - ok
00:15:30.0484 1760 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:15:30.0484 1760 VSS - ok
00:15:30.0531 1760 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:15:30.0531 1760 W32Time - ok
00:15:30.0593 1760 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:15:30.0593 1760 Wanarp - ok
00:15:30.0750 1760 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
00:15:30.0765 1760 Wdf01000 - ok
00:15:30.0781 1760 WDICA - ok
00:15:30.0828 1760 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:15:30.0828 1760 wdmaud - ok
00:15:30.0875 1760 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:15:30.0875 1760 WebClient - ok
00:15:30.0921 1760 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
00:15:30.0937 1760 winachsf - ok
00:15:31.0046 1760 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:15:31.0046 1760 winmgmt - ok
00:15:31.0125 1760 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
00:15:31.0203 1760 WinRM - ok
00:15:31.0265 1760 wltrysvc - ok
00:15:31.0328 1760 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:15:31.0328 1760 WmdmPmSN - ok
00:15:31.0390 1760 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:15:31.0406 1760 Wmi - ok
00:15:31.0453 1760 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:15:31.0453 1760 WmiAcpi - ok
00:15:31.0515 1760 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:15:31.0515 1760 WmiApSrv - ok
00:15:31.0625 1760 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:15:31.0640 1760 WMPNetworkSvc - ok
00:15:31.0703 1760 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:15:31.0703 1760 WpdUsb - ok
00:15:31.0968 1760 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:15:31.0984 1760 WPFFontCache_v0400 - ok
00:15:32.0031 1760 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:15:32.0031 1760 WSTCODEC - ok
00:15:32.0078 1760 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:15:32.0078 1760 wuauserv - ok
00:15:32.0125 1760 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:15:32.0125 1760 WudfPf - ok
00:15:32.0156 1760 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:15:32.0156 1760 WudfRd - ok
00:15:32.0171 1760 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:15:32.0250 1760 WudfSvc - ok
00:15:32.0312 1760 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:15:32.0312 1760 WZCSVC - ok
00:15:32.0343 1760 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:15:32.0343 1760 xmlprov - ok
00:15:32.0484 1760 ================ Scan global ===============================
00:15:32.0515 1760 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:15:32.0562 1760 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:15:32.0578 1760 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:15:32.0609 1760 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:15:32.0609 1760 [Global] - ok
00:15:32.0609 1760 ================ Scan MBR ==================================
00:15:32.0656 1760 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:15:32.0937 1760 \Device\Harddisk0\DR0 - ok
00:15:32.0937 1760 ================ Scan VBR ==================================
00:15:32.0953 1760 [ ED45FDC279782C87B9CFD06AD068EF6D ] \Device\Harddisk0\DR0\Partition1
00:15:32.0953 1760 \Device\Harddisk0\DR0\Partition1 - ok
00:15:32.0968 1760 ============================================================
00:15:32.0968 1760 Scan finished
00:15:32.0968 1760 ============================================================
00:15:33.0015 1076 Detected object count: 0
00:15:33.0015 1076 Actual detected object count: 0

#5 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 24 August 2012 - 01:11 AM

And the MBAM Report:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Neil Missling :: DATALINK-330563 [administrator]

8/24/2012 12:34:34 AM
mbam-log-2012-08-24 (00-34-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208113
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.
c:\windows\installer\{258e84d6-d5ff-2e1a-e675-23f58559a827}\u\00000004.$ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{258e84d6-d5ff-2e1a-e675-23f58559a827}\U\80000000.$ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


Like i said so far so good (other than the strange sudden graphics problem), I will update if anything changes.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 PM

Posted 24 August 2012 - 03:51 PM

There is/was a 0acces infection.. this can affecr graphics... Is that still a problem?

we should run these also.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 25 August 2012 - 07:17 PM

Still getting Trojan.gen2 to show up in Symantec program, as well as a new "Static" warning in a similar window. And yes graphics are still an issue...

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 17:12:42
-----------------------------
17:12:42.296 OS Version: Windows 5.1.2600 Service Pack 3
17:12:42.296 Number of processors: 2 586 0xF06
17:12:42.296 ComputerName: DATALINK-330563 UserName: Neil Missling
17:12:43.343 Initialize success
17:15:50.093 AVAST engine defs: 12082501
17:16:10.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:16:10.015 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 76319MB BusType: 3
17:16:10.046 Disk 0 MBR read successfully
17:16:10.062 Disk 0 MBR scan
17:16:10.125 Disk 0 Windows XP default MBR code
17:16:10.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
17:16:10.140 Disk 0 scanning sectors +156296385
17:16:10.218 Disk 0 scanning C:\WINDOWS\system32\drivers
17:16:33.109 Service scanning
17:17:24.515 Modules scanning
17:17:37.250 Disk 0 trace - called modules:
17:17:37.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:17:37.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae06ab8]
17:17:37.296 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000090[0x8ae50480]
17:17:37.296 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae0dd98]
17:17:38.046 AVAST engine scan C:\WINDOWS
17:17:46.906 AVAST engine scan C:\WINDOWS\system32
17:24:19.359 AVAST engine scan C:\WINDOWS\system32\drivers
17:24:44.781 AVAST engine scan C:\Documents and Settings\Neil Missling
17:32:59.328 File: C:\Documents and Settings\Neil Missling\Application Data\wunar.dll **INFECTED** Win32:Medfos [Trj]
17:39:01.250 File: C:\Documents and Settings\Neil Missling\Local Settings\Application Data\{258e84d6-d5ff-2e1a-e675-23f58559a827}\n **INFECTED** Win32:Sirefef-AIQ [Rtk]
17:45:41.015 AVAST engine scan C:\Documents and Settings\All Users
18:10:35.890 Scan finished successfully
19:13:07.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Neil Missling\Desktop\MBR.dat"
19:13:07.625 The log file has been saved successfully to "C:\Documents and Settings\Neil Missling\Desktop\aswMBR log.txt"

#8 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 25 August 2012 - 11:12 PM

And the ESETScan log:

C:\Documents and Settings\Neil Missling\Application Data\wunar.dll a variant of Win32/Medfos.BL trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Neil Missling\Application Data\OpenCandy\OpenCandy_144D633711C645698C5402E444B92E52\registrybooster(4).exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Neil Missling\Local Settings\Application Data\{258e84d6-d5ff-2e1a-e675-23f58559a827}\n a variant of Win32/Kryptik.AKRL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Neil Missling\Local Settings\Application Data\{480F3922-D619-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Neil Missling\Local Settings\Temp\jar_cache8492222250185390551.tmp Java/Exploit.Agent.NDB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Neil Missling\Local Settings\Temp\NOD1894.tmp a variant of Win32/Medfos.BL trojan cleaned by deleting (after the next restart) - quarantined

#9 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 26 August 2012 - 03:33 PM

This is a difficult one... Trojan.Gen.2 still showing up in Symantec, still have google re-driect issue. Graphics on my primary display still funky, but external monitor looks awesome!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 PM

Posted 26 August 2012 - 07:53 PM

OK, it must be being protected by a service or driver. To get it off we need stronger tools and a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 26 August 2012 - 08:41 PM

I will do that this evening. Otherwise the graphics issue appears to be hardware related. I put in the brand new SSD and it looked like garbage at the startup screen. Something mustve overheated or crapped out on me.

On another front, I havent been on that machine in a couple days except to do these scans. No web surfing, gaming, word processing or anything. A new virus popped up "bloodhound.MalPE" in my Symantec Antivirus...

Edited by miss0033, 26 August 2012 - 08:42 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 PM

Posted 26 August 2012 - 08:47 PM

Some type of downloader or rootkit is surviving here. We will get it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 miss0033

miss0033
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 26 August 2012 - 11:50 PM

1st time GMER ran it "encountered an error and needed to close"

2nd time after clicking scan I got the blue screen of death with "beginning dump of physical memory" -- I assumed I lost everything (granted it is all backed up and not a big deal...)

3rd time seems to be working now. Will post logs when it is done.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 PM

Posted 27 August 2012 - 11:22 AM

Great!! Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users