Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect


  • This topic is locked This topic is locked
13 replies to this topic

#1 sjohns

sjohns

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 November 2012 - 10:47 AM

hi,

i too have been hit by google redirect.
i have done some research on another computer, but nothing has worked so far...
my first question would be how did i get this?
i run avast enterprise, and malwarebytes

i have run malwarebytes and it finds nothing

i have no hidden device in device manager of type/name
TDSServ.sys

i checked both firefox and IE (i have the issue in both) for a bad proxy, but none are set up

it is windows XP SP3 system (2 bit)

could anyone help me clean this up?

thank-you!
sjohns

BC AdBot (Login to Remove)

 


#2 sjohns

sjohns
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 November 2012 - 11:04 AM

i forgot to mention i ran
unhackme.exe

but it warned of and asked to delete many things, and i really did know what to do...
thank-you...

#3 sjohns

sjohns
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 November 2012 - 05:24 PM

i have since run SpyHunter and TDSSkiller... both found 0 threats...
anything else i could try?
thank-you...

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 PM

Posted 20 November 2012 - 09:11 PM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 sjohns

sjohns
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 21 November 2012 - 07:46 AM

Hi,

thank-you so much for your help!

i apologize that this took so long... i ran a boot Avast scan and it took all night... and found nothing...

i shut off all Avast shield controls to run these tools... was there anything else needed to disable script blocking?

the aswMBR did not ask to update definitions, and i scanned with the default 'QuickScan' rather than C.
is that OK?

here are the logs (DDS said i should compress the attach.txt so i did that... hope that is ok too...

thank-you!

dds.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by sjohnson at 6:55:19 on 2012-11-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.434 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVAST Software\Avast\AvastNet.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\MSDE2000\MSSQL$SWI\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\sj_keep\xptools\procexp\procexp.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\srtctp~1.lnk - c:\sj_keep\xptools\procexp\procexp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\msoffice\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 192.168.89.97 24.25.5.60
TCP: Interfaces\{C09B7615-227B-4217-BE62-D518D5396F05} : DHCPNameServer = 192.168.89.97 24.25.5.60
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: ckpNotify - ckpNotify.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sjohnson\application data\mozilla\firefox\profiles\zlqxc0ph.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\sjohnson\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npipcd3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-10-02 16:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-22 18544]
R0 RTOSDRV;Realtime OS Driver;c:\windows\system32\drivers\rtosdrv.sys [2006-8-16 160000]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-30 615928]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-22 339920]
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2011-2-18 2234320]
R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2005061);c:\windows\system32\drivers\NHOSTNT1.SYS [2010-8-12 65808]
R2 ACCESNT;ACCESNT;c:\windows\system32\drivers\ACCESNT.sys [2007-5-25 3641]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-22 20848]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-22 44808]
R2 avast! Net Client Service;avast! Net Client Service;c:\program files\avast software\avast\AvastNet.exe [2012-6-22 200344]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2011-2-18 36400]
R2 MSSQL$SWI;MSSQL$SWI;c:\msde2000\mssql$swi\binn\sqlservr.exe -sswi --> c:\msde2000\mssql$swi\binn\sqlservr.exe -sSWI [?]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [2008-2-14 49152]
R2 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2005061);c:\program files\danware data\netop remote control\host\NHOSTSVC.EXE [2010-8-12 1184016]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.4\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2011-2-18 109072]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2011-2-18 671472]
R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;c:\windows\system32\drivers\NGSSLDrv.sys [2006-7-18 18656]
R3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2005061) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2010-8-12 3216]
R3 SSLDrv;Virtual Passage SSLDrv Adapter;c:\windows\system32\drivers\SSLDrv.sys [2010-4-5 18656]
S2 AIOUSB;General Purpose USB Driver (AIOUSB.sys);c:\windows\system32\drivers\AIOUSB.sys [2007-5-25 143151]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 ATSMNET;Realtime OS Virtual Network;c:\windows\system32\drivers\atsmnet.sys [2006-8-16 22016]
S3 cemul2k;Cemul2k;c:\windows\system32\drivers\cemul2k.sys [2005-4-14 34688]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]
S3 EASYBOX;EASYBOX;c:\windows\system32\EasyBox.dll [2005-10-21 151552]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\genbus.sys --> c:\windows\system32\drivers\GenBus.sys [?]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [2011-11-7 171136]
S3 KEPServerEXLoggerV5;KEPServerEX 5.4 Event Logger;c:\program files\kepware\kepserverex 5\server_eventlog.exe [2010-10-31 107296]
S3 KEPServerEXV5;KEPServerEX 5.4 Runtime;c:\program files\kepware\kepserverex 5\server_runtime.exe [2010-10-31 184096]
S3 KurtUSB;KurtUSB Device;c:\windows\system32\KUSB2000.sys [2007-4-27 21726]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S3 PGC6DBServer;PGC 6 Database Server;c:\program files\parlec\pgc 6 database server\bin\mysqld-nt.exe [2008-10-7 5763072]
S3 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-10-8 766400]
S3 SQLAgent$SWI;SQLAgent$SWI;c:\msde2000\mssql$swi\binn\sqlagent.exe -i swi --> c:\msde2000\mssql$swi\binn\sqlagent.EXE -i SWI [?]
S3 SWIService;SWIService;c:\program files\l. s. starrett company\starrett wireless network\SWIService.exe [2007-4-27 159744]
S3 USA19H;USA19H;c:\windows\system32\drivers\usa19h2k.sys --> c:\windows\system32\drivers\USA19H2k.sys [?]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\usa19h2kp.sys --> c:\windows\system32\drivers\USA19H2kp.SYS [?]
S3 UsbConnect;Usb PLC;c:\windows\system32\UsbConnect.exe [2008-2-14 61440]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-8 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-12 189792]
S4 E4N;E4N;c:\windows\system32\E4n.dll [2003-12-5 77824]
S4 GAGEBOX;GAGEBOX;c:\windows\system32\GageBox.dll [2005-9-9 417878]
S4 MDHQSPC;MDHQSPC;c:\windows\system32\MDHQspc.dll [2005-9-28 178688]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 QREAD;QREAD;c:\windows\system32\QRead.dll [2004-12-7 77824]
S4 RTOSService;RTOS Service;c:\program files\cewin\RTOSService.exe [2005-12-16 90112]
S4 WINCOMDR;WINCOMDR;c:\windows\system32\WinComDr.dll [2005-10-6 106496]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-20 22:50:57 -------- d-----w- c:\documents and settings\sjohnson\local settings\application data\NPE
2012-11-20 22:50:57 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-11-20 22:41:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-20 20:38:49 110080 ----a-r- c:\documents and settings\sjohnson\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconF7A21AF7.exe
2012-11-20 20:38:49 110080 ----a-r- c:\documents and settings\sjohnson\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconD7F16134.exe
2012-11-20 20:38:49 110080 ----a-r- c:\documents and settings\sjohnson\application data\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconCF33A0CE.exe
2012-11-20 20:38:33 -------- d-----w- C:\sh4ldr
2012-11-20 20:38:33 -------- d-----w- c:\program files\Enigma Software Group
2012-11-20 20:37:38 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-20 13:16:25 -------- d-----w- c:\documents and settings\all users\application data\RegRun
2012-11-20 13:16:23 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-11-20 13:16:23 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-11-20 13:16:03 2 --shatr- c:\windows\winstart.bat
2012-11-20 13:15:57 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-11-20 13:15:51 -------- d-----w- c:\program files\UnHackMe
2012-11-20 11:50:06 -------- d-sha-r- C:\cmdcons
2012-11-20 11:46:12 98816 ----a-w- c:\windows\sed.exe
2012-11-20 11:46:12 256000 ----a-w- c:\windows\PEV.exe
2012-11-20 11:46:12 208896 ----a-w- c:\windows\MBR.exe
2012-11-07 12:44:26 -------- d-----w- c:\program files\CCleaner
2012-11-06 11:14:51 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-11-06 11:14:48 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-11-06 11:14:48 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-11-06 11:14:44 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-11-06 11:14:44 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-30 18:13:49 -------- d-----w- C:\Inetpub
.
==================== Find3M ====================
.
2012-11-15 12:11:25 22528 ----a-w- c:\windows\system32\XCDZIP35.oca
2012-11-07 18:25:46 25600 ----a-w- c:\windows\system32\MSCOMM32.oca
2012-11-06 11:38:39 35328 ----a-w- c:\windows\system32\COMCT332.oca
2012-11-05 17:48:20 43008 ----a-w- c:\windows\system32\tabctl32.oca
2012-11-05 17:48:20 35840 ----a-w- c:\windows\system32\COMDLG32.oca
2012-11-05 17:48:20 22016 ----a-w- c:\windows\system32\MSWINSCK.oca
2012-10-29 17:28:16 90624 ----a-w- c:\windows\system32\MSHFLXGD.oca
2012-10-08 11:14:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 11:14:35 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 11:11:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-08 11:11:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 11:11:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 14:41:45 286720 ------w- c:\windows\Setup1.exe
2012-09-14 14:41:43 73216 ----a-w- c:\windows\ST6UNST.EXE
.
============= FINISH: 7:03:17.45 ===============

aswMBR.txt:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-21 07:07:15
-----------------------------
07:07:15.062 OS Version: Windows 5.1.2600 Service Pack 3
07:07:15.062 Number of processors: 2 586 0x604
07:07:15.062 ComputerName: TMAC_8_DEV1 UserName: sjohnson
07:07:15.593 Initialize success
07:07:15.718 AVAST engine defs: 12112100
07:08:08.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:08:08.234 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
07:08:08.250 Disk 0 MBR read successfully
07:08:08.250 Disk 0 MBR scan
07:08:08.250 Disk 0 unknown MBR code
07:08:08.250 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
07:08:08.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148381 MB offset 96390
07:08:08.281 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4157 MB offset 303981930
07:08:08.281 Disk 0 scanning sectors +312496380
07:08:08.328 Disk 0 scanning C:\WINDOWS\system32\drivers
07:08:20.593 Service scanning
07:08:45.359 Modules scanning
07:08:51.015 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
07:08:52.203 Disk 0 trace - called modules:
07:08:52.218 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
07:08:52.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87391ab8]
07:08:52.218 3 CLASSPNP.SYS[f75e4fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87389030]
07:08:52.687 AVAST engine scan C:\WINDOWS
07:09:01.250 AVAST engine scan C:\WINDOWS\system32
07:13:13.625 AVAST engine scan C:\WINDOWS\system32\drivers
07:13:40.328 AVAST engine scan C:\Documents and Settings\sjohnson
07:36:15.218 AVAST engine scan C:\Documents and Settings\All Users
07:39:45.062 Scan finished successfully
07:40:14.937 Disk 0 MBR has been saved successfully to "M:\7-Home Directories\Sarah\redirect\MBR.dat"
07:40:14.937 The log file has been saved successfully to "M:\7-Home Directories\Sarah\redirect\aswMBR.txt"

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 PM

Posted 21 November 2012 - 06:36 PM

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Cure is selected (if Cure is not available, select Skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from the following location:

Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 sjohns

sjohns
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 22 November 2012 - 10:15 AM

Hi,

once again thank-you for your help!

first i must admit i ran a few tools yesterday that i read about in other threads... i will wait for further instructions from now on...
none of them (TDSKiller being one) found anything, except esetsmartinstaller
it said it found a trojan, and i posted that log at the end..
after that i did a few google searches and they were OK, then hijacked again...

here are the TDSKiller and Combofix logs

ComboFix did pop up and say
'you are infected with Rootkit.ZeroAccess' and that it needed to reboot...
i did that and it ran all 50 stages...
2 google searches and the system is still hijacked though...

thank-you...


08:36:35.0140 2836 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:36:36.0593 2836 ============================================================
08:36:36.0593 2836 Current date / time: 2012/11/22 08:36:36.0593
08:36:36.0593 2836 SystemInfo:
08:36:36.0593 2836
08:36:36.0593 2836 OS Version: 5.1.2600 ServicePack: 3.0
08:36:36.0593 2836 Product type: Workstation
08:36:36.0593 2836 ComputerName: TMAC_8_DEV1
08:36:36.0593 2836 UserName: sjohnson
08:36:36.0593 2836 Windows directory: C:\WINDOWS
08:36:36.0593 2836 System windows directory: C:\WINDOWS
08:36:36.0593 2836 Processor architecture: Intel x86
08:36:36.0593 2836 Number of processors: 2
08:36:36.0593 2836 Page size: 0x1000
08:36:36.0593 2836 Boot type: Normal boot
08:36:36.0593 2836 ============================================================
08:36:37.0046 2836 BG loaded
08:36:37.0468 2836 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:36:37.0468 2836 ============================================================
08:36:37.0468 2836 \Device\Harddisk0\DR0:
08:36:37.0468 2836 MBR partitions:
08:36:37.0468 2836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x121CECE4
08:36:37.0468 2836 ============================================================
08:36:37.0531 2836 C: <-> \Device\Harddisk0\DR0\Partition1
08:36:37.0531 2836 ============================================================
08:36:37.0531 2836 Initialize success
08:36:37.0531 2836 ============================================================
08:37:03.0890 3400 ============================================================
08:37:03.0890 3400 Scan started
08:37:03.0890 3400 Mode: Manual; TDLFS;
08:37:03.0890 3400 ============================================================
08:37:04.0796 3400 ================ Scan system memory ========================
08:37:07.0156 3400 System memory - ok
08:37:07.0156 3400 ================ Scan services =============================
08:37:07.0312 3400 [ ACA338AB4A7C2DD3425A7CEE63E7ABCD ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
08:37:07.0312 3400 Aavmker4 - ok
08:37:07.0328 3400 Abiosdsk - ok
08:37:07.0343 3400 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:37:07.0343 3400 abp480n5 - ok
08:37:07.0390 3400 [ F3688A3B3D999272044F9905C67B398D ] ACCESNT C:\WINDOWS\SYSTEM32\DRIVERS\accesnt.sys
08:37:07.0390 3400 ACCESNT - ok
08:37:07.0437 3400 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:37:07.0437 3400 ACPI - ok
08:37:07.0453 3400 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:37:07.0453 3400 ACPIEC - ok
08:37:07.0468 3400 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:37:07.0468 3400 adpu160m - ok
08:37:07.0500 3400 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:37:07.0500 3400 aec - ok
08:37:07.0562 3400 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
08:37:07.0562 3400 Afc - ok
08:37:07.0593 3400 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:37:07.0593 3400 AFD - ok
08:37:07.0625 3400 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
08:37:07.0625 3400 agp440 - ok
08:37:07.0640 3400 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:37:07.0640 3400 agpCPQ - ok
08:37:07.0656 3400 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:37:07.0656 3400 Aha154x - ok
08:37:07.0671 3400 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:37:07.0671 3400 aic78u2 - ok
08:37:07.0671 3400 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:37:07.0671 3400 aic78xx - ok
08:37:07.0718 3400 [ 666E8BF0D3C598212C834D92CA639865 ] AIOUSB C:\WINDOWS\system32\DRIVERS\AIOUSB.sys
08:37:07.0734 3400 AIOUSB - ok
08:37:07.0750 3400 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:37:07.0765 3400 Alerter - ok
08:37:07.0781 3400 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:37:07.0781 3400 ALG - ok
08:37:07.0796 3400 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
08:37:07.0796 3400 AliIde - ok
08:37:07.0812 3400 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:37:07.0828 3400 alim1541 - ok
08:37:07.0828 3400 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:37:07.0828 3400 amdagp - ok
08:37:07.0843 3400 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
08:37:07.0843 3400 amsint - ok
08:37:07.0968 3400 [ DC45AB27932447B598848B10650313C5 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
08:37:07.0984 3400 APC UPS Service - ok
08:37:08.0078 3400 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:37:08.0093 3400 Apple Mobile Device - ok
08:37:08.0125 3400 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:37:08.0125 3400 AppMgmt - ok
08:37:08.0156 3400 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
08:37:08.0156 3400 asc - ok
08:37:08.0171 3400 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:37:08.0171 3400 asc3350p - ok
08:37:08.0218 3400 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:37:08.0218 3400 asc3550 - ok
08:37:08.0343 3400 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:37:08.0359 3400 aspnet_state - ok
08:37:08.0406 3400 [ D592D4E5C724F6AE2E2B82C65382DC16 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:37:08.0406 3400 aswFsBlk - ok
08:37:08.0421 3400 [ 0551BAA85A2A847E1E15F64FB646A3DB ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
08:37:08.0421 3400 aswKbd - ok
08:37:08.0437 3400 [ 953E103C610FD9D4B165EB2B8CD805E6 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
08:37:08.0437 3400 aswMon2 - ok
08:37:08.0453 3400 [ ECFA3E1617F1B62C81744EFBB039DE3C ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
08:37:08.0453 3400 AswRdr - ok
08:37:08.0500 3400 [ 32E2ACBCBB96CCD43DB7CC5AF612D306 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
08:37:08.0546 3400 aswSnx - ok
08:37:08.0609 3400 [ 192BCC6C1EC0A556FD2114BFB155F919 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
08:37:08.0609 3400 aswSP - ok
08:37:08.0656 3400 [ 9333FE6057F47C371A80DC4F2D140D63 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
08:37:08.0656 3400 aswTdi - ok
08:37:08.0687 3400 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:37:08.0687 3400 AsyncMac - ok
08:37:08.0718 3400 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:37:08.0734 3400 atapi - ok
08:37:08.0734 3400 Atdisk - ok
08:37:08.0765 3400 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:37:08.0765 3400 Atmarpc - ok
08:37:08.0796 3400 [ 229F024E8FD092921F27D604AB2120AA ] ATSMNET C:\WINDOWS\system32\drivers\atsmnet.sys
08:37:08.0796 3400 ATSMNET - ok
08:37:08.0843 3400 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:37:08.0843 3400 AudioSrv - ok
08:37:08.0890 3400 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:37:08.0890 3400 audstub - ok
08:37:08.0984 3400 [ 01E80E1DE60650BC61E9A0A513B0DDD8 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:37:08.0984 3400 avast! Antivirus - ok
08:37:09.0015 3400 [ ACFBB28A14FE97312A3869412D9A906D ] avast! Net Client Service C:\Program Files\AVAST Software\Avast\AvastNet.exe
08:37:09.0015 3400 avast! Net Client Service - ok
08:37:09.0062 3400 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:37:09.0062 3400 Beep - ok
08:37:09.0093 3400 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:37:09.0140 3400 BITS - ok
08:37:09.0234 3400 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:37:09.0234 3400 Bonjour Service - ok
08:37:09.0250 3400 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
08:37:09.0265 3400 Browser - ok
08:37:09.0421 3400 catchme - ok
08:37:09.0468 3400 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:37:09.0468 3400 cbidf - ok
08:37:09.0468 3400 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:37:09.0468 3400 cbidf2k - ok
08:37:09.0531 3400 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:37:09.0531 3400 CCDECODE - ok
08:37:09.0578 3400 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:37:09.0578 3400 cd20xrnt - ok
08:37:09.0593 3400 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:37:09.0593 3400 Cdaudio - ok
08:37:09.0609 3400 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:37:09.0609 3400 Cdfs - ok
08:37:09.0625 3400 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:37:09.0625 3400 Cdrom - ok
08:37:09.0687 3400 [ C000094981CD99DD4AEE7F4E273AEB2C ] cemul2k C:\WINDOWS\system32\DRIVERS\cemul2k.sys
08:37:09.0687 3400 cemul2k - ok
08:37:09.0718 3400 Changer - ok
08:37:09.0750 3400 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:37:09.0750 3400 CiSvc - ok
08:37:09.0781 3400 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:37:09.0781 3400 ClipSrv - ok
08:37:09.0812 3400 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:37:09.0921 3400 clr_optimization_v2.0.50727_32 - ok
08:37:09.0953 3400 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:37:09.0953 3400 CmdIde - ok
08:37:09.0984 3400 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:37:09.0984 3400 Compbatt - ok
08:37:09.0984 3400 COMSysApp - ok
08:37:10.0015 3400 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:37:10.0031 3400 Cpqarray - ok
08:37:10.0078 3400 [ 3A7FDF41F09DEB037E9F89E23724ED48 ] CP_OMDRV C:\WINDOWS\system32\drivers\omdrv.sys
08:37:10.0078 3400 CP_OMDRV - ok
08:37:10.0125 3400 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:37:10.0125 3400 CryptSvc - ok
08:37:10.0125 3400 CSVirtA - ok
08:37:10.0187 3400 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
08:37:10.0187 3400 CVirtA - ok
08:37:10.0296 3400 [ 7E1A89338D8B7E1FDE676FC2DF0B399F ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
08:37:10.0359 3400 CVPND - ok
08:37:10.0375 3400 [ 091581087292B681725E6BC623EF2F82 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
08:37:10.0390 3400 CVPNDRVA - ok
08:37:10.0421 3400 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:37:10.0437 3400 dac2w2k - ok
08:37:10.0468 3400 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:37:10.0468 3400 dac960nt - ok
08:37:10.0515 3400 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:37:10.0531 3400 DcomLaunch - ok
08:37:10.0562 3400 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:37:10.0578 3400 Dhcp - ok
08:37:10.0593 3400 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:37:10.0593 3400 Disk - ok
08:37:10.0687 3400 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:37:10.0687 3400 DLABOIOM - ok
08:37:10.0703 3400 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:37:10.0703 3400 DLACDBHM - ok
08:37:10.0718 3400 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
08:37:10.0718 3400 DLADResN - ok
08:37:10.0734 3400 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:37:10.0734 3400 DLAIFS_M - ok
08:37:10.0750 3400 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:37:10.0750 3400 DLAOPIOM - ok
08:37:10.0750 3400 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:37:10.0765 3400 DLAPoolM - ok
08:37:10.0765 3400 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
08:37:10.0765 3400 DLARTL_N - ok
08:37:10.0781 3400 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:37:10.0781 3400 DLAUDFAM - ok
08:37:10.0796 3400 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:37:10.0796 3400 DLAUDF_M - ok
08:37:10.0796 3400 dmadmin - ok
08:37:10.0843 3400 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:37:10.0875 3400 dmboot - ok
08:37:10.0890 3400 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:37:10.0906 3400 dmio - ok
08:37:10.0921 3400 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:37:10.0921 3400 dmload - ok
08:37:10.0968 3400 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:37:10.0968 3400 dmserver - ok
08:37:10.0984 3400 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:37:10.0984 3400 DMusic - ok
08:37:11.0031 3400 [ C86FBF607445BF693450D84B775F168C ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
08:37:11.0031 3400 DNE - ok
08:37:11.0046 3400 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:37:11.0062 3400 Dnscache - ok
08:37:11.0125 3400 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:37:11.0125 3400 Dot3svc - ok
08:37:11.0156 3400 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:37:11.0156 3400 dpti2o - ok
08:37:11.0187 3400 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:37:11.0187 3400 drmkaud - ok
08:37:11.0203 3400 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:37:11.0218 3400 DRVMCDB - ok
08:37:11.0218 3400 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:37:11.0218 3400 DRVNDDM - ok
08:37:11.0250 3400 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:37:11.0265 3400 E100B - ok
08:37:11.0328 3400 [ 5B75BBF89D8341F424171DF7AD9DC465 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:37:11.0437 3400 e1express - ok
08:37:11.0484 3400 [ E7A88D7FFB8321FFB9A26D1AC4D7DD5A ] E4N C:\WINDOWS\system32\E4N.DLL
08:37:11.0500 3400 E4N - ok
08:37:11.0531 3400 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:37:11.0531 3400 EapHost - ok
08:37:11.0609 3400 [ DAE8A2FF0BDBB21128B15663ACFEDDA6 ] EASYBOX C:\WINDOWS\system32\EASYBOX.dll
08:37:11.0640 3400 EASYBOX - ok
08:37:11.0687 3400 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:37:11.0703 3400 ERSvc - ok
08:37:11.0781 3400 esgiguard - ok
08:37:11.0781 3400 EST_BusEnum - ok
08:37:11.0843 3400 [ 690A824B4920867487791AFCE287C291 ] EST_Server C:\WINDOWS\system32\DRIVERS\GenHC.sys
08:37:11.0843 3400 EST_Server - ok
08:37:11.0890 3400 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:37:11.0968 3400 Eventlog - ok
08:37:12.0000 3400 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:37:12.0015 3400 EventSystem - ok
08:37:12.0031 3400 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:37:12.0046 3400 Fastfat - ok
08:37:12.0078 3400 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:37:12.0093 3400 FastUserSwitchingCompatibility - ok
08:37:12.0140 3400 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
08:37:12.0140 3400 Fax - ok
08:37:12.0187 3400 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:37:12.0187 3400 Fdc - ok
08:37:12.0203 3400 FilterService - ok
08:37:12.0218 3400 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:37:12.0218 3400 Fips - ok
08:37:12.0296 3400 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:37:12.0359 3400 FLEXnet Licensing Service - ok
08:37:12.0406 3400 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:37:12.0406 3400 Flpydisk - ok
08:37:12.0437 3400 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:37:12.0437 3400 FltMgr - ok
08:37:12.0515 3400 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:37:12.0515 3400 FontCache3.0.0.0 - ok
08:37:12.0531 3400 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:37:12.0531 3400 Fs_Rec - ok
08:37:12.0578 3400 [ B7AA8283EC551D3A3B924E520E0621A7 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
08:37:12.0578 3400 FTDIBUS - ok
08:37:12.0625 3400 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:37:12.0625 3400 Ftdisk - ok
08:37:12.0640 3400 [ 596D31583CE332B5514520D74837F434 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
08:37:12.0640 3400 FTSER2K - ok
08:37:12.0750 3400 [ 25D5AB4A726CD457325513A91C33B50B ] FW1 C:\WINDOWS\system32\DRIVERS\fw.sys
08:37:12.0828 3400 FW1 - ok
08:37:12.0890 3400 [ 37B5A0F0E9ABFD955249657955862206 ] GAGEBOX C:\WINDOWS\system32\GAGEBOX.DLL
08:37:12.0906 3400 GAGEBOX - ok
08:37:12.0968 3400 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:37:12.0968 3400 GEARAspiWDM - ok
08:37:12.0984 3400 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:37:12.0984 3400 Gpc - ok
08:37:13.0000 3400 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:37:13.0015 3400 HDAudBus - ok
08:37:13.0078 3400 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:37:13.0078 3400 helpsvc - ok
08:37:13.0109 3400 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
08:37:13.0109 3400 HidBatt - ok
08:37:13.0109 3400 HidServ - ok
08:37:13.0140 3400 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:37:13.0140 3400 HidUsb - ok
08:37:13.0171 3400 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:37:13.0187 3400 hkmsvc - ok
08:37:13.0218 3400 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
08:37:13.0218 3400 hpn - ok
08:37:13.0265 3400 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:37:13.0265 3400 HTTP - ok
08:37:13.0312 3400 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:37:13.0328 3400 HTTPFilter - ok
08:37:13.0359 3400 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
08:37:13.0359 3400 i2omgmt - ok
08:37:13.0406 3400 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:37:13.0421 3400 i2omp - ok
08:37:13.0453 3400 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:37:13.0484 3400 i8042prt - ok
08:37:13.0546 3400 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
08:37:13.0562 3400 IAANTMon - ok
08:37:13.0593 3400 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
08:37:13.0593 3400 iastor - ok
08:37:13.0703 3400 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:37:13.0703 3400 IDriverT - ok
08:37:13.0796 3400 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:37:13.0859 3400 idsvc - ok
08:37:13.0937 3400 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
08:37:13.0937 3400 IISADMIN - ok
08:37:13.0953 3400 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:37:13.0953 3400 Imapi - ok
08:37:14.0046 3400 [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
08:37:14.0046 3400 Imapi Helper - ok
08:37:14.0078 3400 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:37:14.0093 3400 ImapiService - ok
08:37:14.0125 3400 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:37:14.0140 3400 ini910u - ok
08:37:14.0156 3400 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:37:14.0156 3400 IntelIde - ok
08:37:14.0203 3400 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:37:14.0203 3400 intelppm - ok
08:37:14.0234 3400 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:37:14.0234 3400 Ip6Fw - ok
08:37:14.0281 3400 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:37:14.0281 3400 IpFilterDriver - ok
08:37:14.0312 3400 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:37:14.0312 3400 IpInIp - ok
08:37:14.0343 3400 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:37:14.0359 3400 IpNat - ok
08:37:14.0421 3400 [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:37:14.0484 3400 iPod Service - ok
08:37:14.0531 3400 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:37:14.0531 3400 IPSec - ok
08:37:14.0562 3400 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:37:14.0562 3400 IRENUM - ok
08:37:14.0609 3400 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:37:14.0609 3400 isapnp - ok
08:37:14.0625 3400 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:37:14.0625 3400 Kbdclass - ok
08:37:14.0640 3400 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:37:14.0640 3400 kbdhid - ok
08:37:14.0734 3400 [ 7290A4283C874E0C37BF486B6B713D9F ] KEPServerEXLoggerV5 C:\Program Files\Kepware\KEPServerEX 5\server_eventlog.exe
08:37:14.0734 3400 KEPServerEXLoggerV5 - ok
08:37:14.0796 3400 [ CCE2E4C315249DA02BE59E24B5779DEC ] KEPServerEXV5 C:\Program Files\Kepware\KEPServerEX 5\server_runtime.exe
08:37:14.0921 3400 KEPServerEXV5 - ok
08:37:14.0953 3400 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:37:14.0968 3400 kmixer - ok
08:37:15.0031 3400 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:37:15.0031 3400 KSecDD - ok
08:37:15.0109 3400 [ 2181F89BBA4FB0D64A0D59BEDEF3DB0E ] KurtUSB C:\WINDOWS\system32\KUSB2000.sys
08:37:15.0125 3400 KurtUSB - ok
08:37:15.0171 3400 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:37:15.0281 3400 lanmanserver - ok
08:37:15.0328 3400 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:37:15.0359 3400 lanmanworkstation - ok
08:37:15.0421 3400 lbrtfdc - ok
08:37:15.0515 3400 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:37:15.0546 3400 LmHosts - ok
08:37:15.0546 3400 lvpopflt - ok
08:37:15.0656 3400 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
08:37:15.0687 3400 LVRS - ok
08:37:15.0703 3400 lvselsus - ok
08:37:15.0718 3400 LVUSBSta - ok
08:37:16.0218 3400 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
08:37:17.0156 3400 LVUVC - ok
08:37:17.0265 3400 [ 1EA77BED858339CD198392CB5FAD1567 ] MDHQSPC C:\WINDOWS\system32\MDHQSPC.DLL
08:37:17.0406 3400 MDHQSPC - ok
08:37:17.0640 3400 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:37:17.0828 3400 MDM - ok
08:37:17.0875 3400 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:37:17.0890 3400 Messenger - ok
08:37:17.0953 3400 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:37:17.0984 3400 mnmdd - ok
08:37:18.0031 3400 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:37:18.0062 3400 mnmsrvc - ok
08:37:18.0093 3400 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:37:18.0125 3400 Modem - ok
08:37:18.0140 3400 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:37:18.0140 3400 Mouclass - ok
08:37:18.0203 3400 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:37:18.0218 3400 mouhid - ok
08:37:18.0234 3400 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:37:18.0250 3400 MountMgr - ok
08:37:18.0359 3400 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:37:18.0375 3400 MozillaMaintenance - ok
08:37:18.0437 3400 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:37:18.0453 3400 mraid35x - ok
08:37:18.0484 3400 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:37:18.0500 3400 MRxDAV - ok
08:37:18.0578 3400 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:37:18.0593 3400 MRxSmb - ok
08:37:18.0609 3400 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:37:18.0625 3400 MSDTC - ok
08:37:18.0640 3400 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:37:18.0640 3400 Msfs - ok
08:37:18.0750 3400 [ 64149160CCBAE488D61ABE3F46E8A95F ] msftesql C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
08:37:18.0781 3400 msftesql - ok
08:37:18.0796 3400 MSIServer - ok
08:37:18.0812 3400 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:37:18.0828 3400 MSKSSRV - ok
08:37:18.0859 3400 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:37:18.0859 3400 MSPCLOCK - ok
08:37:18.0906 3400 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:37:18.0906 3400 MSPQM - ok
08:37:18.0953 3400 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:37:18.0968 3400 mssmbios - ok
08:37:19.0390 3400 [ 1B959A0614D575D0AB3B09095F0A8B83 ] MSSQL$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
08:37:19.0625 3400 MSSQL$MICROSOFTSMLBIZ - ok
08:37:19.0703 3400 MSSQL$SQLEXPRESS - ok
08:37:19.0750 3400 MSSQL$SWI - ok
08:37:19.0781 3400 MSSQLSERVER - ok
08:37:19.0859 3400 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:37:19.0890 3400 MSSQLServerADHelper - ok
08:37:20.0312 3400 [ 0D85A542737CB25314CAF92AF896DD0D ] MSSQLServerOLAPService C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
08:37:20.0671 3400 MSSQLServerOLAPService - ok
08:37:20.0703 3400 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:37:20.0703 3400 MSTEE - ok
08:37:20.0890 3400 [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
08:37:20.0968 3400 msvsmon80 - ok
08:37:21.0140 3400 [ E514D0493C272AECBAC7C6C1DAC635D1 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
08:37:21.0203 3400 msvsmon90 - ok
08:37:21.0250 3400 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:37:21.0250 3400 Mup - ok
08:37:21.0281 3400 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:37:21.0281 3400 NABTSFEC - ok
08:37:21.0328 3400 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:37:21.0359 3400 napagent - ok
08:37:21.0390 3400 [ 0DA8B8DE4425745D9B6AD21622A3138F ] NA_Service C:\WINDOWS\system32\NA_Service.exe
08:37:21.0406 3400 NA_Service - ok
08:37:21.0437 3400 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:37:21.0437 3400 NDIS - ok
08:37:21.0468 3400 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:37:21.0468 3400 NdisIP - ok
08:37:21.0500 3400 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:37:21.0500 3400 NdisTapi - ok
08:37:21.0515 3400 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:37:21.0515 3400 Ndisuio - ok
08:37:21.0531 3400 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:37:21.0531 3400 NdisWan - ok
08:37:21.0562 3400 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:37:21.0562 3400 NDProxy - ok
08:37:21.0578 3400 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:37:21.0593 3400 NetBIOS - ok
08:37:21.0609 3400 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:37:21.0609 3400 NetBT - ok
08:37:21.0656 3400 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:37:21.0671 3400 NetDDE - ok
08:37:21.0671 3400 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:37:21.0687 3400 NetDDEdsdm - ok
08:37:21.0718 3400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:37:21.0734 3400 Netlogon - ok
08:37:21.0750 3400 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:37:21.0765 3400 Netman - ok
08:37:21.0875 3400 [ FACA0DFF01A2BCE39C460FAD8E5619EF ] NetOp Host for NT Service C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
08:37:21.0906 3400 NetOp Host for NT Service - ok
08:37:22.0031 3400 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
08:37:22.0031 3400 NetSvc - ok
08:37:22.0062 3400 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:37:22.0062 3400 NetTcpPortSharing - ok
08:37:22.0109 3400 [ 5A1769F0CD772FCE11004E8DCAFC5479 ] NGSSLDrv C:\WINDOWS\system32\DRIVERS\NGSSLDrv.sys
08:37:22.0109 3400 NGSSLDrv - ok
08:37:22.0156 3400 [ E85BB892E706FC90DB027B4B7D81621C ] NHostNT1 C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS
08:37:22.0171 3400 NHostNT1 - ok
08:37:22.0171 3400 [ 990D91813D84BFCADCD1601E401D37FC ] NHOSTNT3 C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS
08:37:22.0187 3400 NHOSTNT3 - ok
08:37:22.0218 3400 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
08:37:22.0218 3400 Nla - ok
08:37:22.0250 3400 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
08:37:22.0250 3400 nm - ok
08:37:22.0296 3400 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
08:37:22.0296 3400 NPF - ok
08:37:22.0312 3400 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:37:22.0312 3400 Npfs - ok
08:37:22.0328 3400 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:37:22.0343 3400 Ntfs - ok
08:37:22.0375 3400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:37:22.0390 3400 NtLmSsp - ok
08:37:22.0437 3400 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:37:22.0468 3400 NtmsSvc - ok
08:37:22.0515 3400 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:37:22.0515 3400 Null - ok
08:37:22.0703 3400 [ 83780F3A86D2804912F22F6E37CD2254 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:37:22.0859 3400 nv - ok
08:37:22.0890 3400 [ 42321AC5448078131903B272E6C49024 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
08:37:22.0906 3400 NVSvc - ok
08:37:22.0937 3400 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:37:22.0937 3400 NwlnkFlt - ok
08:37:22.0937 3400 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:37:22.0953 3400 NwlnkFwd - ok
08:37:23.0093 3400 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:37:23.0093 3400 odserv - ok
08:37:23.0140 3400 [ 4B46978A6C6793312E39E0A41496E75E ] OpcEnum C:\WINDOWS\system32\OpcEnum.exe
08:37:23.0156 3400 OpcEnum - ok
08:37:23.0203 3400 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:37:23.0203 3400 ose - ok
08:37:23.0250 3400 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:37:23.0250 3400 Parport - ok
08:37:23.0250 3400 Partizan - ok
08:37:23.0281 3400 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:37:23.0281 3400 PartMgr - ok
08:37:23.0328 3400 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:37:23.0328 3400 ParVdm - ok
08:37:23.0359 3400 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:37:23.0359 3400 PCI - ok
08:37:23.0375 3400 PCIDump - ok
08:37:23.0390 3400 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:37:23.0406 3400 PCIIde - ok
08:37:23.0406 3400 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:37:23.0421 3400 Pcmcia - ok
08:37:23.0421 3400 PDCOMP - ok
08:37:23.0421 3400 PDFRAME - ok
08:37:23.0437 3400 PDRELI - ok
08:37:23.0437 3400 PDRFRAME - ok
08:37:23.0468 3400 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
08:37:23.0468 3400 perc2 - ok
08:37:23.0484 3400 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:37:23.0484 3400 perc2hib - ok
08:37:23.0687 3400 [ 6B04BCB0A2E6F2BE3A8A3D128946AD20 ] PGC6DBServer C:\Program Files\Parlec\PGC 6 Database Server\bin\mysqld-nt.exe
08:37:23.0828 3400 PGC6DBServer - ok
08:37:23.0859 3400 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:37:23.0875 3400 PlugPlay - ok
08:37:23.0890 3400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:37:23.0906 3400 PolicyAgent - ok
08:37:23.0921 3400 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:37:23.0937 3400 PptpMiniport - ok
08:37:23.0937 3400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:37:23.0937 3400 ProtectedStorage - ok
08:37:23.0953 3400 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:37:23.0953 3400 PSched - ok
08:37:23.0984 3400 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:37:23.0984 3400 Ptilink - ok
08:37:24.0031 3400 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:37:24.0031 3400 PxHelp20 - ok
08:37:24.0078 3400 [ FDDD1AEB9F81EF1E6E48AE1EDC2A97D6 ] QCDonner C:\WINDOWS\system32\DRIVERS\OVCD.sys
08:37:24.0078 3400 QCDonner - ok
08:37:24.0140 3400 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:37:24.0140 3400 ql1080 - ok
08:37:24.0140 3400 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:37:24.0156 3400 Ql10wnt - ok
08:37:24.0156 3400 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:37:24.0156 3400 ql12160 - ok
08:37:24.0156 3400 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:37:24.0171 3400 ql1240 - ok
08:37:24.0171 3400 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:37:24.0171 3400 ql1280 - ok
08:37:24.0187 3400 [ 47314030B7C50812B5A9BC00BF029475 ] QREAD C:\WINDOWS\system32\QREAD.DLL
08:37:24.0203 3400 QREAD - ok
08:37:24.0234 3400 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:37:24.0234 3400 RasAcd - ok
08:37:24.0281 3400 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:37:24.0296 3400 RasAuto - ok
08:37:24.0312 3400 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:37:24.0312 3400 Rasl2tp - ok
08:37:24.0359 3400 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:37:24.0375 3400 RasMan - ok
08:37:24.0390 3400 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:37:24.0390 3400 RasPppoe - ok
08:37:24.0406 3400 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:37:24.0406 3400 Raspti - ok
08:37:24.0421 3400 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:37:24.0421 3400 Rdbss - ok
08:37:24.0437 3400 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:37:24.0453 3400 RDPCDD - ok
08:37:24.0453 3400 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:37:24.0468 3400 rdpdr - ok
08:37:24.0500 3400 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:37:24.0500 3400 RDPWD - ok
08:37:24.0546 3400 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:37:24.0578 3400 RDSessMgr - ok
08:37:24.0609 3400 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:37:24.0625 3400 redbook - ok
08:37:24.0656 3400 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:37:24.0671 3400 RemoteAccess - ok
08:37:24.0703 3400 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:37:24.0718 3400 RemoteRegistry - ok
08:37:24.0812 3400 [ ABCCDC47FE31FFC6FF18CE6656A8BBB4 ] ReportServer C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
08:37:24.0812 3400 ReportServer - ok
08:37:24.0859 3400 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
08:37:24.0859 3400 ROOTMODEM - ok
08:37:24.0906 3400 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
08:37:24.0921 3400 rpcapd - ok
08:37:24.0953 3400 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:37:24.0953 3400 RpcLocator - ok
08:37:24.0984 3400 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:37:25.0000 3400 RpcSs - ok
08:37:25.0031 3400 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:37:25.0046 3400 RSVP - ok
08:37:25.0093 3400 [ 99676D1FB0F6740EEF07060F552FE7AC ] RTOSDRV C:\WINDOWS\system32\drivers\rtosdrv.sys
08:37:25.0093 3400 RTOSDRV - ok
08:37:25.0156 3400 [ 49C47F71FB39E2C90A50167FEBB51274 ] RTOSService C:\Program Files\CeWin\RTOSService.exe
08:37:25.0171 3400 RTOSService - ok
08:37:25.0187 3400 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:37:25.0187 3400 SamSs - ok
08:37:25.0203 3400 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:37:25.0218 3400 SCardSvr - ok
08:37:25.0250 3400 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:37:25.0281 3400 Schedule - ok
08:37:25.0296 3400 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:37:25.0312 3400 Secdrv - ok
08:37:25.0328 3400 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:37:25.0359 3400 seclogon - ok
08:37:25.0390 3400 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:37:25.0406 3400 SENS - ok
08:37:25.0453 3400 [ B490AD520257DDA26C1D587A71E527B5 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
08:37:25.0468 3400 Ser2pl - ok
08:37:25.0484 3400 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:37:25.0515 3400 serenum - ok
08:37:25.0562 3400 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:37:25.0578 3400 Serial - ok
08:37:25.0609 3400 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:37:25.0640 3400 Sfloppy - ok
08:37:25.0765 3400 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:37:25.0984 3400 SharedAccess - ok
08:37:26.0015 3400 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:37:26.0031 3400 ShellHWDetection - ok
08:37:26.0046 3400 Simbad - ok
08:37:26.0093 3400 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:37:26.0125 3400 sisagp - ok
08:37:26.0265 3400 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:37:26.0281 3400 SkypeUpdate - ok
08:37:26.0312 3400 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:37:26.0312 3400 SLIP - ok
08:37:26.0375 3400 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
08:37:26.0375 3400 SMTPSVC - ok
08:37:26.0421 3400 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:37:26.0421 3400 Sparrow - ok
08:37:26.0453 3400 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:37:26.0453 3400 splitter - ok
08:37:26.0500 3400 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:37:26.0531 3400 Spooler - ok
08:37:26.0578 3400 [ 352E375AB298C23B0F9BC307652C7F50 ] SQLAgent$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
08:37:26.0593 3400 SQLAgent$MICROSOFTSMLBIZ - ok
08:37:26.0593 3400 SQLAgent$SWI - ok
08:37:26.0640 3400 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:37:26.0640 3400 SQLBrowser - ok
08:37:26.0718 3400 [ 7847EF1DB2E289BE82CBC70CF4D98FF8 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
08:37:26.0718 3400 SQLSERVERAGENT - ok
08:37:26.0765 3400 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:37:26.0765 3400 SQLWriter - ok
08:37:26.0796 3400 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:37:26.0796 3400 sr - ok
08:37:26.0828 3400 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:37:26.0859 3400 srservice - ok
08:37:26.0875 3400 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:37:26.0890 3400 Srv - ok
08:37:27.0031 3400 [ 9FB3B2DFDFA4D69675B57D28862AC9C3 ] SR_Service C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
08:37:27.0031 3400 SR_Service - ok
08:37:27.0078 3400 [ 17DDE9741B58B730FF2FEBDC28B95966 ] SR_WatchDog C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
08:37:27.0078 3400 SR_WatchDog - ok
08:37:27.0125 3400 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:37:27.0140 3400 SSDPSRV - ok
08:37:27.0203 3400 [ 851639C9E40DC3E745580B80A67052D4 ] SSLDrv C:\WINDOWS\system32\DRIVERS\SSLDrv.sys
08:37:27.0203 3400 SSLDrv - ok
08:37:27.0281 3400 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
08:37:27.0312 3400 STHDA - ok
08:37:27.0359 3400 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:37:27.0406 3400 stisvc - ok
08:37:27.0453 3400 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:37:27.0453 3400 streamip - ok
08:37:27.0484 3400 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:37:27.0484 3400 swenum - ok
08:37:27.0593 3400 [ B1885B86356539328331584887F97FB0 ] SWIService c:\program files\l. s. starrett company\starrett wireless network\swiservice.exe
08:37:27.0609 3400 SWIService - ok
08:37:27.0625 3400 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:37:27.0640 3400 swmidi - ok
08:37:27.0640 3400 SwPrv - ok
08:37:27.0687 3400 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
08:37:27.0687 3400 symc810 - ok
08:37:27.0703 3400 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:37:27.0718 3400 symc8xx - ok
08:37:27.0750 3400 [ 5C66E6AA29DAD1875CC74662DD13C87E ] SymSnap C:\WINDOWS\system32\DRIVERS\symsnap.sys
08:37:27.0765 3400 SymSnap - ok
08:37:27.0796 3400 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:37:27.0796 3400 sym_hi - ok
08:37:27.0812 3400 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:37:27.0828 3400 sym_u3 - ok
08:37:27.0859 3400 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:37:27.0859 3400 sysaudio - ok
08:37:27.0890 3400 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:37:27.0921 3400 SysmonLog - ok
08:37:27.0953 3400 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:37:27.0968 3400 TapiSrv - ok
08:37:28.0015 3400 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:37:28.0015 3400 Tcpip - ok
08:37:28.0062 3400 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:37:28.0062 3400 TDPIPE - ok
08:37:28.0078 3400 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:37:28.0078 3400 TDTCP - ok
08:37:28.0093 3400 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:37:28.0093 3400 TermDD - ok
08:37:28.0125 3400 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:37:28.0171 3400 TermService - ok
08:37:28.0218 3400 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
08:37:28.0234 3400 Themes - ok
08:37:28.0250 3400 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:37:28.0265 3400 TlntSvr - ok
08:37:28.0312 3400 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
08:37:28.0328 3400 TosIde - ok
08:37:28.0343 3400 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:37:28.0359 3400 TrkWks - ok
08:37:28.0406 3400 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:37:28.0406 3400 Udfs - ok
08:37:28.0406 3400 UimBus - ok
08:37:28.0406 3400 Uim_IM - ok
08:37:28.0421 3400 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
08:37:28.0421 3400 ultra - ok
08:37:28.0515 3400 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:37:28.0515 3400 UMVPFSrv - ok
08:37:28.0562 3400 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
08:37:28.0593 3400 UMWdf - ok
08:37:28.0625 3400 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:37:28.0656 3400 Update - ok
08:37:28.0687 3400 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:37:28.0718 3400 upnphost - ok
08:37:28.0734 3400 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:37:28.0750 3400 UPS - ok
08:37:28.0765 3400 USA19H - ok
08:37:28.0765 3400 USA19H2KP - ok
08:37:28.0796 3400 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:37:28.0796 3400 USBAAPL - ok
08:37:28.0828 3400 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:37:28.0843 3400 usbaudio - ok
08:37:28.0859 3400 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:37:28.0859 3400 usbccgp - ok
08:37:28.0906 3400 [ 63E43B1A77086D42620A76C829C9AF4E ] UsbConnect C:\WINDOWS\system32\UsbConnect.exe
08:37:28.0921 3400 UsbConnect - ok
08:37:28.0953 3400 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:37:28.0953 3400 usbehci - ok
08:37:29.0000 3400 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:37:29.0000 3400 usbhub - ok
08:37:29.0015 3400 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:37:29.0015 3400 USBSTOR - ok
08:37:29.0031 3400 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:37:29.0031 3400 usbuhci - ok
08:37:29.0062 3400 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
08:37:29.0062 3400 usbvideo - ok
08:37:29.0093 3400 [ 16662738E1AB857FB91ED2D4065440B0 ] V2IMount C:\WINDOWS\system32\DRIVERS\v2imount.sys
08:37:29.0093 3400 V2IMount - ok
08:37:29.0140 3400 [ 4EF76D8D7505F20DBF54886C01A7A730 ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
08:37:29.0140 3400 VBoxNetAdp - ok
08:37:29.0140 3400 VBoxNetFlt - ok
08:37:29.0187 3400 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:37:29.0187 3400 VgaSave - ok
08:37:29.0250 3400 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:37:29.0250 3400 viaagp - ok
08:37:29.0265 3400 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:37:29.0265 3400 ViaIde - ok
08:37:29.0406 3400 [ B5BA71EADEED0773D2E0978F962E1BF3 ] Visual Studio Analyzer RPC bridge C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
08:37:29.0406 3400 Visual Studio Analyzer RPC bridge - ok
08:37:29.0437 3400 [ 0670C3B1890CED2CE0B4A21EC61DFD7B ] VNASC C:\WINDOWS\system32\DRIVERS\vnasc.sys
08:37:29.0437 3400 VNASC - ok
08:37:29.0484 3400 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:37:29.0484 3400 VolSnap - ok
08:37:29.0546 3400 [ 1341180CF6CCA054C4609ACB9FC10212 ] VPN-1 C:\WINDOWS\System32\drivers\vpn.sys
08:37:29.0593 3400 VPN-1 - ok
08:37:29.0625 3400 [ 3995D1E95F3C621467DA4BCE868CDC90 ] vsbus C:\WINDOWS\system32\DRIVERS\vsb.sys
08:37:29.0640 3400 vsbus - ok
08:37:29.0687 3400 [ D658E49302C382B88C8E9A08E20B2E82 ] vsdatant C:\WINDOWS\system32\vsdatant.sys
08:37:29.0703 3400 vsdatant - ok
08:37:29.0734 3400 [ 3FEB02F2EEBAA3F099E279C258EF786E ] vserial C:\WINDOWS\system32\DRIVERS\vserial.sys
08:37:29.0750 3400 vserial - ok
08:37:29.0781 3400 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:37:29.0796 3400 VSS - ok
08:37:29.0828 3400 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
08:37:29.0843 3400 w32time - ok
08:37:29.0859 3400 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
08:37:29.0859 3400 W3SVC - ok
08:37:29.0890 3400 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:37:29.0890 3400 Wanarp - ok
08:37:29.0890 3400 wanatw - ok
08:37:29.0937 3400 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
08:37:29.0953 3400 Wdf01000 - ok
08:37:29.0953 3400 WDICA - ok
08:37:29.0984 3400 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:37:29.0984 3400 wdmaud - ok
08:37:30.0015 3400 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:37:30.0031 3400 WebClient - ok
08:37:30.0062 3400 [ EAC80BBB1C3D40AA9834A4806467F251 ] WINCOMDR C:\WINDOWS\system32\WinComDr.DLL
08:37:30.0093 3400 WINCOMDR - ok
08:37:30.0171 3400 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:37:30.0171 3400 winmgmt - ok
08:37:30.0203 3400 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:37:30.0203 3400 WinUSB - ok
08:37:30.0250 3400 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:37:30.0250 3400 WmdmPmSN - ok
08:37:30.0312 3400 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:37:30.0312 3400 Wmi - ok
08:37:30.0343 3400 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:37:30.0343 3400 WmiApSrv - ok
08:37:30.0390 3400 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:37:30.0390 3400 WS2IFSL - ok
08:37:30.0421 3400 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:37:30.0453 3400 wscsvc - ok
08:37:30.0484 3400 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:37:30.0484 3400 WSTCODEC - ok
08:37:30.0500 3400 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:37:30.0531 3400 wuauserv - ok
08:37:30.0546 3400 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:37:30.0562 3400 WudfPf - ok
08:37:30.0578 3400 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:37:30.0578 3400 WudfRd - ok
08:37:30.0593 3400 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:37:30.0625 3400 WudfSvc - ok
08:37:30.0671 3400 [ 790D0A1EFF8CA30776051445D0487CDB ] WUSB54GPV4SRV C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
08:37:30.0687 3400 WUSB54GPV4SRV - ok
08:37:30.0718 3400 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:37:30.0765 3400 WZCSVC - ok
08:37:30.0781 3400 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:37:30.0812 3400 xmlprov - ok
08:37:30.0812 3400 ================ Scan global ===============================
08:37:30.0859 3400 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:37:30.0906 3400 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
08:37:30.0937 3400 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
08:37:30.0968 3400 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:37:30.0984 3400 [Global] - ok
08:37:30.0984 3400 ================ Scan MBR ==================================
08:37:31.0015 3400 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
08:37:31.0343 3400 \Device\Harddisk0\DR0 - ok
08:37:31.0343 3400 ================ Scan VBR ==================================
08:37:31.0343 3400 [ 3AEC6094C43901471F7FA04C5F3E8EE9 ] \Device\Harddisk0\DR0\Partition1
08:37:31.0343 3400 \Device\Harddisk0\DR0\Partition1 - ok
08:37:31.0343 3400 ============================================================
08:37:31.0343 3400 Scan finished
08:37:31.0343 3400 ============================================================
08:37:31.0375 3924 Detected object count: 0
08:37:31.0375 3924 Actual detected object count: 0

*******************************************************************
ComboFix 12-11-22.03 - sjohnson 11/22/2012 8:56.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.535 [GMT -5:00]
Running from: c:\documents and settings\sjohnson\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-21 19:39 . 2012-11-21 19:39 -------- d-----w- c:\program files\ESET
2012-11-20 22:50 . 2012-11-20 23:16 -------- d-----w- c:\documents and settings\sjohnson\Local Settings\Application Data\NPE
2012-11-20 22:50 . 2012-11-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-11-20 22:41 . 2012-09-25 04:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-20 20:38 . 2012-11-20 20:38 -------- d-----w- c:\program files\Enigma Software Group
2012-11-20 20:37 . 2012-11-21 13:27 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-20 13:16 . 2012-11-20 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\RegRun
2012-11-20 13:16 . 2012-11-20 13:16 2 --shatr- c:\windows\winstart.bat
2012-11-20 13:15 . 2012-11-21 13:26 -------- d-----w- c:\program files\UnHackMe
2012-11-07 12:44 . 2012-11-07 12:44 -------- d-----w- c:\program files\CCleaner
2012-10-30 18:13 . 2012-10-30 18:13 -------- d-----w- C:\Inetpub
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 13:16 . 2012-10-08 11:14 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 13:16 . 2011-07-05 11:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 12:11 . 2011-09-16 14:20 22528 ----a-w- c:\windows\system32\XCDZIP35.oca
2012-11-07 18:25 . 2010-05-03 21:43 25600 ----a-w- c:\windows\system32\MSCOMM32.oca
2012-11-06 11:38 . 2010-11-22 11:17 35328 ----a-w- c:\windows\system32\COMCT332.oca
2012-11-05 17:48 . 2011-09-20 21:33 35840 ----a-w- c:\windows\system32\COMDLG32.oca
2012-11-05 17:48 . 2010-05-03 21:43 22016 ----a-w- c:\windows\system32\MSWINSCK.oca
2012-11-05 17:48 . 2006-07-02 18:23 43008 ----a-w- c:\windows\system32\tabctl32.oca
2012-10-29 17:28 . 2006-07-18 15:29 90624 ----a-w- c:\windows\system32\MSHFLXGD.oca
2012-10-08 11:11 . 2010-05-21 21:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-08 11:11 . 2012-10-08 11:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 11:11 . 2010-05-21 21:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-30 00:54 . 2009-04-27 13:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 14:41 . 2008-04-14 18:02 286720 ------w- c:\windows\Setup1.exe
2012-09-14 14:41 . 2006-07-02 18:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-09-13 10:26 . 2012-09-13 10:26 53248 ----a-r- c:\documents and settings\sjohnson\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-15 12:07 . 2012-11-21 16:44 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2012-04-20 12:18 . 2012-11-21 16:44 586040 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-06-11 11:57 . 2012-11-21 16:44 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-06-11 11:57 . 2012-11-21 16:44 99200 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-11-21 16:45 . 2012-11-21 16:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-04 15:18 123576 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2007-01-11 339968]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-04 4251328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-12-15 221247]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
SrtCt procexp.lnk - c:\sj_keep\xptools\procexp\procexp.exe [2008-8-8 3564584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-10 01:59 24674 ----a-w- c:\windows\system32\ckpNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^sjohnson^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\sjohnson\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 03:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 14:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 02:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
2004-04-01 19:51 1589248 ----a-w- c:\dell\DellHelp\DellHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 06:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEPServerEX 5.4]
2010-10-31 06:47 117536 ----a-w- c:\program files\Kepware\KEPServerEX 5\server_admin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 18:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-08 23:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
2008-06-03 18:16 210248 ----a-w- c:\program files\WebEx\Productivity Tools\PTIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ptmsgfrm.exe]
2008-06-03 18:17 42312 ----a-w- c:\program files\WebEx\Productivity Tools\ptmsgfrm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
2008-06-03 18:17 165192 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 14:26 26112 ----a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-11-12 16:26 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-11-12 16:26 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Danware Data\\NetOp Remote Control\\Guest\\NGSTW32.EXE"=
"c:\\Program Files\\Danware Data\\NetOp Remote Control\\Host\\NHSTW32.EXE"=
"c:\\Documents and Settings\\sjohnson\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\JOBS\\IHJ139 Focas1 TMAC SerialThread\\TMACSerialTranslate.NET\\bin\\SerialCommandManager.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"c:\\JOBS\\AutoComp_GageView\\ACserver\\bin\\AutoCompLocalAgent.exe"=
"c:\\JOBS\\AutoComp_RemoteView\\AutoCompLocalAgent\\AutoCompLocalAgent\\bin\\Debug\\AutoCompLocalAgent.vshost.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\Linux\\CEITMACDisplay.exe"=
"c:\\JOBS\\CEI_RemoteView\\RemoteView\\bin\\Debug\\CEI_RemoteView.exe"=
"c:\\JOBS\\CEI_RemoteView\\RemoteView\\bin\\Debug\\CEI_RemoteView.vshost.exe"=
"c:\\JOBS\\CEI_ProcessDataCollect\\CEI_ProcessDataCollect\\bin\\Debug\\DataCollectLocalAgent.exe"=
"c:\\JOBS\\CEI_ProcessDataCollect\\DataCollectLocalAgent\\DataCollectLocalAgent\\bin\\Debug\\DataCollectLocalAgent.vshost.exe"=
"c:\\JOBS\\CEI_ProcessDataCollect\\DataCollectLocalAgent\\DataCollectLocalAgent\\bin\\Debug\\DataCollectLocalAgent.exe"=
"c:\\JOBS\\IHJ124 TMAC9\\Display\\Source8190LinuxDNS\\CEITMACDisplay.exe"=
"c:\\Program Files\\Caron Engineering\\CEI_RemoteView\\CEI_RemoteView.exe"=
"c:\\JOBS\\IHJ124 TMAC9\\Display\\Source8190LinuxDNSW7\\Current\\CEITMACDisplay.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\TMAC Display 8_1_3 (90 LinuxDNS) Windows7\\Current\\CEITMACDisplay.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\TMAC Display 8_1_3 (90 LinuxDNS) Windows7\\Current\\CEITMACDisplay_hang.exe"=
"c:\\JOBS\\IHJ139 Focas1 TMAC SerialThread\\TMACSerialTranslate.NET\\bin\\SerialCommandManager.vshost.exe"=
"c:\\JOBS\\IHJ124 TMAC9\\Display\\TMAC Display 8_2_1 Vibration\\Source 8_2Base for vibration\\CEITMACDisplay.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\TMAC 8_2\\Display\\CEITMACDisplay.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\JOBS\\CEI_RemoteView_VersionSupport\\RemoteView\\bin\\Debug\\CEI_RemoteView.vshost.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\Source 8_2\\CEITMACDisplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\Source 8_2\\CEITMACDisplayTM9.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\TMAC Display 83 Com RT\\Source\\CEITMACDisplay.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\TMAC Display 8_3 for 9\\Source\\CEITMACDisplay.exe"=
"c:\\JOBS\\AutoComp_GageViewpercent\\ACserver\\bin\\AutoCompLocalAgent.exe"=
"c:\\JOBS\\IHJ124 TMAC9\\SensorTestLibusb\\Debug\\SensorTestLibusb.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\TMAC Display 8_3 for 9\\Source\\CEITMACDisplay83.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\TMAC Display 8_3 for 9\\Source Path2\\CEITMACDisplay.exe"=
"c:\\JOBS\\IHJ97 TMAC 8\\Source_832\\CEITMACDisplay.exe"=
"c:\\JOBS\\AutoComp_RemoteView\\AutoCompLocalAgent\\AutoCompLocalAgent\\bin\\Debug\\AutoCompLocalAgent.exe"=
"c:\\Caron Engineering\\CEITMAC V8.3.2\\CEITMACDisplay.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\JOBS\\IHJ124 TMAC9\\Display\\Source832\\CEITMACDisplay.exe"=
"c:\\JOBS\\IHJ124 TMAC9\\FocasServerNoForm\\CEI_FocasServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"21:TCP"= 21:TCP:192.168.157.0/255.255.255.0:Enabled:RtE FTP
"23:TCP"= 23:TCP:192.168.157.0/255.255.255.0:Enabled:RtE Telnet
"5678:TCP"= 5678:TCP:192.168.157.0/255.255.255.0:Enabled:RtE Remote Debug
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/22/2012 4:03 PM 18544]
R0 RTOSDRV;Realtime OS Driver;c:\windows\system32\drivers\rtosdrv.sys [8/16/2006 10:21 AM 160000]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/30/2011 3:01 PM 615928]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/22/2012 4:03 PM 339920]
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2/18/2011 4:57 PM 2234320]
R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2005061);c:\windows\system32\drivers\NHOSTNT1.SYS [8/12/2010 9:52 AM 65808]
R2 ACCESNT;ACCESNT;c:\windows\system32\drivers\ACCESNT.sys [5/25/2007 1:22 PM 3641]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/22/2012 4:03 PM 20848]
R2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast\AvastNet.exe [6/22/2012 4:22 PM 200344]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2/18/2011 4:55 PM 36400]
R2 MSSQL$SWI;MSSQL$SWI;c:\msde2000\MSSQL$SWI\Binn\sqlservr.exe -sSWI --> c:\msde2000\MSSQL$SWI\Binn\sqlservr.exe -sSWI [?]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [2/14/2008 10:02 AM 49152]
R2 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2005061);c:\program files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE [8/12/2010 9:52 AM 1184016]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1/18/2012 1:44 AM 450848]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2/18/2011 4:56 PM 109072]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2/18/2011 4:55 PM 671472]
R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;c:\windows\system32\drivers\NGSSLDrv.sys [7/18/2006 11:44 AM 18656]
R3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2005061) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [8/12/2010 9:52 AM 3216]
R3 SSLDrv;Virtual Passage SSLDrv Adapter;c:\windows\system32\drivers\SSLDrv.sys [4/5/2010 1:07 PM 18656]
S2 AIOUSB;General Purpose USB Driver (AIOUSB.sys);c:\windows\system32\drivers\AIOUSB.sys [5/25/2007 1:22 PM 143151]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 3:44 AM 14552]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 12:19 PM 160944]
S3 ATSMNET;Realtime OS Virtual Network;c:\windows\system32\drivers\atsmnet.sys [8/16/2006 10:21 AM 22016]
S3 cemul2k;Cemul2k;c:\windows\system32\drivers\cemul2k.sys [4/14/2005 3:07 PM 34688]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?]
S3 EASYBOX;EASYBOX;c:\windows\system32\EasyBox.dll [10/21/2005 10:27 AM 151552]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys --> c:\windows\system32\DRIVERS\GenBus.sys [?]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [11/7/2011 12:32 PM 171136]
S3 KEPServerEXLoggerV5;KEPServerEX 5.4 Event Logger;c:\program files\Kepware\KEPServerEX 5\server_eventlog.exe [10/31/2010 1:45 AM 107296]
S3 KEPServerEXV5;KEPServerEX 5.4 Runtime;c:\program files\Kepware\KEPServerEX 5\server_runtime.exe [10/31/2010 1:44 AM 184096]
S3 KurtUSB;KurtUSB Device;c:\windows\system32\KUSB2000.sys [4/27/2007 9:38 AM 21726]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
S3 PGC6DBServer;PGC 6 Database Server;c:\program files\Parlec\PGC 6 Database Server\bin\mysqld-nt.exe [10/7/2008 3:23 PM 5763072]
S3 SQLAgent$SWI;SQLAgent$SWI;c:\msde2000\MSSQL$SWI\Binn\sqlagent.EXE -i SWI --> c:\msde2000\MSSQL$SWI\Binn\sqlagent.EXE -i SWI [?]
S3 SWIService;SWIService;c:\program files\L. S. Starrett Company\Starrett Wireless Network\SWIService.exe [4/27/2007 10:39 AM 159744]
S3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19H2k.sys --> c:\windows\system32\DRIVERS\USA19H2k.sys [?]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\DRIVERS\USA19H2kp.SYS --> c:\windows\system32\DRIVERS\USA19H2kp.SYS [?]
S3 UsbConnect;Usb PLC;c:\windows\system32\UsbConnect.exe [2/14/2008 10:01 AM 61440]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [9/8/2009 5:14 PM 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S4 E4N;E4N;c:\windows\system32\E4n.dll [12/5/2003 5:25 AM 77824]
S4 GAGEBOX;GAGEBOX;c:\windows\system32\GageBox.dll [9/9/2005 7:49 AM 417878]
S4 MDHQSPC;MDHQSPC;c:\windows\system32\MDHQspc.dll [9/28/2005 6:27 AM 178688]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]
S4 QREAD;QREAD;c:\windows\system32\QRead.dll [12/7/2004 9:04 AM 77824]
S4 RTOSService;RTOS Service;c:\program files\CeWin\RTOSService.exe [12/16/2005 9:44 AM 90112]
S4 WINCOMDR;WINCOMDR;c:\windows\system32\WinComDr.dll [10/6/2005 9:23 AM 106496]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-11-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-22 15:18]
.
2008-07-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2012-10-11 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\msoffice\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.89.97 24.25.5.60
FF - ProfilePath - c:\documents and settings\sjohnson\Application Data\Mozilla\Firefox\Profiles\zlqxc0ph.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-10-02 16:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-04139971.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-22 09:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2012-11-22 09:19:25
ComboFix-quarantined-files.txt 2012-11-22 14:19
ComboFix2.txt 2012-11-21 15:00
ComboFix3.txt 2012-11-20 14:04
ComboFix4.txt 2012-11-20 13:05
.
Pre-Run: 79,389,810,688 bytes free
Post-Run: 79,391,846,400 bytes free
.
- - End Of File - - BF6263C3DFE7283FD7B21216BF9EF34B

*************************************************
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b44ffec22fc8345a0a03c31894bdbb0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-21 09:58:36
# local_time=2012-11-21 04:58:36 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 135551274 135551274 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=280286
# found=4
# cleaned=4
# scan_time=7809
C:\Program Files\VB Decompiler Lite\VB Decompiler.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\sj_keep\vb_scratch\setup.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2310\A0400566.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2310\A0400567.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 PM

Posted 22 November 2012 - 06:53 PM

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.


NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 sjohns

sjohns
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 23 November 2012 - 09:23 AM

Hi,

first, thank-you so much... the system seems to be running well now...
what do you think?

the MWB anti root found 4 backdoor entries, and deleted then, and ran cleanly on reboot
JRT seemed to find nothing....

if you think all is well, and if you have time, could you please advise on the following 2 points:
1) i am a very cautious browser, use Avast enterprise and a paid version of MalWarebytes...
what are the ways i could have caused this?
(i have not been doing regular windows or browser updates, so i may have dont it this way)?

2) are any of the tools you have had me run tings to run periodically, or any other tools you would suggest using on a regular basis?

logs are below, and again, i extend my gratitude to this site and you in particular... this has been amazing...
sjohns

**************************************************************************
MWB anti root first run

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 1071738880, free: 539832320

------------ Kernel report ------------
11/23/2012 07:58:53
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
symsnap.sys
KSecDD.sys
rtosdrv.sys
WudfPf.sys
aswKbd.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\fw.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\vnasc.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\vsb.sys
\SystemRoot\System32\Drivers\NHOSTNT3.SYS
\SystemRoot\system32\DRIVERS\SSLDrv.sys
\SystemRoot\system32\DRIVERS\NGSSLDrv.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\NHOSTNT1.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\System32\drivers\omdrv.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\drivers\vpn.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\SYSTEM32\DRIVERS\accesnt.sys
\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\v2imount.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\DOCUME~1\sjohnson\LOCALS~1\Temp\catchme.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87388ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff87350030
Lower Device Driver Name: \Driver\iastor\
Driver name found: iastor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.23.04
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87388ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87356918, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87388ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87350030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Upper DeviceData: 0xffffffffe1012098, 0xffffffff87388ab8, 0xffffffff858b5128
Lower DeviceData: 0xffffffffe2f02880, 0xffffffff87350030, 0xffffffff85b214e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 303885540
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 303981930 Numsec = 8514450

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Done!
Performing system, memory and registry scan...
Infected: C:\WINDOWS\$NtUninstallKB14426$\1048512037\L --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB14426$\1048512037\U --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB14426$\1048512037 --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB14426$\1936087262 --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 1071738880, free: 523292672


***
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.23.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
sjohnson :: TMAC_8_DEV1 [administrator]

11/23/2012 8:21:27 AM
mbar-log-2012-11-23 (08-21-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 31611
Time elapsed: 21 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\WINDOWS\$NtUninstallKB14426$\1048512037\L (Backdoor.0Access) -> Delete on reboot. [84fddedba2bb86b0ccb0788824dc38c8]
C:\WINDOWS\$NtUninstallKB14426$\1048512037\U (Backdoor.0Access) -> Delete on reboot. [c9b82495b4a9a492cbb222de6a961de3]
C:\WINDOWS\$NtUninstallKB14426$\1048512037 (Backdoor.0Access) -> Delete on reboot. [84fd05b458051521f08eb9476e922dd3]
C:\WINDOWS\$NtUninstallKB14426$\1936087262 (Backdoor.0Access) -> Delete on reboot. [b8c962576bf2ed497806bd437a8614ec]

Files Detected: 0
(No malicious items detected)

(end)
*****************************************************
MWB anti root second run

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 1071738880, free: 445943808

------------ Kernel report ------------
11/23/2012 08:33:47
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
symsnap.sys
KSecDD.sys
rtosdrv.sys
WudfPf.sys
aswKbd.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\fw.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\vnasc.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\vsb.sys
\SystemRoot\System32\Drivers\NHOSTNT3.SYS
\SystemRoot\system32\DRIVERS\SSLDrv.sys
\SystemRoot\system32\DRIVERS\NGSSLDrv.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\NHOSTNT1.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\System32\drivers\omdrv.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\drivers\vpn.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\SYSTEM32\DRIVERS\accesnt.sys
\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\v2imount.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP111.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87342ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8734f030
Lower Device Driver Name: \Driver\iastor\
Driver name found: iastor
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87342ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8737c918, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87342ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8734f030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Upper DeviceData: 0xffffffffe14241a8, 0xffffffff87342ab8, 0xffffffff85534ab8
Lower DeviceData: 0xffffffffe1fb6448, 0xffffffff8734f030, 0xffffffff8552ff18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 303885540
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 303981930 Numsec = 8514450

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


*******
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.23.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
sjohnson :: TMAC_8_DEV1 [administrator]

11/23/2012 8:53:47 AM
mbar-log-2012-11-23 (08-53-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 31658
Time elapsed: 19 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


********************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.8 (11.22.2012)
OS: Microsoft Windows XP x86
Ran by sjohnson on Fri 11/23/2012 at 8:57:12.10
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\sjohnson\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted: [File] C:\Documents and Settings\sjohnson\Application Data\Mozilla\Firefox\Profiles\zlqxc0ph.default\extensions\apzzavllxc@apzzavllxc.org.xpi [Tracur]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/23/2012 at 9:08:52.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 PM

Posted 23 November 2012 - 09:43 AM

It's very important to keep things up to date as older versions of a program are easily exploitable. These days it's hard to know how a person becomes infected if they are not involved in risky behaviour such as fownloading torents, peer to peer, keygens and cracks, sometimes just accidentally landing on the wrong web page can cause the problem without downloading anything, that's why I recommend the Web of Trust, it helps.

Junkware Removal Tool found a trojan in a browser add-on,

all of our tools are specialized and frequently updated, so I don't recommend keeping them, plus if anything goes wrong (none of these tools are guaranteed) you wouldn't have the assistance of a trained helper to help resolve any problems,

so stick to your AV and MBAM, windows firewall, makesure you set a strong password on your router and install the Web of Trust, you should be OK

we have some housekeeping to do now, please do the following:


remove these outdated versions of Java via programs and Features as you already have the latest version installed
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Japanese Fonts Support For Adobe Reader 9
Java™ 6 Update 20


NEXT



Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT



You can delete the DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

delete the Junkware Removal Tool

If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 sjohns

sjohns
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 23 November 2012 - 12:47 PM

Hi,

Thank-you!
i have done all your listed cleanup tasks, and am going through the other information while windows update runs...
i will add a final note here tomorrow when all is complete, but so far so good...
your help is greatly appreciated!
sjohns

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 PM

Posted 23 November 2012 - 05:50 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 sjohns

sjohns
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 24 November 2012 - 11:46 AM

all is excellent!
i appreciate all the security information, and will be much better at it in the future...

thank-you!!

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:57 PM

Posted 24 November 2012 - 11:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users