Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Live Security Platinum


  • This topic is locked This topic is locked
17 replies to this topic

#1 peanut10

peanut10

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 04 September 2012 - 07:49 PM

Laptop has become infected with Live Security Platinum. Attached is the dds log. I cannot get the GMER to finish, get the blue screen of death and a restart before it can finish. Any help would be greatly appreciated.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by MaplesL at 19:45:03 on 2012-09-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1074 [GMT -4:00]
.
AV: LANDesk Antivirus client *Enabled/Updated* {C386CD1A-44E8-4B9D-885E-4751A79CE5BD}
AV: LANDesk Endpoint Security *Enabled/Updated* {7FDBEBEE-571A-4000-807C-1D6E589E0ED5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\LANDesk\LDClient\HIPS\LDSecSvc.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r205445\stacsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\antivirus\kavehost.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\LANDesk\LDClient\localsch.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\LANDesk\LDClient\HIPS\ViGUARD.EXE
C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\maplesl\Application Data\Smilebox\SmileboxTray.exe
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Activ Software\ActivSDK Flash Extension\2.1\flash-wrapper-crossplatform.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.fultonschools.org/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\maplesl\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SmileboxTray] "c:\documents and settings\maplesl\application data\smilebox\SmileboxTray.exe"
uRun: [Vyovodxial] "c:\documents and settings\maplesl\application data\agyh\ozato.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [ActivControl] c:\program files\activ software\activdriver\ActivControl2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LANDesk Endpoint Security] "c:\program files\landesk\ldclient\hips\ViGUARD.EXE" /STARTUP
mRun: [LANDesk Antivirus] "c:\program files\landesk\ldclient\antivirus\LDav.exe" /systray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hshen] rundll32.exe "c:\documents and settings\maplesl\application data\hshen.dll",CreateLink
mRun: [sncpys] "c:\windows\system32\rundll32.exe" "c:\documents and settings\maplesl\application data\sncpys.dll",Long_AsLong
mRun: [lthpr] "c:\windows\system32\rundll32.exe" "c:\documents and settings\maplesl\application data\lthpr.dll",Member_GetOne
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activs~1.lnk - c:\windows\installer\{56083210-efe4-4c85-bb9b-1152b3279621}\FlashExtension11_09FAD3AE30B54976B1D51CD7803206FF.exe
uPolicies-system: NoDispScrSavPage = 1 (0x1)
mPolicies-system: RunLogonScriptSync = 0 (0x0)
mPolicies-system: MaxGPOScriptWait = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: fcs.org
Trusted Zone: fultonschools.org
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263909764681
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259778070878
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2C4D6A1B-03B2-4FDA-B1F5-6BEAA2F9F6DF} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-22 132184]
R0 LDSecDrv;LDSecDrv;c:\windows\system32\drivers\LDSecDrv.sys [2012-4-27 197344]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-6-22 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-4-27 327256]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2011-8-1 147456]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 kavehost;kavehost;c:\program files\landesk\ldclient\antivirus\kavehost.exe -svc --> c:\program files\landesk\ldclient\antivirus\kavehost.exe -svc [?]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2012-4-27 207872]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2012-4-27 179200]
R2 LDAVService;LANDesk® Antivirus;c:\program files\landesk\ldclient\antivirus\AVService.exe [2012-4-27 597336]
R2 LDSecSvc;LANDesk Endpoint Security;c:\program files\landesk\ldclient\hips\LDSecSvc.exe [2012-4-27 1824232]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-5-16 69640]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\softmon.exe [2012-4-27 403632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-10-4 112128]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-10-4 110080]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2011-10-4 14336]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2011-10-4 5120]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2011-10-4 6144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-9 136176]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\drivers\ACTIVhidmini.sys [2011-10-4 84864]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-9-22 88192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-9 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-11 20464]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2009-7-1 92550]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2011-10-4 6144]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\mbam\mbamservice.exe [2011-12-11 652360]
.
=============== Created Last 30 ================
.
2012-09-04 00:38:38 367616 ------w- c:\documents and settings\maplesl\application data\lthpr.dll
2012-09-04 00:38:38 -------- d-----w- c:\documents and settings\all users\application data\036DFF982296AA7E311D085B7B07D287
2012-09-04 00:38:24 672768 ------w- c:\documents and settings\maplesl\application data\sncpys.dll
2012-09-04 00:37:28 167424 --sh--w- c:\documents and settings\maplesl\application data\hshen.dll
2012-09-04 00:37:22 -------- d-----w- c:\documents and settings\maplesl\local settings\application data\Identities
2012-09-04 00:37:19 -------- d-----w- c:\documents and settings\maplesl\application data\Peiwod
2012-09-04 00:37:19 -------- d-----w- c:\documents and settings\maplesl\application data\Atef
2012-09-04 00:37:19 -------- d-----w- c:\documents and settings\maplesl\application data\Agyh
2012-08-29 21:16:27 -------- d-----w- c:\documents and settings\maplesl\local settings\application data\Smilebox
2012-08-29 21:15:08 -------- d-----w- c:\documents and settings\maplesl\application data\Smilebox
.
==================== Find3M ====================
.
2012-09-04 23:02:34 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-04 23:02:29 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-07-26 20:23:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 20:23:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 19:55:10.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 04 September 2012 - 11:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 peanut10

peanut10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 05 September 2012 - 08:38 PM

Below are the logs you requested. The computer is much better but still seems to be slower than before it became "infected". Not getting re-directs or pop ups, but overall a 1000% improvement from two days ago.

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
LANDesk Antivirus client
LANDesk Endpoint Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
LANDesk LDClient antivirus kavehost.exe
LANDesk LDClient antivirus avservice.exe
LANDesk LDClient antivirus LDav.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



ComboFix 12-09-05.02 - MaplesL 09/05/2012 20:10:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1339 [GMT -4:00]
Running from: c:\documents and settings\maplesl\Desktop\ComboFix.exe
AV: LANDesk Antivirus client *Disabled/Updated* {C386CD1A-44E8-4B9D-885E-4751A79CE5BD}
AV: LANDesk Endpoint Security *Enabled/Updated* {7FDBEBEE-571A-4000-807C-1D6E589E0ED5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\3002.abs
c:\documents and settings\All Users\Application Data\3002.xml
c:\documents and settings\maplesl\Application Data\completescan
c:\documents and settings\maplesl\Application Data\install
c:\documents and settings\maplesl\Application Data\lthpr.dll
c:\documents and settings\maplesl\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\@
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\L\00000004.@
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\L\201d3dde
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\U\00000004.@
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\U\00000008.@
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\U\000000cb.@
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\U\80000000.@
c:\recycler\S-1-5-18\$00e074e7442d87a5080ee26bd1111411\U\80000032.@
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\SET5EF.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-04 01:45 . 2012-09-04 01:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-09-04 00:37 . 2012-09-04 00:37 -------- d-----w- c:\documents and settings\maplesl\Local Settings\Application Data\Identities
2012-09-04 00:37 . 2012-09-05 01:59 -------- d-----w- c:\documents and settings\maplesl\Application Data\Agyh
2012-09-04 00:37 . 2012-09-04 23:06 -------- d-----w- c:\documents and settings\maplesl\Application Data\Atef
2012-09-04 00:37 . 2012-09-04 00:37 -------- d-----w- c:\documents and settings\maplesl\Application Data\Peiwod
2012-08-29 21:16 . 2012-08-29 21:18 -------- d-----w- c:\documents and settings\maplesl\Local Settings\Application Data\Smilebox
2012-08-29 21:15 . 2012-08-29 21:18 -------- d-----w- c:\documents and settings\maplesl\Application Data\Smilebox
2012-08-09 20:09 . 2012-08-09 20:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-08-09 20:04 . 2012-08-09 20:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-08-09 20:03 . 2012-08-09 20:04 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 23:07 . 2011-10-04 18:37 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-05 09:23 . 2011-10-04 18:52 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-07-26 20:23 . 2012-04-16 17:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 20:23 . 2012-02-05 18:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-07-01 18:24 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2011-12-12 02:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SmileboxTray"="c:\documents and settings\maplesl\Application Data\Smilebox\SmileboxTray.exe" [2012-08-13 305000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-02 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-02 471040]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-12-17 1094000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"LANDesk Endpoint Security"="c:\program files\LANDesk\LDClient\HIPS\ViGUARD.EXE" [2010-10-21 3639104]
"LANDesk Antivirus"="c:\program files\LANDesk\LDClient\antivirus\LDav.exe" [2011-11-22 911872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files\mbam\mbamgui.exe" [2012-07-03 462920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivSDK Flash Extension.lnk - c:\windows\Installer\{56083210-EFE4-4C85-BB9B-1152B3279621}\FlashExtension11_09FAD3AE30B54976B1D51CD7803206FF.exe [2011-11-4 116056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1828855972-353634999-1236795852-6723\Scripts\Logon\0\0]
"Script"=LScript1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1828855972-353634999-1236795852-6723\Scripts\Logon\1\0]
"Script"=\\fcs.org\NETLOGON\BScripts\SAPverify.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 LDSecDrv;LDSecDrv;c:\windows\system32\drivers\LDSecDrv.sys [4/27/2012 7:23 AM 197344]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/22/2012 10:20 AM 11352]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
R2 kavehost;kavehost;c:\program files\LANDesk\LDClient\antivirus\kavehost.exe -svc --> c:\program files\LANDesk\LDClient\antivirus\kavehost.exe -svc [?]
R2 LDSecSvc;LANDesk Endpoint Security;c:\program files\LANDesk\LDClient\HIPS\LDSecSvc.exe [4/27/2012 7:21 AM 1824232]
R2 MBAMService;MBAMService;c:\program files\mbam\mbamservice.exe [12/11/2011 10:45 PM 655944]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [5/16/2012 3:33 PM 69640]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [4/27/2012 7:21 AM 403632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/4/2011 5:35 PM 112128]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/4/2011 5:35 PM 110080]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [10/4/2011 2:52 PM 14336]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [10/4/2011 2:52 PM 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 10:41 PM 22344]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [10/4/2011 2:52 PM 6144]
S2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [8/1/2011 12:30 PM 147456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/9/2012 4:04 PM 136176]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [4/27/2012 7:22 AM 207872]
S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe [4/27/2012 7:21 AM 179200]
S2 LDAVService;LANDesk® Antivirus;c:\program files\LANDesk\LDClient\Antivirus\AVService.exe [4/27/2012 7:21 AM 597336]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\drivers\ACTIVhidmini.sys [10/4/2011 3:38 PM 84864]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/22/2010 10:49 AM 88192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/9/2012 4:04 PM 136176]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [7/1/2009 2:50 PM 92550]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [10/4/2011 3:38 PM 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-09 20:04]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-09 20:04]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1828855972-353634999-1236795852-6723Core.job
- c:\documents and settings\maplesl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 01:51]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1828855972-353634999-1236795852-6723UA.job
- c:\documents and settings\maplesl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 01:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fultonschools.org/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: fcs.org
Trusted Zone: fultonschools.org
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Vyovodxial - c:\documents and settings\maplesl\Application Data\Agyh\ozato.exe
HKLM-Run-sncpys - c:\documents and settings\maplesl\Application Data\sncpys.dll
HKLM-Run-lthpr - c:\documents and settings\maplesl\Application Data\lthpr.dll
AddRemove-HDMI - c:\windows\system32\igxpun.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-05 21:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LDSecSvc]
"ImagePath"="c:\program files\LANDesk\LDClient\HIPS\LDSecSvc.EXE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-09-05 21:23:17
ComboFix-quarantined-files.txt 2012-09-06 01:22
.
Pre-Run: 115,461,189,632 bytes free
Post-Run: 117,247,057,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 44D10D89C623363AA05EC49E57B2A8F8

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 06 September 2012 - 01:07 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 peanut10

peanut10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 06 September 2012 - 10:30 PM

21:44:55.0971 4604 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:44:56.0386 4604 ============================================================
21:44:56.0386 4604 Current date / time: 2012/09/06 21:44:56.0386
21:44:56.0386 4604 SystemInfo:
21:44:56.0386 4604
21:44:56.0386 4604 OS Version: 5.1.2600 ServicePack: 3.0
21:44:56.0386 4604 Product type: Workstation
21:44:56.0386 4604 ComputerName: 372TEA-6X5C5L1
21:44:56.0386 4604 UserName: MaplesL
21:44:56.0386 4604 Windows directory: C:\WINDOWS
21:44:56.0386 4604 System windows directory: C:\WINDOWS
21:44:56.0386 4604 Processor architecture: Intel x86
21:44:56.0386 4604 Number of processors: 2
21:44:56.0386 4604 Page size: 0x1000
21:44:56.0386 4604 Boot type: Normal boot
21:44:56.0386 4604 ============================================================
21:45:02.0617 4604 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:45:02.0617 4604 ============================================================
21:45:02.0617 4604 \Device\Harddisk0\DR0:
21:45:02.0617 4604 MBR partitions:
21:45:02.0617 4604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
21:45:02.0617 4604 ============================================================
21:45:02.0663 4604 C: <-> \Device\Harddisk0\DR0\Partition1
21:45:02.0663 4604 ============================================================
21:45:02.0663 4604 Initialize success
21:45:02.0663 4604 ============================================================
21:45:12.0124 5236 ============================================================
21:45:12.0124 5236 Scan started
21:45:12.0124 5236 Mode: Manual;
21:45:12.0124 5236 ============================================================
21:45:13.0047 5236 ================ Scan system memory ========================
21:45:13.0047 5236 System memory - ok
21:45:13.0047 5236 ================ Scan services =============================
21:45:13.0555 5236 Abiosdsk - ok
21:45:13.0555 5236 abp480n5 - ok
21:45:13.0740 5236 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:45:13.0755 5236 ACPI - ok
21:45:13.0786 5236 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:45:13.0786 5236 ACPIEC - ok
21:45:13.0878 5236 [ DD3B5BF2633FF510E9B5C8B0BFA1745D ] ACTIVhidmini C:\WINDOWS\system32\DRIVERS\ACTIVhidmini.sys
21:45:14.0140 5236 ACTIVhidmini - ok
21:45:14.0140 5236 adpu160m - ok
21:45:14.0170 5236 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
21:45:14.0216 5236 aeaudio - ok
21:45:14.0370 5236 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:45:14.0540 5236 aec - ok
21:45:14.0663 5236 [ 20F078136F3BDC4C0405C0527B769303 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
21:45:14.0755 5236 AESTAud - ok
21:45:14.0847 5236 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:45:14.0847 5236 AFD - ok
21:45:14.0909 5236 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:45:14.0909 5236 agp440 - ok
21:45:14.0909 5236 Aha154x - ok
21:45:14.0909 5236 aic78u2 - ok
21:45:14.0924 5236 aic78xx - ok
21:45:14.0986 5236 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:45:15.0032 5236 Alerter - ok
21:45:15.0078 5236 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:45:15.0093 5236 ALG - ok
21:45:15.0109 5236 AliIde - ok
21:45:15.0109 5236 amsint - ok
21:45:15.0232 5236 [ 22403504E15810E99A563782E9D45311 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:45:15.0355 5236 ApfiltrService - ok
21:45:15.0524 5236 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:45:15.0770 5236 Apple Mobile Device - ok
21:45:15.0909 5236 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:45:16.0001 5236 AppMgmt - ok
21:45:16.0078 5236 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:45:16.0216 5236 Arp1394 - ok
21:45:16.0232 5236 asc - ok
21:45:16.0232 5236 asc3350p - ok
21:45:16.0247 5236 asc3550 - ok
21:45:16.0509 5236 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:45:16.0632 5236 aspnet_state - ok
21:45:16.0693 5236 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:45:16.0847 5236 AsyncMac - ok
21:45:16.0955 5236 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:45:16.0955 5236 atapi - ok
21:45:16.0970 5236 Atdisk - ok
21:45:17.0232 5236 [ 450BF8C0BD401A48FFA91D28DF665E93 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:45:17.0555 5236 Ati HotKey Poller - ok
21:45:18.0232 5236 [ 246248AADA156450BE611ECEAA5FE033 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:45:19.0093 5236 ati2mtag - ok
21:45:19.0170 5236 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:45:19.0293 5236 Atmarpc - ok
21:45:19.0370 5236 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:45:19.0401 5236 AudioSrv - ok
21:45:19.0447 5236 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:45:19.0509 5236 audstub - ok
21:45:19.0678 5236 [ 58911390115465BF6D8048F21F48655A ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:45:19.0863 5236 b57w2k - ok
21:45:20.0478 5236 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:45:21.0262 5236 BCM43XX - ok
21:45:21.0324 5236 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:45:21.0355 5236 Beep - ok
21:45:21.0693 5236 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:45:21.0970 5236 Bonjour Service - ok
21:45:22.0078 5236 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:45:22.0078 5236 Browser - ok
21:45:22.0278 5236 catchme - ok
21:45:22.0462 5236 [ 3E02BFDD7B91A825E0EB3A126D46F624 ] CBA8 C:\Program Files\LANDesk\Shared Files\residentagent.exe
21:45:22.0693 5236 CBA8 - ok
21:45:22.0755 5236 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:45:22.0801 5236 cbidf2k - ok
21:45:22.0862 5236 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:45:22.0893 5236 CCDECODE - ok
21:45:22.0893 5236 cd20xrnt - ok
21:45:22.0924 5236 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:45:22.0939 5236 Cdaudio - ok
21:45:23.0016 5236 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:45:23.0032 5236 Cdfs - ok
21:45:23.0109 5236 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:45:23.0186 5236 Cdrom - ok
21:45:23.0201 5236 Changer - ok
21:45:23.0232 5236 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:45:23.0278 5236 CiSvc - ok
21:45:23.0309 5236 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:45:23.0370 5236 ClipSrv - ok
21:45:23.0493 5236 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:45:23.0662 5236 clr_optimization_v2.0.50727_32 - ok
21:45:23.0755 5236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:45:23.0909 5236 clr_optimization_v4.0.30319_32 - ok
21:45:23.0939 5236 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:45:23.0986 5236 CmBatt - ok
21:45:24.0001 5236 CmdIde - ok
21:45:24.0016 5236 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:45:24.0032 5236 Compbatt - ok
21:45:24.0032 5236 COMSysApp - ok
21:45:24.0032 5236 Cpqarray - ok
21:45:24.0109 5236 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:45:24.0139 5236 CryptSvc - ok
21:45:24.0139 5236 dac2w2k - ok
21:45:24.0139 5236 dac960nt - ok
21:45:24.0339 5236 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:45:24.0524 5236 DcomLaunch - ok
21:45:24.0616 5236 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:45:24.0662 5236 Dhcp - ok
21:45:24.0693 5236 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:45:24.0709 5236 Disk - ok
21:45:24.0709 5236 dmadmin - ok
21:45:25.0016 5236 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:45:25.0416 5236 dmboot - ok
21:45:25.0478 5236 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:45:25.0585 5236 dmio - ok
21:45:25.0647 5236 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:45:25.0693 5236 dmload - ok
21:45:25.0739 5236 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:45:25.0755 5236 dmserver - ok
21:45:25.0801 5236 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:45:25.0893 5236 DMusic - ok
21:45:25.0970 5236 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:45:25.0970 5236 Dnscache - ok
21:45:26.0062 5236 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:45:26.0232 5236 Dot3svc - ok
21:45:26.0232 5236 dpti2o - ok
21:45:26.0278 5236 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:45:26.0339 5236 drmkaud - ok
21:45:26.0432 5236 [ D94437E7EE086677B266099F695CDEA1 ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
21:45:26.0447 5236 E1000 - ok
21:45:26.0493 5236 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:45:26.0539 5236 EapHost - ok
21:45:26.0585 5236 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:45:26.0601 5236 ERSvc - ok
21:45:26.0709 5236 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:45:26.0755 5236 Eventlog - ok
21:45:26.0862 5236 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:45:26.0939 5236 EventSystem - ok
21:45:27.0062 5236 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:45:27.0139 5236 Fastfat - ok
21:45:27.0232 5236 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:45:27.0278 5236 FastUserSwitchingCompatibility - ok
21:45:27.0309 5236 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:45:27.0370 5236 Fdc - ok
21:45:27.0416 5236 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:45:27.0447 5236 Fips - ok
21:45:27.0739 5236 [ 869BDE240B7FE9C7B25BD80DF85641C8 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
21:45:27.0970 5236 FlipShare Service - ok
21:45:28.0447 5236 [ 9C330B7DDEE9492373041E75DA01F80C ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
21:45:28.0924 5236 FlipShareServer - ok
21:45:29.0001 5236 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:45:29.0047 5236 Flpydisk - ok
21:45:29.0139 5236 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:45:29.0155 5236 FltMgr - ok
21:45:29.0247 5236 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:45:29.0278 5236 FontCache3.0.0.0 - ok
21:45:29.0278 5236 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:45:29.0324 5236 Fs_Rec - ok
21:45:29.0370 5236 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:45:29.0370 5236 Ftdisk - ok
21:45:29.0416 5236 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:45:29.0462 5236 GEARAspiWDM - ok
21:45:29.0524 5236 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:45:29.0601 5236 Gpc - ok
21:45:29.0662 5236 [ CA835331825599B938E37525796D3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
21:45:29.0724 5236 GTIPCI21 - ok
21:45:29.0893 5236 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:45:29.0893 5236 gupdate - ok
21:45:29.0939 5236 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:45:29.0939 5236 gupdatem - ok
21:45:30.0078 5236 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:45:30.0093 5236 gusvc - ok
21:45:30.0170 5236 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:45:30.0308 5236 HDAudBus - ok
21:45:30.0447 5236 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:45:30.0462 5236 helpsvc - ok
21:45:30.0508 5236 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:45:30.0524 5236 HidServ - ok
21:45:30.0585 5236 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:45:30.0601 5236 HidUsb - ok
21:45:30.0647 5236 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:45:30.0724 5236 hkmsvc - ok
21:45:30.0724 5236 hpn - ok
21:45:30.0739 5236 HSFHWICH - ok
21:45:30.0739 5236 HSF_DPV - ok
21:45:30.0893 5236 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:45:31.0047 5236 HTTP - ok
21:45:31.0078 5236 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:45:31.0108 5236 HTTPFilter - ok
21:45:31.0124 5236 i2omgmt - ok
21:45:31.0124 5236 i2omp - ok
21:45:31.0170 5236 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:45:31.0216 5236 i8042prt - ok
21:45:33.0693 5236 [ 4F3139829F1AC202FF0D29C2FD6C15B6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:45:36.0801 5236 ialm - ok
21:45:37.0031 5236 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:45:37.0047 5236 iaStor - ok
21:45:37.0554 5236 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:45:37.0924 5236 idsvc - ok
21:45:37.0970 5236 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:45:38.0093 5236 Imapi - ok
21:45:38.0231 5236 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:45:38.0478 5236 ImapiService - ok
21:45:38.0493 5236 ini910u - ok
21:45:38.0601 5236 [ 64C301D73DB18EBDC8680CA82D82AF2D ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
21:45:38.0708 5236 IntcHdmiAddService - ok
21:45:39.0047 5236 [ 507A15DFBEC2B9B10A853A3895771356 ] Intel Local Scheduler Service C:\Program Files\LANDesk\LDClient\localsch.exe
21:45:39.0308 5236 Intel Local Scheduler Service - ok
21:45:39.0385 5236 [ 7C234B88F1F1E5FFAF5A701148C095E8 ] Intel PDS C:\WINDOWS\system32\CBA\pds.exe
21:45:39.0554 5236 Intel PDS - ok
21:45:39.0601 5236 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:45:39.0601 5236 IntelIde - ok
21:45:39.0662 5236 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:45:39.0770 5236 intelppm - ok
21:45:39.0816 5236 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:45:39.0924 5236 Ip6Fw - ok
21:45:39.0985 5236 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:45:40.0047 5236 IpFilterDriver - ok
21:45:40.0077 5236 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:45:40.0154 5236 IpInIp - ok
21:45:40.0293 5236 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:45:40.0447 5236 IpNat - ok
21:45:40.0985 5236 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:45:41.0616 5236 iPod Service - ok
21:45:41.0693 5236 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:45:41.0770 5236 IPSec - ok
21:45:41.0831 5236 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:45:41.0893 5236 IRENUM - ok
21:45:41.0970 5236 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:45:41.0985 5236 isapnp - ok
21:45:41.0985 5236 ISSUSER - ok
21:45:42.0201 5236 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:45:42.0339 5236 JavaQuickStarterService - ok
21:45:42.0447 5236 kavehost - ok
21:45:42.0477 5236 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:45:42.0539 5236 Kbdclass - ok
21:45:42.0570 5236 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:45:42.0647 5236 kbdhid - ok
21:45:42.0785 5236 [ 94D67D49BD9503BB1D838405D80F2058 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
21:45:42.0785 5236 KL1 - ok
21:45:42.0831 5236 [ 713576569667AC9E0F8556076004A96B ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
21:45:42.0877 5236 kl2 - ok
21:45:43.0077 5236 [ F934DE04AC53B08457B92DB6E4DEE2E5 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
21:45:43.0093 5236 KLIF - ok
21:45:43.0231 5236 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:45:43.0354 5236 kmixer - ok
21:45:43.0416 5236 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:45:43.0431 5236 KSecDD - ok
21:45:43.0600 5236 [ 79FF72B905265293A9AB261F834A4EF2 ] LANDesk Policy Invoker C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
21:45:43.0816 5236 LANDesk Policy Invoker - ok
21:45:43.0924 5236 [ 9A1CEAD6E1BE659D1350A9053F8D1B46 ] LANDesk Targeted Multicast C:\Program Files\LANDesk\LDClient\tmcsvc.exe
21:45:44.0077 5236 LANDesk Targeted Multicast - ok
21:45:44.0170 5236 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:45:44.0200 5236 LanmanServer - ok
21:45:44.0308 5236 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:45:44.0370 5236 lanmanworkstation - ok
21:45:44.0385 5236 lbrtfdc - ok
21:45:44.0800 5236 [ 58BB7C4DF9E00731840F48BC3D352703 ] LDAVService C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
21:45:45.0231 5236 LDAVService - ok
21:45:45.0293 5236 [ B42D0D37F8C76ED9A462404AFE520EDB ] ldblank C:\WINDOWS\system32\DRIVERS\ldblank.sys
21:45:45.0324 5236 ldblank - ok
21:45:45.0400 5236 [ A3B89BEB5FB3AD3BEF5E58A5885AEA63 ] ldmirror C:\WINDOWS\system32\DRIVERS\ldmirror.sys
21:45:45.0431 5236 ldmirror - ok
21:45:45.0554 5236 [ 1E17B05D11264D8ADDCA2469B3459831 ] LDSecDrv C:\WINDOWS\system32\drivers\LDSecDrv.sys
21:45:45.0554 5236 LDSecDrv - ok
21:45:45.0554 5236 Suspicious service (NoAccess): LDSecSvc
21:45:46.0400 5236 [ 4016C98AF49A92CE209F52A491016319 ] LDSecSvc C:\Program Files\LANDesk\LDClient\HIPS\LDSecSvc.EXE
21:45:47.0508 5236 LDSecSvc ( LockedService.Multi.Generic ) - warning
21:45:47.0508 5236 LDSecSvc - detected LockedService.Multi.Generic (1)
21:45:47.0570 5236 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:45:47.0585 5236 LmHosts - ok
21:45:47.0647 5236 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
21:45:47.0708 5236 LPDSVC - ok
21:45:47.0785 5236 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:45:47.0785 5236 MBAMProtector - ok
21:45:48.0293 5236 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\mbam\mbamservice.exe
21:45:48.0600 5236 MBAMService - ok
21:45:48.0831 5236 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:45:49.0077 5236 MDM - ok
21:45:49.0154 5236 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:45:49.0200 5236 Messenger - ok
21:45:49.0216 5236 [ AADAE4EC10F7075217E87C5CFC0580C9 ] mirrorflt C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
21:45:49.0308 5236 mirrorflt - ok
21:45:49.0354 5236 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:45:49.0385 5236 mnmdd - ok
21:45:49.0447 5236 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:45:49.0523 5236 mnmsrvc - ok
21:45:49.0600 5236 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:45:49.0693 5236 Modem - ok
21:45:49.0723 5236 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:45:49.0785 5236 Mouclass - ok
21:45:49.0831 5236 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:45:49.0862 5236 mouhid - ok
21:45:49.0954 5236 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:45:49.0970 5236 MountMgr - ok
21:45:49.0970 5236 mraid35x - ok
21:45:50.0108 5236 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:45:50.0123 5236 MRxDAV - ok
21:45:50.0462 5236 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:45:50.0462 5236 MRxSmb - ok
21:45:50.0508 5236 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:45:50.0539 5236 MSDTC - ok
21:45:50.0570 5236 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:45:50.0570 5236 Msfs - ok
21:45:50.0570 5236 MSIServer - ok
21:45:50.0600 5236 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:45:50.0662 5236 MSKSSRV - ok
21:45:50.0693 5236 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:45:50.0739 5236 MSPCLOCK - ok
21:45:50.0770 5236 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:45:50.0831 5236 MSPQM - ok
21:45:50.0893 5236 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:45:50.0985 5236 mssmbios - ok
21:45:51.0031 5236 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:45:51.0062 5236 MSTEE - ok
21:45:51.0170 5236 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:45:51.0185 5236 Mup - ok
21:45:51.0308 5236 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:45:51.0400 5236 NABTSFEC - ok
21:45:51.0616 5236 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:45:51.0754 5236 napagent - ok
21:45:51.0877 5236 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:45:51.0877 5236 NDIS - ok
21:45:51.0923 5236 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:45:51.0954 5236 NdisIP - ok
21:45:52.0000 5236 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:45:52.0031 5236 NdisTapi - ok
21:45:52.0062 5236 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:45:52.0108 5236 Ndisuio - ok
21:45:52.0154 5236 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:45:52.0323 5236 NdisWan - ok
21:45:52.0446 5236 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:45:52.0631 5236 NDProxy - ok
21:45:52.0754 5236 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:45:52.0862 5236 Net Driver HPZ12 - ok
21:45:52.0908 5236 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:45:52.0908 5236 NetBIOS - ok
21:45:53.0077 5236 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:45:53.0246 5236 NetBT - ok
21:45:53.0370 5236 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:45:53.0477 5236 NetDDE - ok
21:45:53.0539 5236 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:45:53.0554 5236 NetDDEdsdm - ok
21:45:53.0616 5236 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:45:53.0616 5236 Netlogon - ok
21:45:53.0754 5236 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:45:53.0862 5236 Netman - ok
21:45:53.0954 5236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:45:54.0093 5236 NetTcpPortSharing - ok
21:45:54.0139 5236 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:45:54.0200 5236 NIC1394 - ok
21:45:54.0323 5236 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:45:54.0323 5236 Nla - ok
21:45:54.0416 5236 [ B6E56578E167AD7D146F1B316490AC03 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
21:45:54.0493 5236 nlsX86cc - ok
21:45:54.0585 5236 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:45:54.0585 5236 Npfs - ok
21:45:54.0939 5236 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:45:54.0954 5236 Ntfs - ok
21:45:54.0985 5236 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:45:55.0000 5236 NtLmSsp - ok
21:45:55.0246 5236 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:45:55.0493 5236 NtmsSvc - ok
21:45:55.0523 5236 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:45:55.0554 5236 Null - ok
21:45:55.0569 5236 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:45:55.0585 5236 NwlnkFlt - ok
21:45:55.0616 5236 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:45:55.0631 5236 NwlnkFwd - ok
21:45:55.0923 5236 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:45:56.0154 5236 odserv - ok
21:45:56.0246 5236 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:45:56.0246 5236 ohci1394 - ok
21:45:56.0339 5236 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:56.0416 5236 ose - ok
21:45:56.0493 5236 [ AB2B07AC4AFD38F574D903EAF9E98A60 ] OZSCR C:\WINDOWS\system32\DRIVERS\ozscr.sys
21:45:56.0585 5236 OZSCR - ok
21:45:56.0646 5236 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:45:56.0754 5236 Parport - ok
21:45:56.0831 5236 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:45:56.0831 5236 PartMgr - ok
21:45:56.0846 5236 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:45:56.0893 5236 ParVdm - ok
21:45:56.0969 5236 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:45:56.0969 5236 PCI - ok
21:45:56.0969 5236 PCIDump - ok
21:45:56.0985 5236 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:45:57.0000 5236 PCIIde - ok
21:45:57.0077 5236 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:45:57.0077 5236 Pcmcia - ok
21:45:57.0093 5236 PDCOMP - ok
21:45:57.0108 5236 PDFRAME - ok
21:45:57.0123 5236 PDRELI - ok
21:45:57.0123 5236 PDRFRAME - ok
21:45:57.0139 5236 perc2 - ok
21:45:57.0154 5236 perc2hib - ok
21:45:57.0262 5236 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:45:57.0262 5236 PlugPlay - ok
21:45:57.0323 5236 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:45:57.0369 5236 Pml Driver HPZ12 - ok
21:45:57.0400 5236 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:45:57.0400 5236 PolicyAgent - ok
21:45:57.0446 5236 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:45:57.0523 5236 PptpMiniport - ok
21:45:57.0569 5236 [ 3E55203169A291199AC577636DBD933D ] prmvmouse C:\WINDOWS\system32\DRIVERS\activmouse.sys
21:45:57.0585 5236 prmvmouse - ok
21:45:57.0631 5236 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:45:57.0631 5236 ProtectedStorage - ok
21:45:57.0677 5236 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:45:57.0800 5236 PSched - ok
21:45:57.0816 5236 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:45:57.0892 5236 Ptilink - ok
21:45:57.0892 5236 ql1080 - ok
21:45:57.0908 5236 Ql10wnt - ok
21:45:57.0908 5236 ql12160 - ok
21:45:57.0923 5236 ql1240 - ok
21:45:57.0923 5236 ql1280 - ok
21:45:57.0969 5236 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:45:58.0000 5236 RasAcd - ok
21:45:58.0108 5236 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:45:58.0200 5236 RasAuto - ok
21:45:58.0231 5236 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:45:58.0262 5236 Rasirda - ok
21:45:58.0339 5236 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:45:58.0385 5236 Rasl2tp - ok
21:45:58.0508 5236 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:45:58.0631 5236 RasMan - ok
21:45:58.0662 5236 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:45:58.0769 5236 RasPppoe - ok
21:45:58.0816 5236 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:45:58.0862 5236 Raspti - ok
21:45:59.0000 5236 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:45:59.0000 5236 Rdbss - ok
21:45:59.0016 5236 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:45:59.0046 5236 RDPCDD - ok
21:45:59.0169 5236 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:45:59.0477 5236 rdpdr - ok
21:45:59.0569 5236 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:45:59.0569 5236 RDPWD - ok
21:45:59.0677 5236 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:45:59.0769 5236 RDSessMgr - ok
21:45:59.0816 5236 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:45:59.0846 5236 redbook - ok
21:45:59.0908 5236 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:45:59.0969 5236 RemoteAccess - ok
21:46:00.0046 5236 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:46:00.0092 5236 RemoteRegistry - ok
21:46:00.0154 5236 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:46:00.0246 5236 rimmptsk - ok
21:46:00.0323 5236 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:46:00.0431 5236 RpcLocator - ok
21:46:00.0523 5236 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\WINDOWS\system32\rpcnet.exe
21:46:00.0646 5236 rpcnet - ok
21:46:00.0908 5236 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:46:00.0954 5236 RpcSs - ok
21:46:01.0139 5236 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:46:01.0369 5236 RSVP - ok
21:46:01.0416 5236 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:46:01.0416 5236 SamSs - ok
21:46:01.0492 5236 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:46:01.0554 5236 SCardSvr - ok
21:46:01.0677 5236 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:46:01.0800 5236 Schedule - ok
21:46:01.0892 5236 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:46:01.0985 5236 sdbus - ok
21:46:02.0031 5236 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:46:02.0154 5236 Secdrv - ok
21:46:02.0200 5236 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:46:02.0215 5236 seclogon - ok
21:46:02.0585 5236 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
21:46:02.0908 5236 senfilt - ok
21:46:02.0954 5236 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:46:02.0969 5236 SENS - ok
21:46:03.0123 5236 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:46:03.0169 5236 serenum - ok
21:46:03.0215 5236 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:46:03.0292 5236 Serial - ok
21:46:03.0323 5236 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:46:03.0354 5236 sffdisk - ok
21:46:03.0369 5236 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:46:03.0446 5236 sffp_sd - ok
21:46:03.0462 5236 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:46:03.0523 5236 Sfloppy - ok
21:46:03.0692 5236 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:46:03.0846 5236 SharedAccess - ok
21:46:03.0923 5236 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:46:03.0923 5236 ShellHWDetection - ok
21:46:03.0923 5236 Simbad - ok
21:46:04.0231 5236 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:46:04.0308 5236 SLIP - ok
21:46:04.0385 5236 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:46:04.0477 5236 SMCIRDA - ok
21:46:04.0769 5236 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:46:04.0923 5236 smwdm - ok
21:46:05.0231 5236 [ 3ED2EBB31EF3F23B4F84B5A2EE251108 ] Softmon C:\Program Files\LANDesk\LDClient\softmon.exe
21:46:05.0292 5236 Softmon - ok
21:46:05.0308 5236 Sparrow - ok
21:46:05.0339 5236 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:46:05.0415 5236 splitter - ok
21:46:05.0523 5236 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:46:05.0538 5236 Spooler - ok
21:46:05.0631 5236 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:46:05.0646 5236 sr - ok
21:46:05.0723 5236 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:46:05.0785 5236 srservice - ok
21:46:05.0954 5236 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:46:05.0954 5236 Srv - ok
21:46:06.0015 5236 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:46:06.0092 5236 SSDPSRV - ok
21:46:06.0262 5236 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
21:46:06.0400 5236 STAC97 - ok
21:46:06.0585 5236 [ CB2449150A5EA17CAA0B94363D9440CC ] STacSV c:\drivers\audio\r205445\stacsv.exe
21:46:06.0862 5236 STacSV - ok
21:46:08.0354 5236 [ 886C708C91DB573656D64C626468D707 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
21:46:09.0861 5236 STHDA - ok
21:46:10.0785 5236 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:46:11.0154 5236 stisvc - ok
21:46:11.0754 5236 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:46:11.0892 5236 streamip - ok
21:46:12.0769 5236 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:46:12.0800 5236 swenum - ok
21:46:12.0892 5236 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:46:13.0000 5236 swmidi - ok
21:46:13.0000 5236 SwPrv - ok
21:46:13.0015 5236 symc810 - ok
21:46:13.0031 5236 symc8xx - ok
21:46:13.0031 5236 sym_hi - ok
21:46:13.0046 5236 sym_u3 - ok
21:46:13.0123 5236 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:46:13.0231 5236 sysaudio - ok
21:46:13.0292 5236 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:46:13.0354 5236 SysmonLog - ok
21:46:13.0461 5236 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:46:13.0723 5236 TapiSrv - ok
21:46:13.0984 5236 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:46:14.0015 5236 Tcpip - ok
21:46:14.0215 5236 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:46:14.0246 5236 TDPIPE - ok
21:46:14.0292 5236 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:46:14.0354 5236 TDTCP - ok
21:46:14.0415 5236 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:46:14.0446 5236 TermDD - ok
21:46:14.0769 5236 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:46:15.0169 5236 TermService - ok
21:46:15.0277 5236 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:46:15.0292 5236 Themes - ok
21:46:15.0384 5236 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:46:15.0831 5236 TlntSvr - ok
21:46:15.0846 5236 TosIde - ok
21:46:16.0015 5236 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:46:16.0154 5236 TrkWks - ok
21:46:16.0246 5236 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:46:16.0369 5236 Udfs - ok
21:46:16.0384 5236 ultra - ok
21:46:16.0569 5236 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:46:16.0769 5236 Update - ok
21:46:16.0907 5236 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:46:17.0215 5236 upnphost - ok
21:46:17.0292 5236 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:46:17.0354 5236 UPS - ok
21:46:17.0415 5236 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:46:17.0477 5236 USBAAPL - ok
21:46:17.0554 5236 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:46:17.0738 5236 usbaudio - ok
21:46:17.0784 5236 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:46:18.0384 5236 usbccgp - ok
21:46:18.0477 5236 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:46:18.0584 5236 usbehci - ok
21:46:18.0631 5236 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:46:18.0692 5236 usbhub - ok
21:46:19.0092 5236 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:46:19.0154 5236 usbprint - ok
21:46:19.0215 5236 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:46:19.0261 5236 usbscan - ok
21:46:19.0323 5236 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:46:19.0354 5236 USBSTOR - ok
21:46:19.0431 5236 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:46:19.0461 5236 usbuhci - ok
21:46:19.0569 5236 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
21:46:19.0646 5236 usbvideo - ok
21:46:19.0692 5236 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:46:19.0754 5236 VgaSave - ok
21:46:19.0754 5236 ViaIde - ok
21:46:19.0800 5236 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:46:19.0800 5236 VolSnap - ok
21:46:19.0969 5236 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:46:20.0169 5236 VSS - ok
21:46:20.0307 5236 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:46:20.0400 5236 W32Time - ok
21:46:20.0446 5236 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:46:20.0569 5236 Wanarp - ok
21:46:20.0907 5236 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:46:21.0246 5236 Wdf01000 - ok
21:46:21.0246 5236 WDICA - ok
21:46:21.0323 5236 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:46:21.0430 5236 wdmaud - ok
21:46:21.0538 5236 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:46:21.0584 5236 WebClient - ok
21:46:21.0600 5236 winachsf - ok
21:46:21.0846 5236 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:46:22.0030 5236 winmgmt - ok
21:46:22.0707 5236 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:46:23.0261 5236 WinRM - ok
21:46:23.0323 5236 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:46:23.0384 5236 WmdmPmSN - ok
21:46:23.0784 5236 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:46:23.0800 5236 Wmi - ok
21:46:23.0861 5236 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:46:23.0907 5236 WmiAcpi - ok
21:46:24.0015 5236 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:46:24.0153 5236 WmiApSrv - ok
21:46:24.0738 5236 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:46:25.0200 5236 WMPNetworkSvc - ok
21:46:25.0600 5236 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:46:26.0107 5236 WPFFontCache_v0400 - ok
21:46:26.0153 5236 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:46:26.0184 5236 WS2IFSL - ok
21:46:26.0246 5236 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:46:26.0277 5236 wscsvc - ok
21:46:26.0307 5236 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:46:26.0323 5236 WSTCODEC - ok
21:46:26.0353 5236 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:46:26.0369 5236 wuauserv - ok
21:46:26.0415 5236 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:46:26.0461 5236 WudfPf - ok
21:46:26.0507 5236 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:46:26.0584 5236 WudfRd - ok
21:46:26.0615 5236 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:46:26.0646 5236 WudfSvc - ok
21:46:27.0000 5236 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:46:27.0277 5236 WZCSVC - ok
21:46:27.0353 5236 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:46:27.0415 5236 xmlprov - ok
21:46:27.0430 5236 ================ Scan global ===============================
21:46:27.0492 5236 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:46:27.0646 5236 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:46:27.0953 5236 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:46:28.0046 5236 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:46:28.0061 5236 [Global] - ok
21:46:28.0061 5236 ================ Scan MBR ==================================
21:46:28.0107 5236 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:46:28.0569 5236 \Device\Harddisk0\DR0 - ok
21:46:28.0569 5236 ================ Scan VBR ==================================
21:46:28.0584 5236 [ 8BD914C4388BD83944342F05B8151B57 ] \Device\Harddisk0\DR0\Partition1
21:46:28.0584 5236 \Device\Harddisk0\DR0\Partition1 - ok
21:46:28.0584 5236 ============================================================
21:46:28.0584 5236 Scan finished
21:46:28.0584 5236 ============================================================
21:46:28.0600 5428 Detected object count: 1
21:46:28.0600 5428 Actual detected object count: 1
21:46:50.0476 5428 LDSecSvc ( LockedService.Multi.Generic ) - skipped by user
21:46:50.0476 5428 LDSecSvc ( LockedService.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-06 23:04:35
-----------------------------
23:04:35.451 OS Version: Windows 5.1.2600 Service Pack 3
23:04:35.451 Number of processors: 2 586 0xF0D
23:04:35.451 ComputerName: 372TEA-6X5C5L1 UserName: MaplesL
23:04:40.438 Initialize success
23:05:31.414 AVAST engine defs: 12090601
23:07:31.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:07:31.192 Disk 0 Vendor: WDC_WD1600BEVT-00A23T0 01.01A01 Size: 152627MB BusType: 3
23:07:31.239 Disk 0 MBR read successfully
23:07:31.239 Disk 0 MBR scan
23:07:31.363 Disk 0 Windows XP default MBR code
23:07:31.363 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
23:07:31.410 Disk 0 scanning sectors +312576705
23:07:31.550 Disk 0 scanning C:\WINDOWS\system32\drivers
23:08:06.028 Service scanning
23:09:20.734 Modules scanning
23:09:53.808 Disk 0 trace - called modules:
23:09:53.840 ntkrnlpa.exe CLASSPNP.SYS disk.sys LDSecDrv.sys hal.dll atapi.sys pciide.sys
23:09:53.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a543ab8]
23:09:53.840 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a545b00]
23:09:53.840 \Driver\atapi[0x8a62e1d0] -> IRP_MJ_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df8990]
23:09:53.840 \Driver\atapi[0x8a62e1d0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df88d0]
23:09:57.206 AVAST engine scan C:\WINDOWS
23:10:20.991 AVAST engine scan C:\WINDOWS\system32
23:17:26.196 File: C:\WINDOWS\assembly\GAC\Desktop.ini.infected.0 **INFECTED** Win32:Sirefef-PL [Rtk]
23:23:13.332 AVAST engine scan C:\WINDOWS\system32\drivers
23:23:55.605 AVAST engine scan C:\Documents and Settings\maplesl
23:25:51.110 File: C:\Documents and Settings\maplesl\Application Data\Sun\Java\Deployment\cache\6.0\11\4660904b-4c21f615 **INFECTED** Win32:Karagany-LM [Trj]
23:27:33.162 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\MBR.dat"
23:27:33.177 The log file has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\aswMBR.txt"

#6 peanut10

peanut10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 06 September 2012 - 11:05 PM

Corrected aswMBR log, first one was not complete.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-06 23:04:35
-----------------------------
23:04:35.451 OS Version: Windows 5.1.2600 Service Pack 3
23:04:35.451 Number of processors: 2 586 0xF0D
23:04:35.451 ComputerName: 372TEA-6X5C5L1 UserName: MaplesL
23:04:40.438 Initialize success
23:05:31.414 AVAST engine defs: 12090601
23:07:31.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:07:31.192 Disk 0 Vendor: WDC_WD1600BEVT-00A23T0 01.01A01 Size: 152627MB BusType: 3
23:07:31.239 Disk 0 MBR read successfully
23:07:31.239 Disk 0 MBR scan
23:07:31.363 Disk 0 Windows XP default MBR code
23:07:31.363 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
23:07:31.410 Disk 0 scanning sectors +312576705
23:07:31.550 Disk 0 scanning C:\WINDOWS\system32\drivers
23:08:06.028 Service scanning
23:09:20.734 Modules scanning
23:09:53.808 Disk 0 trace - called modules:
23:09:53.840 ntkrnlpa.exe CLASSPNP.SYS disk.sys LDSecDrv.sys hal.dll atapi.sys pciide.sys
23:09:53.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a543ab8]
23:09:53.840 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a545b00]
23:09:53.840 \Driver\atapi[0x8a62e1d0] -> IRP_MJ_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df8990]
23:09:53.840 \Driver\atapi[0x8a62e1d0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df88d0]
23:09:57.206 AVAST engine scan C:\WINDOWS
23:10:20.991 AVAST engine scan C:\WINDOWS\system32
23:17:26.196 File: C:\WINDOWS\assembly\GAC\Desktop.ini.infected.0 **INFECTED** Win32:Sirefef-PL [Rtk]
23:23:13.332 AVAST engine scan C:\WINDOWS\system32\drivers
23:23:55.605 AVAST engine scan C:\Documents and Settings\maplesl
23:25:51.110 File: C:\Documents and Settings\maplesl\Application Data\Sun\Java\Deployment\cache\6.0\11\4660904b-4c21f615 **INFECTED** Win32:Karagany-LM [Trj]
23:27:33.162 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\MBR.dat"
23:27:33.177 The log file has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-06 23:04:35
-----------------------------
23:04:35.451 OS Version: Windows 5.1.2600 Service Pack 3
23:04:35.451 Number of processors: 2 586 0xF0D
23:04:35.451 ComputerName: 372TEA-6X5C5L1 UserName: MaplesL
23:04:40.438 Initialize success
23:05:31.414 AVAST engine defs: 12090601
23:07:31.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:07:31.192 Disk 0 Vendor: WDC_WD1600BEVT-00A23T0 01.01A01 Size: 152627MB BusType: 3
23:07:31.239 Disk 0 MBR read successfully
23:07:31.239 Disk 0 MBR scan
23:07:31.363 Disk 0 Windows XP default MBR code
23:07:31.363 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
23:07:31.410 Disk 0 scanning sectors +312576705
23:07:31.550 Disk 0 scanning C:\WINDOWS\system32\drivers
23:08:06.028 Service scanning
23:09:20.734 Modules scanning
23:09:53.808 Disk 0 trace - called modules:
23:09:53.840 ntkrnlpa.exe CLASSPNP.SYS disk.sys LDSecDrv.sys hal.dll atapi.sys pciide.sys
23:09:53.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a543ab8]
23:09:53.840 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a545b00]
23:09:53.840 \Driver\atapi[0x8a62e1d0] -> IRP_MJ_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df8990]
23:09:53.840 \Driver\atapi[0x8a62e1d0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df88d0]
23:09:57.206 AVAST engine scan C:\WINDOWS
23:10:20.991 AVAST engine scan C:\WINDOWS\system32
23:17:26.196 File: C:\WINDOWS\assembly\GAC\Desktop.ini.infected.0 **INFECTED** Win32:Sirefef-PL [Rtk]
23:23:13.332 AVAST engine scan C:\WINDOWS\system32\drivers
23:23:55.605 AVAST engine scan C:\Documents and Settings\maplesl
23:25:51.110 File: C:\Documents and Settings\maplesl\Application Data\Sun\Java\Deployment\cache\6.0\11\4660904b-4c21f615 **INFECTED** Win32:Karagany-LM [Trj]
23:27:33.162 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\MBR.dat"
23:27:33.177 The log file has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\aswMBR.txt"
23:50:36.144 AVAST engine scan C:\Documents and Settings\All Users
23:56:50.525 Scan finished successfully
00:02:40.525 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\MBR.dat"
00:02:40.571 The log file has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 07 September 2012 - 07:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Documents and Settings\maplesl\Application Data\Sun\Java\Deployment\cache\6.0\11
c:\documents and settings\maplesl\Application Data\Agyh
c:\documents and settings\maplesl\Application Data\Atef
c:\documents and settings\maplesl\Application Data\Peiwod

File::
C:\WINDOWS\assembly\GAC\Desktop.ini.infected.0

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 peanut10

peanut10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 07 September 2012 - 08:34 PM

Attached is the log file from the new combo fix run. Couple of observations. Took over an hour to run combo fix. Computer is noticeably faster but still really slow to load pages and run programs (in comparison to how it was working pre infection). In both instances of running combo fix I was unable to get the landesk endpoint security program to stop running ( I can stop all the other landesk utilities but don't have the option to disable or stop that one).

Attached below is the log.
Thanks for all your help

ComboFix 12-09-07.03 - maplesl 09/07/2012 19:48:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1354 [GMT -4:00]
Running from: c:\documents and settings\maplesl\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\maplesl\Desktop\CFScript.txt
AV: LANDesk Antivirus client *Disabled/Updated* {C386CD1A-44E8-4B9D-885E-4751A79CE5BD}
AV: LANDesk Endpoint Security *Enabled/Updated* {7FDBEBEE-571A-4000-807C-1D6E589E0ED5}
.
FILE ::
"c:\windows\assembly\GAC\Desktop.ini.infected.0"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\3002.abs
c:\documents and settings\All Users\Application Data\3002.xml
c:\windows\assembly\GAC\Desktop.ini.infected.0
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-04 01:45 . 2012-09-04 01:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-09-04 00:37 . 2012-09-04 00:37 -------- d-----w- c:\documents and settings\maplesl\Local Settings\Application Data\Identities
2012-09-04 00:37 . 2012-09-05 01:59 -------- d-----w- c:\documents and settings\maplesl\Application Data\Agyh
2012-09-04 00:37 . 2012-09-04 23:06 -------- d-----w- c:\documents and settings\maplesl\Application Data\Atef
2012-09-04 00:37 . 2012-09-04 00:37 -------- d-----w- c:\documents and settings\maplesl\Application Data\Peiwod
2012-08-29 21:16 . 2012-08-29 21:18 -------- d-----w- c:\documents and settings\maplesl\Local Settings\Application Data\Smilebox
2012-08-29 21:15 . 2012-08-29 21:18 -------- d-----w- c:\documents and settings\maplesl\Application Data\Smilebox
2012-08-09 20:09 . 2012-08-09 20:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-08-09 20:04 . 2012-08-09 20:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-08-09 20:03 . 2012-08-09 20:04 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 23:11 . 2011-10-04 18:37 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-07 12:27 . 2011-10-04 18:52 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-07-26 20:23 . 2012-04-16 17:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 20:23 . 2012-02-05 18:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-07-01 18:24 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2011-12-12 02:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-06_01.03.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-07 13:20 . 2012-09-07 13:20 16384 c:\windows\Temp\Perflib_Perfdata_b08.dat
+ 2012-09-07 12:27 . 2012-09-07 12:27 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2008-04-14 12:00 . 2012-09-07 12:33 90038 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2012-09-05 23:45 90038 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-09-07 12:33 507098 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2012-09-05 23:45 507098 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SmileboxTray"="c:\documents and settings\maplesl\Application Data\Smilebox\SmileboxTray.exe" [2012-08-13 305000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-02 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-02 471040]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-12-17 1094000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"LANDesk Endpoint Security"="c:\program files\LANDesk\LDClient\HIPS\ViGUARD.EXE" [2010-10-21 3639104]
"LANDesk Antivirus"="c:\program files\LANDesk\LDClient\antivirus\LDav.exe" [2011-11-22 911872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files\mbam\mbamgui.exe" [2012-07-03 462920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivSDK Flash Extension.lnk - c:\windows\Installer\{56083210-EFE4-4C85-BB9B-1152B3279621}\FlashExtension11_09FAD3AE30B54976B1D51CD7803206FF.exe [2011-11-4 116056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1828855972-353634999-1236795852-6723\Scripts\Logon\0\0]
"Script"=LScript1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1828855972-353634999-1236795852-6723\Scripts\Logon\1\0]
"Script"=\\fcs.org\NETLOGON\BScripts\SAPverify.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\msgsys.exe"=
"c:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"=
"c:\\WINDOWS\\system32\\CBA\\pds.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9535:UDP"= 9535:UDP:LANDesk® Remote Control Agent UDP Port
"9535:TCP"= 9535:TCP:LANDesk® Remote Control Agent TCP Port
"67:UDP"= 67:UDP:LANDesk® PXE UDP Port
"67:TCP"= 67:TCP:LANDesk® PXE TCP Port
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 LDSecDrv;LDSecDrv;c:\windows\system32\drivers\LDSecDrv.sys [4/27/2012 7:23 AM 197344]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/22/2012 10:20 AM 11352]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
R2 kavehost;kavehost;c:\program files\LANDesk\LDClient\antivirus\kavehost.exe -svc --> c:\program files\LANDesk\LDClient\antivirus\kavehost.exe -svc [?]
R2 LDSecSvc;LANDesk Endpoint Security;c:\program files\LANDesk\LDClient\HIPS\LDSecSvc.exe [4/27/2012 7:21 AM 1824232]
R2 MBAMService;MBAMService;c:\program files\mbam\mbamservice.exe [12/11/2011 10:45 PM 655944]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [5/16/2012 3:33 PM 69640]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/4/2011 5:35 PM 112128]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/4/2011 5:35 PM 110080]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [10/4/2011 2:52 PM 14336]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [10/4/2011 2:52 PM 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 10:41 PM 22344]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [10/4/2011 2:52 PM 6144]
R4 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [4/27/2012 7:21 AM 403632]
S2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [8/1/2011 12:30 PM 147456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/9/2012 4:04 PM 136176]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [4/27/2012 7:22 AM 207872]
S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe [4/27/2012 7:21 AM 179200]
S2 LDAVService;LANDesk® Antivirus;c:\program files\LANDesk\LDClient\Antivirus\AVService.exe [4/27/2012 7:21 AM 597336]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\drivers\ACTIVhidmini.sys [10/4/2011 3:38 PM 84864]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/22/2010 10:49 AM 88192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/9/2012 4:04 PM 136176]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [7/1/2009 2:50 PM 92550]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [10/4/2011 3:38 PM 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-09 20:04]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-09 20:04]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1828855972-353634999-1236795852-6723Core.job
- c:\documents and settings\maplesl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 01:51]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1828855972-353634999-1236795852-6723UA.job
- c:\documents and settings\maplesl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 01:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fultonschools.org/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: fcs.org
Trusted Zone: fultonschools.org
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-07 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LDSecSvc]
"ImagePath"="c:\program files\LANDesk\LDClient\HIPS\LDSecSvc.EXE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1152)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-09-07 20:56:31
ComboFix-quarantined-files.txt 2012-09-08 00:55
ComboFix2.txt 2012-09-06 01:23
.
Pre-Run: 116,948,770,816 bytes free
Post-Run: 117,071,183,872 bytes free
.
- - End Of File - - A7840CA82139640577D28519163E6EEF

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 07 September 2012 - 10:14 PM

Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 peanut10

peanut10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 07 September 2012 - 10:45 PM

Ran the reset DMA, has made a huge difference in page and program load speeds. For some reason the computer still hangs up when you do a shutdown/restart and you have to manually shut it down (hold power button). But overall much, much improved.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 07 September 2012 - 11:00 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 peanut10

peanut10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 08 September 2012 - 05:36 PM

18:05:33.0485 0340 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:05:33.0780 0340 ============================================================
18:05:33.0780 0340 Current date / time: 2012/09/08 18:05:33.0780
18:05:33.0780 0340 SystemInfo:
18:05:33.0780 0340
18:05:33.0780 0340 OS Version: 5.1.2600 ServicePack: 3.0
18:05:33.0780 0340 Product type: Workstation
18:05:33.0780 0340 ComputerName: 372TEA-6X5C5L1
18:05:33.0780 0340 UserName: MaplesL
18:05:33.0780 0340 Windows directory: C:\WINDOWS
18:05:33.0780 0340 System windows directory: C:\WINDOWS
18:05:33.0780 0340 Processor architecture: Intel x86
18:05:33.0780 0340 Number of processors: 2
18:05:33.0780 0340 Page size: 0x1000
18:05:33.0780 0340 Boot type: Normal boot
18:05:33.0780 0340 ============================================================
18:05:35.0983 0340 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:05:35.0983 0340 ============================================================
18:05:35.0983 0340 \Device\Harddisk0\DR0:
18:05:35.0983 0340 MBR partitions:
18:05:35.0983 0340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
18:05:35.0983 0340 ============================================================
18:05:36.0014 0340 C: <-> \Device\Harddisk0\DR0\Partition1
18:05:36.0014 0340 ============================================================
18:05:36.0014 0340 Initialize success
18:05:36.0014 0340 ============================================================
18:05:50.0041 3616 ============================================================
18:05:50.0041 3616 Scan started
18:05:50.0041 3616 Mode: Manual;
18:05:50.0041 3616 ============================================================
18:05:51.0220 3616 ================ Scan system memory ========================
18:05:51.0220 3616 System memory - ok
18:05:51.0220 3616 ================ Scan services =============================
18:05:51.0437 3616 Abiosdsk - ok
18:05:51.0453 3616 abp480n5 - ok
18:05:51.0499 3616 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:05:51.0515 3616 ACPI - ok
18:05:51.0515 3616 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:05:51.0546 3616 ACPIEC - ok
18:05:51.0592 3616 [ DD3B5BF2633FF510E9B5C8B0BFA1745D ] ACTIVhidmini C:\WINDOWS\system32\DRIVERS\ACTIVhidmini.sys
18:05:51.0623 3616 ACTIVhidmini - ok
18:05:51.0639 3616 adpu160m - ok
18:05:51.0670 3616 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
18:05:51.0670 3616 aeaudio - ok
18:05:51.0747 3616 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:05:51.0794 3616 aec - ok
18:05:51.0840 3616 [ 20F078136F3BDC4C0405C0527B769303 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
18:05:51.0871 3616 AESTAud - ok
18:05:51.0934 3616 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:05:51.0949 3616 AFD - ok
18:05:51.0949 3616 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:05:52.0011 3616 agp440 - ok
18:05:52.0011 3616 Aha154x - ok
18:05:52.0027 3616 aic78u2 - ok
18:05:52.0042 3616 aic78xx - ok
18:05:52.0073 3616 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:05:52.0089 3616 Alerter - ok
18:05:52.0120 3616 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:05:52.0135 3616 ALG - ok
18:05:52.0135 3616 AliIde - ok
18:05:52.0151 3616 amsint - ok
18:05:52.0197 3616 [ 22403504E15810E99A563782E9D45311 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:05:52.0244 3616 ApfiltrService - ok
18:05:52.0352 3616 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:05:52.0368 3616 Apple Mobile Device - ok
18:05:52.0399 3616 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:05:52.0430 3616 AppMgmt - ok
18:05:52.0477 3616 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:05:52.0523 3616 Arp1394 - ok
18:05:52.0539 3616 asc - ok
18:05:52.0539 3616 asc3350p - ok
18:05:52.0554 3616 asc3550 - ok
18:05:52.0694 3616 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:05:52.0740 3616 aspnet_state - ok
18:05:52.0756 3616 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:05:52.0802 3616 AsyncMac - ok
18:05:52.0833 3616 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:05:52.0833 3616 atapi - ok
18:05:52.0849 3616 Atdisk - ok
18:05:52.0927 3616 [ 450BF8C0BD401A48FFA91D28DF665E93 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:05:52.0927 3616 Ati HotKey Poller - ok
18:05:53.0020 3616 [ 246248AADA156450BE611ECEAA5FE033 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:05:53.0221 3616 ati2mtag - ok
18:05:53.0283 3616 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:05:53.0330 3616 Atmarpc - ok
18:05:53.0377 3616 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:05:53.0377 3616 AudioSrv - ok
18:05:53.0423 3616 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:05:53.0454 3616 audstub - ok
18:05:53.0532 3616 [ 58911390115465BF6D8048F21F48655A ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:05:53.0547 3616 b57w2k - ok
18:05:53.0578 3616 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:05:53.0640 3616 BCM43XX - ok
18:05:53.0687 3616 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:05:53.0718 3616 Beep - ok
18:05:53.0826 3616 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:05:53.0826 3616 Bonjour Service - ok
18:05:53.0873 3616 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:05:53.0889 3616 Browser - ok
18:05:54.0044 3616 catchme - ok
18:05:54.0137 3616 [ 3E02BFDD7B91A825E0EB3A126D46F624 ] CBA8 C:\Program Files\LANDesk\Shared Files\residentagent.exe
18:05:54.0152 3616 CBA8 - ok
18:05:54.0183 3616 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:05:54.0214 3616 cbidf2k - ok
18:05:54.0261 3616 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:05:54.0307 3616 CCDECODE - ok
18:05:54.0307 3616 cd20xrnt - ok
18:05:54.0339 3616 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:05:54.0354 3616 Cdaudio - ok
18:05:54.0432 3616 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:05:54.0463 3616 Cdfs - ok
18:05:54.0478 3616 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:05:54.0540 3616 Cdrom - ok
18:05:54.0540 3616 Changer - ok
18:05:54.0587 3616 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:05:54.0602 3616 CiSvc - ok
18:05:54.0618 3616 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:05:54.0618 3616 ClipSrv - ok
18:05:54.0680 3616 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:54.0742 3616 clr_optimization_v2.0.50727_32 - ok
18:05:54.0773 3616 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:54.0975 3616 clr_optimization_v4.0.30319_32 - ok
18:05:55.0006 3616 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:05:55.0052 3616 CmBatt - ok
18:05:55.0068 3616 CmdIde - ok
18:05:55.0099 3616 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:05:55.0130 3616 Compbatt - ok
18:05:55.0145 3616 COMSysApp - ok
18:05:55.0161 3616 Cpqarray - ok
18:05:55.0207 3616 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:05:55.0223 3616 CryptSvc - ok
18:05:55.0223 3616 dac2w2k - ok
18:05:55.0238 3616 dac960nt - ok
18:05:55.0301 3616 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:05:55.0347 3616 DcomLaunch - ok
18:05:55.0440 3616 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:05:55.0456 3616 Dhcp - ok
18:05:55.0518 3616 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:05:55.0564 3616 Disk - ok
18:05:55.0564 3616 dmadmin - ok
18:05:55.0626 3616 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:05:55.0735 3616 dmboot - ok
18:05:55.0750 3616 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:05:55.0813 3616 dmio - ok
18:05:55.0813 3616 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:05:55.0828 3616 dmload - ok
18:05:55.0844 3616 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:05:55.0859 3616 dmserver - ok
18:05:55.0875 3616 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:05:55.0906 3616 DMusic - ok
18:05:55.0952 3616 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:05:55.0968 3616 Dnscache - ok
18:05:55.0999 3616 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:05:56.0030 3616 Dot3svc - ok
18:05:56.0030 3616 dpti2o - ok
18:05:56.0092 3616 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:05:56.0107 3616 drmkaud - ok
18:05:56.0138 3616 [ D94437E7EE086677B266099F695CDEA1 ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
18:05:56.0154 3616 E1000 - ok
18:05:56.0185 3616 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:05:56.0200 3616 EapHost - ok
18:05:56.0216 3616 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:05:56.0231 3616 ERSvc - ok
18:05:56.0278 3616 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:05:56.0278 3616 Eventlog - ok
18:05:56.0309 3616 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:05:56.0309 3616 EventSystem - ok
18:05:56.0325 3616 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:05:56.0340 3616 Fastfat - ok
18:05:56.0402 3616 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:05:56.0418 3616 FastUserSwitchingCompatibility - ok
18:05:56.0433 3616 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:05:56.0464 3616 Fdc - ok
18:05:56.0480 3616 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:05:56.0511 3616 Fips - ok
18:05:56.0619 3616 [ 869BDE240B7FE9C7B25BD80DF85641C8 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
18:05:56.0619 3616 FlipShare Service - ok
18:05:56.0744 3616 [ 9C330B7DDEE9492373041E75DA01F80C ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
18:05:56.0759 3616 FlipShareServer - ok
18:05:56.0775 3616 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:05:56.0806 3616 Flpydisk - ok
18:05:56.0821 3616 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:05:56.0852 3616 FltMgr - ok
18:05:56.0930 3616 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:05:56.0930 3616 FontCache3.0.0.0 - ok
18:05:56.0930 3616 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:05:56.0961 3616 Fs_Rec - ok
18:05:56.0976 3616 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:05:57.0007 3616 Ftdisk - ok
18:05:57.0054 3616 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:05:57.0069 3616 GEARAspiWDM - ok
18:05:57.0116 3616 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:05:57.0162 3616 Gpc - ok
18:05:57.0193 3616 [ CA835331825599B938E37525796D3549 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
18:05:57.0240 3616 GTIPCI21 - ok
18:05:57.0380 3616 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:05:57.0380 3616 gupdate - ok
18:05:57.0395 3616 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:05:57.0395 3616 gupdatem - ok
18:05:57.0457 3616 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:05:57.0473 3616 gusvc - ok
18:05:57.0504 3616 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:05:57.0504 3616 HDAudBus - ok
18:05:57.0612 3616 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:05:57.0612 3616 helpsvc - ok
18:05:57.0643 3616 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:05:57.0659 3616 HidServ - ok
18:05:57.0690 3616 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:05:57.0721 3616 HidUsb - ok
18:05:57.0737 3616 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:05:57.0768 3616 hkmsvc - ok
18:05:57.0768 3616 hpn - ok
18:05:57.0783 3616 HSFHWICH - ok
18:05:57.0783 3616 HSF_DPV - ok
18:05:57.0830 3616 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:05:57.0845 3616 HTTP - ok
18:05:57.0892 3616 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:05:57.0938 3616 HTTPFilter - ok
18:05:57.0938 3616 i2omgmt - ok
18:05:57.0954 3616 i2omp - ok
18:05:58.0000 3616 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:05:58.0031 3616 i8042prt - ok
18:05:58.0280 3616 [ 4F3139829F1AC202FF0D29C2FD6C15B6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:05:58.0481 3616 ialm - ok
18:05:58.0528 3616 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:05:58.0621 3616 iaStor - ok
18:05:58.0714 3616 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:05:58.0745 3616 idsvc - ok
18:05:58.0776 3616 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:05:58.0838 3616 Imapi - ok
18:05:58.0916 3616 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:05:58.0916 3616 ImapiService - ok
18:05:58.0931 3616 ini910u - ok
18:05:58.0993 3616 [ 64C301D73DB18EBDC8680CA82D82AF2D ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
18:05:59.0024 3616 IntcHdmiAddService - ok
18:05:59.0148 3616 [ 507A15DFBEC2B9B10A853A3895771356 ] Intel Local Scheduler Service C:\Program Files\LANDesk\LDClient\localsch.exe
18:05:59.0211 3616 Intel Local Scheduler Service - ok
18:05:59.0257 3616 [ 7C234B88F1F1E5FFAF5A701148C095E8 ] Intel PDS C:\WINDOWS\system32\CBA\pds.exe
18:05:59.0257 3616 Intel PDS - ok
18:05:59.0319 3616 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:05:59.0350 3616 IntelIde - ok
18:05:59.0428 3616 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:05:59.0428 3616 intelppm - ok
18:05:59.0459 3616 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:05:59.0521 3616 Ip6Fw - ok
18:05:59.0536 3616 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:05:59.0536 3616 IpFilterDriver - ok
18:05:59.0552 3616 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:05:59.0598 3616 IpInIp - ok
18:05:59.0629 3616 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:05:59.0692 3616 IpNat - ok
18:05:59.0785 3616 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:05:59.0800 3616 iPod Service - ok
18:05:59.0862 3616 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:05:59.0924 3616 IPSec - ok
18:05:59.0971 3616 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:06:00.0002 3616 IRENUM - ok
18:06:00.0064 3616 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:06:00.0110 3616 isapnp - ok
18:06:00.0110 3616 ISSUSER - ok
18:06:00.0266 3616 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:06:00.0266 3616 JavaQuickStarterService - ok
18:06:00.0328 3616 kavehost - ok
18:06:00.0390 3616 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:06:00.0436 3616 Kbdclass - ok
18:06:00.0467 3616 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:06:00.0498 3616 kbdhid - ok
18:06:00.0545 3616 [ 94D67D49BD9503BB1D838405D80F2058 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
18:06:00.0591 3616 KL1 - ok
18:06:00.0623 3616 [ 713576569667AC9E0F8556076004A96B ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
18:06:00.0638 3616 kl2 - ok
18:06:00.0669 3616 [ F934DE04AC53B08457B92DB6E4DEE2E5 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
18:06:00.0716 3616 KLIF - ok
18:06:00.0778 3616 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:06:00.0778 3616 kmixer - ok
18:06:00.0793 3616 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:06:00.0793 3616 KSecDD - ok
18:06:00.0855 3616 [ 79FF72B905265293A9AB261F834A4EF2 ] LANDesk Policy Invoker C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
18:06:00.0871 3616 LANDesk Policy Invoker - ok
18:06:00.0933 3616 [ 9A1CEAD6E1BE659D1350A9053F8D1B46 ] LANDesk Targeted Multicast C:\Program Files\LANDesk\LDClient\tmcsvc.exe
18:06:00.0979 3616 LANDesk Targeted Multicast - ok
18:06:01.0057 3616 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:06:01.0072 3616 LanmanServer - ok
18:06:01.0135 3616 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:06:01.0150 3616 lanmanworkstation - ok
18:06:01.0150 3616 lbrtfdc - ok
18:06:01.0228 3616 [ 58BB7C4DF9E00731840F48BC3D352703 ] LDAVService C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
18:06:01.0243 3616 LDAVService - ok
18:06:01.0305 3616 [ B42D0D37F8C76ED9A462404AFE520EDB ] ldblank C:\WINDOWS\system32\DRIVERS\ldblank.sys
18:06:01.0336 3616 ldblank - ok
18:06:01.0398 3616 [ A3B89BEB5FB3AD3BEF5E58A5885AEA63 ] ldmirror C:\WINDOWS\system32\DRIVERS\ldmirror.sys
18:06:01.0398 3616 ldmirror - ok
18:06:01.0460 3616 [ 1E17B05D11264D8ADDCA2469B3459831 ] LDSecDrv C:\WINDOWS\system32\drivers\LDSecDrv.sys
18:06:02.0081 3616 LDSecDrv - ok
18:06:02.0081 3616 Suspicious service (NoAccess): LDSecSvc
18:06:02.0221 3616 [ 4016C98AF49A92CE209F52A491016319 ] LDSecSvc C:\Program Files\LANDesk\LDClient\HIPS\LDSecSvc.EXE
18:06:02.0236 3616 LDSecSvc ( LockedService.Multi.Generic ) - warning
18:06:02.0236 3616 LDSecSvc - detected LockedService.Multi.Generic (1)
18:06:02.0298 3616 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:06:02.0298 3616 LmHosts - ok
18:06:02.0345 3616 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
18:06:02.0345 3616 LPDSVC - ok
18:06:02.0376 3616 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:06:02.0376 3616 MBAMProtector - ok
18:06:02.0438 3616 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\mbam\mbamservice.exe
18:06:02.0438 3616 MBAMService - ok
18:06:02.0562 3616 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:06:02.0562 3616 MDM - ok
18:06:02.0609 3616 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:06:02.0624 3616 Messenger - ok
18:06:02.0655 3616 [ AADAE4EC10F7075217E87C5CFC0580C9 ] mirrorflt C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
18:06:02.0686 3616 mirrorflt - ok
18:06:02.0748 3616 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:06:02.0764 3616 mnmdd - ok
18:06:02.0810 3616 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:06:02.0826 3616 mnmsrvc - ok
18:06:02.0872 3616 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:06:02.0919 3616 Modem - ok
18:06:02.0950 3616 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:06:02.0996 3616 Mouclass - ok
18:06:03.0027 3616 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:06:03.0043 3616 mouhid - ok
18:06:03.0074 3616 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:06:03.0121 3616 MountMgr - ok
18:06:03.0121 3616 mraid35x - ok
18:06:03.0152 3616 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:06:03.0167 3616 MRxDAV - ok
18:06:03.0214 3616 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:06:03.0229 3616 MRxSmb - ok
18:06:03.0260 3616 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:06:03.0276 3616 MSDTC - ok
18:06:03.0291 3616 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:06:03.0338 3616 Msfs - ok
18:06:03.0338 3616 MSIServer - ok
18:06:03.0353 3616 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:06:03.0400 3616 MSKSSRV - ok
18:06:03.0415 3616 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:06:03.0431 3616 MSPCLOCK - ok
18:06:03.0462 3616 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:06:03.0477 3616 MSPQM - ok
18:06:03.0524 3616 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:06:03.0524 3616 mssmbios - ok
18:06:03.0586 3616 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:06:03.0602 3616 MSTEE - ok
18:06:03.0633 3616 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:06:03.0648 3616 Mup - ok
18:06:03.0664 3616 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:06:03.0695 3616 NABTSFEC - ok
18:06:03.0726 3616 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:06:03.0757 3616 napagent - ok
18:06:03.0788 3616 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:06:03.0803 3616 NDIS - ok
18:06:03.0850 3616 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:06:03.0865 3616 NdisIP - ok
18:06:03.0912 3616 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:06:03.0912 3616 NdisTapi - ok
18:06:03.0927 3616 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:06:03.0958 3616 Ndisuio - ok
18:06:03.0958 3616 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:06:03.0974 3616 NdisWan - ok
18:06:04.0021 3616 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:06:04.0021 3616 NDProxy - ok
18:06:04.0083 3616 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
18:06:04.0083 3616 Net Driver HPZ12 - ok
18:06:04.0098 3616 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:06:04.0129 3616 NetBIOS - ok
18:06:04.0145 3616 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:06:04.0176 3616 NetBT - ok
18:06:04.0238 3616 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:06:04.0238 3616 NetDDE - ok
18:06:04.0238 3616 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:06:04.0253 3616 NetDDEdsdm - ok
18:06:04.0315 3616 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:06:04.0315 3616 Netlogon - ok
18:06:04.0346 3616 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:06:04.0346 3616 Netman - ok
18:06:04.0393 3616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:06:04.0486 3616 NetTcpPortSharing - ok
18:06:04.0517 3616 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:06:04.0517 3616 NIC1394 - ok
18:06:04.0564 3616 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:06:04.0564 3616 Nla - ok
18:06:04.0626 3616 [ B6E56578E167AD7D146F1B316490AC03 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
18:06:04.0626 3616 nlsX86cc - ok
18:06:04.0672 3616 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:06:04.0703 3616 Npfs - ok
18:06:04.0750 3616 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:06:04.0827 3616 Ntfs - ok
18:06:04.0858 3616 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:06:04.0858 3616 NtLmSsp - ok
18:06:04.0920 3616 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:06:04.0998 3616 NtmsSvc - ok
18:06:05.0014 3616 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:06:05.0045 3616 Null - ok
18:06:05.0076 3616 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:06:05.0091 3616 NwlnkFlt - ok
18:06:05.0122 3616 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:06:05.0138 3616 NwlnkFwd - ok
18:06:05.0277 3616 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:06:05.0293 3616 odserv - ok
18:06:05.0355 3616 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:06:05.0355 3616 ohci1394 - ok
18:06:05.0401 3616 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:06:05.0401 3616 ose - ok
18:06:05.0448 3616 [ AB2B07AC4AFD38F574D903EAF9E98A60 ] OZSCR C:\WINDOWS\system32\DRIVERS\ozscr.sys
18:06:05.0479 3616 OZSCR - ok
18:06:05.0495 3616 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:06:05.0557 3616 Parport - ok
18:06:05.0588 3616 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:06:05.0634 3616 PartMgr - ok
18:06:05.0665 3616 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:06:05.0681 3616 ParVdm - ok
18:06:05.0696 3616 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:06:05.0743 3616 PCI - ok
18:06:05.0758 3616 PCIDump - ok
18:06:05.0758 3616 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:06:05.0789 3616 PCIIde - ok
18:06:05.0789 3616 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:06:05.0836 3616 Pcmcia - ok
18:06:05.0836 3616 PDCOMP - ok
18:06:05.0836 3616 PDFRAME - ok
18:06:05.0836 3616 PDRELI - ok
18:06:05.0851 3616 PDRFRAME - ok
18:06:05.0851 3616 perc2 - ok
18:06:05.0851 3616 perc2hib - ok
18:06:05.0867 3616 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:06:05.0867 3616 PlugPlay - ok
18:06:05.0882 3616 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:06:05.0898 3616 Pml Driver HPZ12 - ok
18:06:05.0898 3616 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:06:05.0898 3616 PolicyAgent - ok
18:06:05.0913 3616 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:06:05.0929 3616 PptpMiniport - ok
18:06:05.0976 3616 [ 3E55203169A291199AC577636DBD933D ] prmvmouse C:\WINDOWS\system32\DRIVERS\activmouse.sys
18:06:05.0976 3616 prmvmouse - ok
18:06:05.0991 3616 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:06:05.0991 3616 ProtectedStorage - ok
18:06:05.0991 3616 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:06:06.0007 3616 PSched - ok
18:06:06.0022 3616 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:06:06.0022 3616 Ptilink - ok
18:06:06.0038 3616 ql1080 - ok
18:06:06.0038 3616 Ql10wnt - ok
18:06:06.0038 3616 ql12160 - ok
18:06:06.0038 3616 ql1240 - ok
18:06:06.0053 3616 ql1280 - ok
18:06:06.0115 3616 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:06:06.0115 3616 RasAcd - ok
18:06:06.0162 3616 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:06:06.0177 3616 RasAuto - ok
18:06:06.0224 3616 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:06:06.0239 3616 Rasirda - ok
18:06:06.0270 3616 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:06:06.0270 3616 Rasl2tp - ok
18:06:06.0301 3616 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:06:06.0301 3616 RasMan - ok
18:06:06.0301 3616 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:06:06.0332 3616 RasPppoe - ok
18:06:06.0332 3616 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:06:06.0348 3616 Raspti - ok
18:06:06.0363 3616 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:06:06.0379 3616 Rdbss - ok
18:06:06.0379 3616 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:06:06.0394 3616 RDPCDD - ok
18:06:06.0425 3616 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:06:06.0643 3616 rdpdr - ok
18:06:06.0689 3616 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:06:06.0689 3616 RDPWD - ok
18:06:06.0736 3616 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:06:06.0751 3616 RDSessMgr - ok
18:06:06.0767 3616 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:06:06.0813 3616 redbook - ok
18:06:06.0844 3616 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:06:06.0860 3616 RemoteAccess - ok
18:06:06.0938 3616 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:06:06.0938 3616 RemoteRegistry - ok
18:06:06.0984 3616 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:06:07.0000 3616 rimmptsk - ok
18:06:07.0015 3616 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:06:07.0031 3616 RpcLocator - ok
18:06:07.0062 3616 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\WINDOWS\system32\rpcnet.exe
18:06:07.0062 3616 rpcnet - ok
18:06:07.0093 3616 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:06:07.0093 3616 RpcSs - ok
18:06:07.0139 3616 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:06:07.0155 3616 RSVP - ok
18:06:07.0170 3616 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:06:07.0186 3616 SamSs - ok
18:06:07.0232 3616 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:06:07.0232 3616 SCardSvr - ok
18:06:07.0263 3616 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:06:07.0263 3616 Schedule - ok
18:06:07.0325 3616 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:06:07.0341 3616 sdbus - ok
18:06:07.0372 3616 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:06:07.0403 3616 Secdrv - ok
18:06:07.0450 3616 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:06:07.0465 3616 seclogon - ok
18:06:07.0527 3616 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
18:06:07.0543 3616 senfilt - ok
18:06:07.0620 3616 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:06:07.0620 3616 SENS - ok
18:06:07.0682 3616 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:06:07.0698 3616 serenum - ok
18:06:07.0729 3616 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:06:07.0744 3616 Serial - ok
18:06:07.0791 3616 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:06:07.0822 3616 sffdisk - ok
18:06:07.0853 3616 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:06:07.0868 3616 sffp_sd - ok
18:06:07.0915 3616 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:06:07.0931 3616 Sfloppy - ok
18:06:08.0008 3616 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:06:08.0024 3616 SharedAccess - ok
18:06:08.0024 3616 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:06:08.0024 3616 ShellHWDetection - ok
18:06:08.0039 3616 Simbad - ok
18:06:08.0070 3616 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:06:08.0101 3616 SLIP - ok
18:06:08.0117 3616 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
18:06:08.0132 3616 SMCIRDA - ok
18:06:08.0179 3616 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
18:06:08.0194 3616 smwdm - ok
18:06:08.0334 3616 [ 3ED2EBB31EF3F23B4F84B5A2EE251108 ] Softmon C:\Program Files\LANDesk\LDClient\softmon.exe
18:06:08.0349 3616 Softmon - ok
18:06:08.0365 3616 Sparrow - ok
18:06:08.0567 3616 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:06:08.0582 3616 splitter - ok
18:06:08.0644 3616 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:06:08.0644 3616 Spooler - ok
18:06:08.0691 3616 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:06:08.0722 3616 sr - ok
18:06:08.0737 3616 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:06:08.0737 3616 srservice - ok
18:06:08.0768 3616 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:06:08.0768 3616 Srv - ok
18:06:08.0799 3616 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:06:08.0815 3616 SSDPSRV - ok
18:06:08.0924 3616 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
18:06:09.0017 3616 STAC97 - ok
18:06:09.0234 3616 [ CB2449150A5EA17CAA0B94363D9440CC ] STacSV c:\drivers\audio\r205445\stacsv.exe
18:06:09.0249 3616 STacSV - ok
18:06:09.0715 3616 [ 886C708C91DB573656D64C626468D707 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:06:09.0730 3616 STHDA - ok
18:06:09.0839 3616 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:06:09.0870 3616 stisvc - ok
18:06:09.0901 3616 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:06:09.0932 3616 streamip - ok
18:06:09.0979 3616 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:06:10.0010 3616 swenum - ok
18:06:10.0118 3616 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:06:10.0149 3616 swmidi - ok
18:06:10.0149 3616 SwPrv - ok
18:06:10.0149 3616 symc810 - ok
18:06:10.0149 3616 symc8xx - ok
18:06:10.0165 3616 sym_hi - ok
18:06:10.0165 3616 sym_u3 - ok
18:06:10.0196 3616 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:06:10.0211 3616 sysaudio - ok
18:06:10.0273 3616 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:06:10.0304 3616 SysmonLog - ok
18:06:10.0336 3616 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:06:10.0336 3616 TapiSrv - ok
18:06:10.0398 3616 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:06:10.0429 3616 Tcpip - ok
18:06:10.0444 3616 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:06:10.0491 3616 TDPIPE - ok
18:06:10.0553 3616 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:06:10.0568 3616 TDTCP - ok
18:06:10.0630 3616 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:06:10.0677 3616 TermDD - ok
18:06:10.0770 3616 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:06:10.0817 3616 TermService - ok
18:06:10.0863 3616 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:06:10.0863 3616 Themes - ok
18:06:10.0879 3616 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:06:10.0894 3616 TlntSvr - ok
18:06:10.0894 3616 TosIde - ok
18:06:10.0925 3616 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:06:10.0941 3616 TrkWks - ok
18:06:10.0987 3616 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:06:11.0018 3616 Udfs - ok
18:06:11.0018 3616 ultra - ok
18:06:11.0096 3616 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:06:11.0127 3616 Update - ok
18:06:11.0173 3616 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:06:11.0189 3616 upnphost - ok
18:06:11.0251 3616 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:06:11.0266 3616 UPS - ok
18:06:11.0298 3616 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:06:11.0329 3616 USBAAPL - ok
18:06:11.0360 3616 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:06:11.0391 3616 usbaudio - ok
18:06:11.0437 3616 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:06:11.0453 3616 usbccgp - ok
18:06:11.0484 3616 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:06:11.0530 3616 usbehci - ok
18:06:11.0561 3616 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:06:11.0592 3616 usbhub - ok
18:06:11.0654 3616 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:06:11.0685 3616 usbprint - ok
18:06:11.0732 3616 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:06:11.0747 3616 usbscan - ok
18:06:11.0810 3616 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:06:11.0841 3616 USBSTOR - ok
18:06:11.0887 3616 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:06:11.0903 3616 usbuhci - ok
18:06:12.0027 3616 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:06:12.0058 3616 usbvideo - ok
18:06:12.0089 3616 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:06:12.0120 3616 VgaSave - ok
18:06:12.0120 3616 ViaIde - ok
18:06:12.0120 3616 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:06:12.0166 3616 VolSnap - ok
18:06:12.0213 3616 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:06:12.0228 3616 VSS - ok
18:06:12.0244 3616 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:06:12.0260 3616 W32Time - ok
18:06:12.0260 3616 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:06:12.0291 3616 Wanarp - ok
18:06:12.0523 3616 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:06:12.0539 3616 Wdf01000 - ok
18:06:12.0554 3616 WDICA - ok
18:06:12.0632 3616 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:06:12.0647 3616 wdmaud - ok
18:06:12.0725 3616 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:06:12.0725 3616 WebClient - ok
18:06:12.0725 3616 winachsf - ok
18:06:12.0803 3616 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:06:12.0803 3616 winmgmt - ok
18:06:12.0880 3616 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:06:12.0927 3616 WinRM - ok
18:06:12.0958 3616 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:06:12.0989 3616 WmdmPmSN - ok
18:06:13.0066 3616 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:06:13.0082 3616 Wmi - ok
18:06:13.0128 3616 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:06:13.0128 3616 WmiAcpi - ok
18:06:13.0159 3616 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:06:13.0175 3616 WmiApSrv - ok
18:06:13.0237 3616 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:06:13.0253 3616 WMPNetworkSvc - ok
18:06:13.0330 3616 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:06:13.0361 3616 WPFFontCache_v0400 - ok
18:06:13.0439 3616 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:06:13.0439 3616 WS2IFSL - ok
18:06:13.0485 3616 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:06:13.0485 3616 wscsvc - ok
18:06:13.0516 3616 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:06:13.0532 3616 WSTCODEC - ok
18:06:13.0594 3616 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:06:13.0594 3616 wuauserv - ok
18:06:13.0625 3616 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:06:13.0656 3616 WudfPf - ok
18:06:13.0656 3616 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:06:13.0687 3616 WudfRd - ok
18:06:13.0718 3616 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:06:13.0734 3616 WudfSvc - ok
18:06:13.0780 3616 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:06:13.0780 3616 WZCSVC - ok
18:06:13.0811 3616 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:06:13.0842 3616 xmlprov - ok
18:06:13.0842 3616 ================ Scan global ===============================
18:06:13.0889 3616 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:06:13.0920 3616 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:06:13.0935 3616 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:06:13.0966 3616 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:06:13.0982 3616 [Global] - ok
18:06:13.0982 3616 ================ Scan MBR ==================================
18:06:13.0997 3616 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:06:14.0230 3616 \Device\Harddisk0\DR0 - ok
18:06:14.0230 3616 ================ Scan VBR ==================================
18:06:14.0230 3616 [ 8BD914C4388BD83944342F05B8151B57 ] \Device\Harddisk0\DR0\Partition1
18:06:14.0230 3616 \Device\Harddisk0\DR0\Partition1 - ok
18:06:14.0230 3616 ============================================================
18:06:14.0230 3616 Scan finished
18:06:14.0230 3616 ============================================================
18:06:14.0246 0384 Detected object count: 1
18:06:14.0246 0384 Actual detected object count: 1
18:06:46.0177 0384 LDSecSvc ( LockedService.Multi.Generic ) - skipped by user
18:06:46.0177 0384 LDSecSvc ( LockedService.Multi.Generic ) - User select action: Skip




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 18:07:53
-----------------------------
18:07:53.535 OS Version: Windows 5.1.2600 Service Pack 3
18:07:53.535 Number of processors: 2 586 0xF0D
18:07:53.535 ComputerName: 372TEA-6X5C5L1 UserName: MaplesL
18:07:54.237 Initialize success
18:11:19.782 AVAST engine defs: 12090801
18:11:50.393 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:11:50.393 Disk 0 Vendor: WDC_WD1600BEVT-00A23T0 01.01A01 Size: 152627MB BusType: 3
18:11:50.424 Disk 0 MBR read successfully
18:11:50.424 Disk 0 MBR scan
18:11:50.486 Disk 0 Windows XP default MBR code
18:11:50.486 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
18:11:50.502 Disk 0 scanning sectors +312576705
18:11:50.611 Disk 0 scanning C:\WINDOWS\system32\drivers
18:12:04.529 Service scanning
18:12:39.348 Modules scanning
18:12:47.040 Disk 0 trace - called modules:
18:12:47.071 ntkrnlpa.exe CLASSPNP.SYS disk.sys LDSecDrv.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:12:47.071 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5e9ab8]
18:12:47.071 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5ecd98]
18:12:47.071 \Driver\atapi[0x8a6331b8] -> IRP_MJ_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df8990]
18:12:47.071 \Driver\atapi[0x8a6331b8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> LDSecDrv.sys[0xb9df88d0]
18:12:48.008 AVAST engine scan C:\WINDOWS
18:12:55.922 AVAST engine scan C:\WINDOWS\system32
18:16:27.622 AVAST engine scan C:\WINDOWS\system32\drivers
18:16:44.794 AVAST engine scan C:\Documents and Settings\maplesl
18:30:21.088 AVAST engine scan C:\Documents and Settings\All Users
18:34:13.034 Scan finished successfully
18:34:55.205 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\MBR.dat"
18:34:55.205 The log file has been saved successfully to "C:\Documents and Settings\maplesl\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 08 September 2012 - 10:52 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29
Live Security Platinum
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 peanut10

peanut10
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 09 September 2012 - 10:03 AM

Computer seems to be doing really good, no problems that we note. Shutdown and restart runs flawlessly. Maybe still a little slow. Thanks for all your help.



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MaplesL :: 372TEA-6X5C5L1 [administrator]

Protection: Enabled

9/9/2012 10:45:28 AM
mbam-log-2012-09-09 (10-45-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250633
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:33 AM, on 9/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LANDesk\LDClient\HIPS\LDSecSvc.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r205445\stacsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\LANDesk\LDClient\antivirus\kavehost.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
C:\Program Files\mbam\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LANDesk\LDClient\localsch.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LANDesk\LDClient\HIPS\ViGUARD.EXE
C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe
C:\Program Files\mbam\mbamgui.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\Documents and Settings\maplesl\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Activ Software\ActivSDK Flash Extension\2.1\flash-wrapper-crossplatform.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\maplesl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\maplesl\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fultonschools.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LANDesk Endpoint Security] "C:\Program Files\LANDesk\LDClient\HIPS\ViGUARD.EXE" /STARTUP
O4 - HKLM\..\Run: [LANDesk Antivirus] "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\mbam\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\maplesl\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ActivSDK Flash Extension.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.fcs.org
O15 - Trusted Zone: *.fultonschools.org
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263909764681
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259778070878
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fcs.org
O17 - HKLM\Software\..\Telephony: DomainName = fcs.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fcs.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fcs.org
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk® Management Agent (CBA8) - Avocent Corporation - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\localsch.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Inc. and its affiliates. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: kavehost - Kaspersky Lab ZAO - C:\Program Files\LANDesk\LDClient\antivirus\kavehost.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LANDesk Targeted Multicast - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk® Antivirus (LDAVService) - LANDesk Software, Inc. and its affiliates. - C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\mbam\mbamservice.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r205445\stacsv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/maplesl/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 10686 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 09 September 2012 - 10:47 AM

Greetings peanut10

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\maplesl\Application Data\Smilebox\SmileboxTray.exe"
      O4 - Global Startup: ActivSDK Flash Extension.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users