34 replies to this topic

[JWW1]

I am infected. I have run the Malware removal MANY times (in Safe Mode) I keep showing new files infected.
Don't know what to do next!
Help!!

Thanks

Attached Files

•  dds.txt   11.57K   25 downloads
•  attach.txt   28.02K   23 downloads

[Jintan]

Welcome to Malwarebytes JWW1,

The log shows a likely ZAcess bootkit/rootkit infection. Please hold off on making any changes there for now, unless we discuss them here first. Let's check a few other diagnostic scan to see what all is involved there.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
  
• If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  
• If avast! antivirus is already installed, just do the next step.
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

[JWW1]

I have run GMER. Here are the results:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-05 20:55:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160823ASG rev.3.ADD
Running: scjf2dwt[1].exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypog.sys

---- Kernel code sections - GMER 1.0.15 ----
.data C:\WINDOWS\system32\DRIVERS\cdrom.sys unknown last section [0xF76F8000, 0xE3D, 0xC8000040]
? C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious PE modification
? C:\DOCUME~1\jerryw\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat B8E61D20
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) BA505000-BA517000 (73728 bytes)
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB43642$\655626357 0 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627 0 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\cfg.ini 170 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\L 0 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\L\iahonoel 62976 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\oemid 233 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\U 0 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000032.@ 115712 bytes
File C:\WINDOWS\$NtUninstallKB43642$\697926627\version 1268 bytes
---- EOF - GMER 1.0.15 ----

I am now downloading aswMBR....

Thanks!!

[Jintan]

Yes, that shows the Bootkit infection. Let's see what aswMBR shows.

[JWW1]

The contents of aswMBR.txt are:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 21:05:07
-----------------------------
21:05:07.453 OS Version: Windows 5.1.2600 Service Pack 3
21:05:07.453 Number of processors: 2 586 0xF0B
21:05:07.453 ComputerName: JERRYW08 UserName: jerryw
21:05:08.843 Initialize success
21:07:26.390 AVAST engine defs: 12050501
21:08:47.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:08:47.906 Disk 0 Vendor: ST9160823ASG 3.ADD Size: 152627MB BusType: 3
21:08:48.140 Disk 0 MBR read successfully
21:08:48.171 Disk 0 MBR scan
21:08:48.234 Disk 0 Windows XP default MBR code
21:08:48.296 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
21:08:48.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 176715
21:08:48.421 Disk 0 scanning sectors +312576705
21:08:48.687 Disk 0 scanning C:\WINDOWS\system32\drivers
21:09:03.234 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]
21:09:40.781 Disk 0 trace - called modules:
21:09:40.812 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b01dfd0]<<
21:09:40.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b13bab8]
21:09:40.812 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8b1224c0]
21:09:40.812 \Driver\00000394[0x8b122030] -> IRP_MJ_CREATE -> 0x8b01dfd0
21:09:41.546 AVAST engine scan C:\WINDOWS
21:11:19.234 AVAST engine scan C:\WINDOWS\system32
21:30:23.015 AVAST engine scan C:\WINDOWS\system32\drivers
21:30:42.109 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]
21:32:52.984 AVAST engine scan C:\Documents and Settings\jerryw
00:57:53.312 AVAST engine scan C:\Documents and Settings\All Users
01:03:13.765 Scan finished successfully
16:29:07.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jerryw\Desktop\MBR.dat"
16:29:07.812 The log file has been saved successfully to "C:\Documents and Settings\jerryw\Desktop\aswMBR.txt"

What next?

Attached Files

•  aswMBR.txt   2.04K   11 downloads

[Jintan]

Coincidence - had just checked in here. That also picks up the bootkit.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Run aswMBR again. If after the scan completes, the Fix button is hilighted (not the FixMBR button), click that, and follow all promots, including any reboot requirements. Then do the next step, regardless.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

Then run Gmer and aswMBR again, and post those logs as well please.

[JWW1]

I ran aswMBR again and after the scan finished selected Fix. I hope it runs almost immediatly, because there was nothing to indicate it was finished. I saved the log and then rebooted. The I got back on the forum to check what to do next. A browser poped up: "Registry Defender Recommended"

I have NOT done anything with this - is it yours? or something related to the virus?

I am closing everything down again and running 'Larry.com'.

Thanks!!

[Jintan]

aswMBR will hang when that Fix is run, but that still usually means the changes were made. Let's see what TDSSKiller finds now, before we make our next move.

[JWW1]

I ran Kaspersky's TDSSKiller as Larry.com results are attached.

Then, ran Gmer and aswMBR again per instructions.
Results from Gmer are attached.
Got an error running aswMBR - screen shot of error is attached. It's giving me a bad feeling as it's nearly the same message as I was receiving that started this whole thing!

Do I try running aswMBR again?

Also, I would appreciate feedback on the "Registry Defender Recommended" question.

Thanks!

Attached Files

•  TDSSKiller.2.7.34.0_07.05.2012_11.55.40_log.txt   100.28K   12 downloads
•  aswMBR-Error.bmp   1.85MB   10 downloads
•  GMER - 20120507.log   6.19K   12 downloads

[Jintan]

Registry Defender is not a recommended program, so not part of what we are doing here, other than ridding that system of what might be suggesting it. If you would, please post the current logs like you have been. Nearly impossible to do a decent web search of the info otherwise.

Except the bmp file, which I did take a look at. Not real sure of that aswMBR error right off. You are running it from the desktop, yes?

[JWW1]

<sup>Yes, I am running from the desktop. (Why would it matter where?)
Following is the text from the logs.

Do I try running aswMBR again?

Thanks


TDSSKiller.2.7.34.0_07.05.2012_11.55.40_log.txt:

11:55:40.0640 0112 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
11:55:40.0937 0112 ============================================================
11:55:40.0937 0112 Current date / time: 2012/05/07 11:55:40.0937
11:55:40.0937 0112 SystemInfo:
11:55:40.0937 0112
11:55:40.0937 0112 OS Version: 5.1.2600 ServicePack: 3.0
11:55:40.0937 0112 Product type: Workstation
11:55:40.0937 0112 ComputerName: JERRYW08
11:55:40.0937 0112 UserName: jerryw
11:55:40.0937 0112 Windows directory: C:\WINDOWS
11:55:40.0937 0112 System windows directory: C:\WINDOWS
11:55:40.0937 0112 Processor architecture: Intel x86
11:55:40.0937 0112 Number of processors: 2
11:55:40.0937 0112 Page size: 0x1000
11:55:40.0937 0112 Boot type: Safe boot with network
11:55:40.0937 0112 ============================================================
11:55:42.0859 0112 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:55:42.0859 0112 Drive \Device\Harddisk1\DR3 - Size: 0x15D4EF00000 (1397.23 Gb), SectorSize: 0x200, Cylinders: 0x2C87D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:55:43.0265 0112 ============================================================
11:55:43.0265 0112 \Device\Harddisk0\DR0:
11:55:43.0312 0112 MBR partitions:
11:55:43.0312 0112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876
11:55:43.0312 0112 \Device\Harddisk1\DR3:
11:55:43.0312 0112 MBR partitions:
11:55:43.0312 0112 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA77000
11:55:43.0312 0112 ============================================================
11:55:43.0375 0112 C: <-> \Device\Harddisk0\DR0\Partition0
11:55:43.0421 0112 F: <-> \Device\Harddisk1\DR3\Partition0
11:55:43.0421 0112 ============================================================
11:55:43.0421 0112 Initialize success
11:55:43.0421 0112 ============================================================
12:02:18.0703 2012 ============================================================
12:02:18.0703 2012 Scan started
12:02:18.0703 2012 Mode: Manual;
12:02:18.0703 2012 ============================================================
12:02:23.0953 2012 Abiosdsk - ok
12:02:24.0046 2012 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:02:24.0046 2012 abp480n5 - ok
12:02:24.0203 2012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:02:24.0218 2012 ACPI - ok
12:02:24.0250 2012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:02:24.0250 2012 ACPIEC - ok
12:02:24.0500 2012 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:02:24.0515 2012 AdobeFlashPlayerUpdateSvc - ok
12:02:24.0750 2012 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:02:24.0750 2012 adpu160m - ok
12:02:25.0046 2012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:02:25.0046 2012 aec - ok
12:02:25.0093 2012 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:02:25.0093 2012 AFD - ok
12:02:25.0125 2012 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:02:25.0125 2012 agp440 - ok
12:02:25.0156 2012 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:02:25.0156 2012 agpCPQ - ok
12:02:25.0187 2012 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:02:25.0187 2012 Aha154x - ok
12:02:25.0218 2012 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:02:25.0218 2012 aic78u2 - ok
12:02:25.0250 2012 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:02:25.0250 2012 aic78xx - ok
12:02:25.0296 2012 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:02:25.0312 2012 Alerter - ok
12:02:25.0359 2012 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:02:25.0359 2012 ALG - ok
12:02:25.0375 2012 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:02:25.0375 2012 AliIde - ok
12:02:25.0421 2012 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:02:25.0421 2012 alim1541 - ok
12:02:25.0437 2012 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:02:25.0437 2012 amdagp - ok
12:02:25.0468 2012 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:02:25.0468 2012 amsint - ok
12:02:25.0515 2012 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:02:25.0515 2012 ApfiltrService - ok
12:02:25.0562 2012 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:02:25.0562 2012 APPDRV - ok
12:02:25.0593 2012 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:02:25.0593 2012 AppMgmt - ok
12:02:25.0625 2012 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:02:25.0625 2012 Arp1394 - ok
12:02:25.0656 2012 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:02:25.0656 2012 asc - ok
12:02:25.0671 2012 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:02:25.0671 2012 asc3350p - ok
12:02:25.0703 2012 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:02:25.0703 2012 asc3550 - ok
12:02:25.0796 2012 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
12:02:25.0796 2012 ASFIPmon - ok
12:02:25.0968 2012 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:02:26.0078 2012 aspnet_state - ok
12:02:26.0109 2012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:02:26.0109 2012 AsyncMac - ok
12:02:26.0125 2012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:02:26.0125 2012 atapi - ok
12:02:26.0156 2012 Atdisk - ok
12:02:26.0234 2012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:02:26.0234 2012 Atmarpc - ok
12:02:26.0296 2012 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:02:26.0296 2012 AudioSrv - ok
12:02:26.0328 2012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:02:26.0328 2012 audstub - ok
12:02:26.0359 2012 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:02:26.0359 2012 b57w2k - ok
12:02:26.0437 2012 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
12:02:26.0453 2012 BASFND - ok
12:02:26.0562 2012 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:02:26.0625 2012 BCM43XX - ok
12:02:26.0703 2012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:02:26.0703 2012 Beep - ok
12:02:26.0750 2012 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:02:27.0000 2012 BITS - ok
12:02:27.0078 2012 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:02:27.0078 2012 Browser - ok
12:02:27.0125 2012 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:02:27.0125 2012 cbidf - ok
12:02:27.0140 2012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:02:27.0140 2012 cbidf2k - ok
12:02:27.0187 2012 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:02:27.0203 2012 cd20xrnt - ok
12:02:27.0250 2012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:02:27.0250 2012 Cdaudio - ok
12:02:27.0296 2012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:02:27.0296 2012 Cdfs - ok
12:02:27.0343 2012 Cdrom (42ea425b642bbff960cee77a687e9a36) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:02:27.0343 2012 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 42ea425b642bbff960cee77a687e9a36, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
12:02:27.0343 2012 Cdrom ( Virus.Win32.ZAccess.k ) - infected
12:02:27.0343 2012 Cdrom - detected Virus.Win32.ZAccess.k (0)
12:02:27.0359 2012 Changer - ok
12:02:27.0406 2012 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:02:27.0406 2012 CiSvc - ok
12:02:27.0437 2012 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:02:27.0437 2012 ClipSrv - ok
12:02:27.0562 2012 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:02:27.0765 2012 clr_optimization_v2.0.50727_32 - ok
12:02:27.0828 2012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:02:28.0218 2012 clr_optimization_v4.0.30319_32 - ok
12:02:28.0250 2012 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:02:28.0250 2012 CmBatt - ok
12:02:28.0281 2012 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:02:28.0281 2012 CmdIde - ok
12:02:28.0312 2012 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:02:28.0312 2012 Compbatt - ok
12:02:28.0328 2012 COMSysApp - ok
12:02:28.0390 2012 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:02:28.0390 2012 Cpqarray - ok
12:02:28.0453 2012 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:02:28.0453 2012 CryptSvc - ok
12:02:28.0484 2012 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
12:02:28.0484 2012 ctxusbm - ok
12:02:28.0531 2012 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
12:02:28.0531 2012 CVirtA - ok
12:02:28.0703 2012 CVPND (d4a26b0926171dc4f969955d157d1311) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
12:02:28.0765 2012 CVPND - ok
12:02:28.0921 2012 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
12:02:28.0937 2012 CVPNDRVA - ok
12:02:28.0968 2012 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:02:28.0984 2012 dac2w2k - ok
12:02:29.0000 2012 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:02:29.0000 2012 dac960nt - ok
12:02:29.0031 2012 dashsvc - ok
12:02:29.0093 2012 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:02:29.0109 2012 DcomLaunch - ok
12:02:29.0156 2012 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:02:29.0156 2012 Dhcp - ok
12:02:29.0187 2012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:02:29.0187 2012 Disk - ok
12:02:29.0218 2012 dmadmin - ok
12:02:29.0281 2012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:02:29.0296 2012 dmboot - ok
12:02:29.0312 2012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:02:29.0312 2012 dmio - ok
12:02:29.0343 2012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:02:29.0343 2012 dmload - ok
12:02:29.0390 2012 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:02:29.0406 2012 dmserver - ok
12:02:29.0437 2012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:02:29.0437 2012 DMusic - ok
12:02:29.0468 2012 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
12:02:29.0468 2012 DNE - ok
12:02:29.0500 2012 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:02:29.0500 2012 Dnscache - ok
12:02:29.0531 2012 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:02:29.0531 2012 Dot3svc - ok
12:02:29.0578 2012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:02:29.0578 2012 dpti2o - ok
12:02:29.0609 2012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:02:29.0609 2012 drmkaud - ok
12:02:29.0656 2012 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
12:02:29.0656 2012 DXEC01 - ok
12:02:29.0703 2012 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:02:29.0703 2012 E100B - ok
12:02:29.0734 2012 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:02:29.0765 2012 EapHost - ok
12:02:29.0796 2012 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:02:29.0796 2012 ERSvc - ok
12:02:29.0828 2012 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:02:29.0875 2012 Eventlog - ok
12:02:29.0921 2012 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:02:29.0937 2012 EventSystem - ok
12:02:29.0968 2012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:02:29.0984 2012 Fastfat - ok
12:02:30.0015 2012 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:30.0015 2012 FastUserSwitchingCompatibility - ok
12:02:30.0062 2012 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:02:30.0078 2012 Fax - ok
12:02:30.0109 2012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:02:30.0109 2012 Fdc - ok
12:02:30.0140 2012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:02:30.0156 2012 Fips - ok
12:02:30.0187 2012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:02:30.0187 2012 Flpydisk - ok
12:02:30.0218 2012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:02:30.0234 2012 FltMgr - ok
12:02:30.0328 2012 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:02:30.0343 2012 FontCache3.0.0.0 - ok
12:02:30.0375 2012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:02:30.0375 2012 Fs_Rec - ok
12:02:30.0421 2012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:02:30.0421 2012 Ftdisk - ok
12:02:30.0484 2012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:02:30.0484 2012 Gpc - ok
12:02:30.0515 2012 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
12:02:30.0515 2012 guardian2 - ok
12:02:30.0562 2012 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:02:30.0578 2012 HDAudBus - ok
12:02:30.0640 2012 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:02:30.0640 2012 helpsvc - ok
12:02:30.0671 2012 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:02:30.0671 2012 HidServ - ok
12:02:30.0718 2012 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:02:30.0718 2012 HidUsb - ok
12:02:30.0750 2012 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:02:30.0750 2012 hkmsvc - ok
12:02:30.0812 2012 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
12:02:30.0828 2012 HP Port Resolver - ok
12:02:30.0843 2012 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
12:02:30.0843 2012 HP Status Server - ok
12:02:30.0890 2012 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:02:30.0890 2012 hpn - ok
12:02:30.0937 2012 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:02:30.0953 2012 HSFHWAZL - ok
12:02:31.0031 2012 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:02:31.0062 2012 HSF_DPV - ok
12:02:31.0109 2012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:02:31.0125 2012 HTTP - ok
12:02:31.0156 2012 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:02:31.0156 2012 HTTPFilter - ok
12:02:31.0218 2012 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:02:31.0218 2012 i2omgmt - ok
12:02:31.0250 2012 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:02:31.0250 2012 i2omp - ok
12:02:31.0265 2012 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:02:31.0265 2012 i8042prt - ok
12:02:31.0296 2012 ibmpmsvc - ok
12:02:31.0421 2012 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:02:31.0468 2012 idsvc - ok
12:02:31.0515 2012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:02:31.0515 2012 Imapi - ok
12:02:31.0546 2012 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:02:31.0562 2012 ImapiService - ok
12:02:31.0593 2012 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:02:31.0593 2012 ini910u - ok
12:02:31.0640 2012 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:02:31.0640 2012 IntelIde - ok
12:02:31.0671 2012 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:02:31.0671 2012 intelppm - ok
12:02:31.0687 2012 iolo_srv - ok
12:02:31.0718 2012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:02:31.0718 2012 Ip6Fw - ok
12:02:31.0750 2012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:02:31.0750 2012 IpFilterDriver - ok
12:02:31.0781 2012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:02:31.0781 2012 IpInIp - ok
12:02:31.0828 2012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:02:31.0828 2012 IpNat - ok
12:02:31.0859 2012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:02:31.0859 2012 IPSec - ok
12:02:31.0906 2012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:02:31.0906 2012 IRENUM - ok
12:02:31.0953 2012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:02:31.0953 2012 isapnp - ok
12:02:32.0000 2012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:02:32.0000 2012 Kbdclass - ok
12:02:32.0031 2012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:02:32.0031 2012 kbdhid - ok
12:02:32.0078 2012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:02:32.0093 2012 kmixer - ok
12:02:32.0109 2012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:02:32.0109 2012 KSecDD - ok
12:02:32.0171 2012 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:02:32.0171 2012 lanmanserver - ok
12:02:32.0203 2012 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:02:32.0218 2012 lanmanworkstation - ok
12:02:32.0234 2012 lbrtfdc - ok
12:02:32.0296 2012 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:02:32.0296 2012 LmHosts - ok
12:02:32.0312 2012 LVVI500A - ok
12:02:32.0375 2012 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:02:32.0375 2012 mdmxsdk - ok
12:02:32.0406 2012 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:02:32.0421 2012 Messenger - ok
12:02:32.0531 2012 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:02:32.0593 2012 Microsoft Office Groove Audit Service - ok
12:02:32.0625 2012 MicrosoftDynamicsNAVServer$NAV2 - ok
12:02:32.0671 2012 MicrosoftDynamicsNAVServer$NAV3 - ok
12:02:32.0687 2012 MicrosoftDynamicsNAVServer$NAV4 - ok
12:02:32.0750 2012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:02:32.0750 2012 mnmdd - ok
12:02:32.0781 2012 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:02:32.0781 2012 mnmsrvc - ok
12:02:32.0812 2012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:02:32.0812 2012 Modem - ok
12:02:32.0859 2012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:02:32.0859 2012 Mouclass - ok
12:02:32.0875 2012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:02:32.0875 2012 mouhid - ok
12:02:32.0921 2012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:02:32.0921 2012 MountMgr - ok
12:02:32.0953 2012 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:02:32.0953 2012 mraid35x - ok
12:02:32.0984 2012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:02:33.0000 2012 MRxDAV - ok
12:02:33.0046 2012 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:02:33.0062 2012 MRxSmb - ok
12:02:33.0093 2012 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:02:33.0093 2012 MSDTC - ok
12:02:33.0140 2012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:02:33.0140 2012 Msfs - ok
12:02:33.0187 2012 MSIServer - ok
12:02:33.0203 2012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:02:33.0203 2012 MSKSSRV - ok
12:02:33.0250 2012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:02:33.0250 2012 MSPCLOCK - ok
12:02:33.0265 2012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:02:33.0265 2012 MSPQM - ok
12:02:33.0328 2012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:02:33.0328 2012 mssmbios - ok
12:02:33.0390 2012 MSSQLSERVER - ok
12:02:33.0437 2012 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:02:33.0468 2012 MSSQLServerADHelper - ok
12:02:33.0500 2012 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:02:33.0515 2012 Mup - ok
12:02:33.0546 2012 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:02:33.0562 2012 napagent - ok
12:02:33.0593 2012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:02:33.0609 2012 NDIS - ok
12:02:33.0671 2012 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:02:33.0687 2012 NdisTapi - ok
12:02:33.0734 2012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:02:33.0734 2012 Ndisuio - ok
12:02:33.0765 2012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:02:33.0765 2012 NdisWan - ok
12:02:33.0796 2012 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:02:33.0796 2012 NDProxy - ok
12:02:33.0828 2012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:02:33.0828 2012 NetBIOS - ok
12:02:33.0859 2012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:02:33.0875 2012 NetBT - ok
12:02:33.0921 2012 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:02:33.0921 2012 NetDDE - ok
12:02:33.0937 2012 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:02:33.0937 2012 NetDDEdsdm - ok
12:02:33.0984 2012 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:33.0984 2012 Netlogon - ok
12:02:34.0046 2012 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:02:34.0046 2012 Netman - ok
12:02:34.0187 2012 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:02:34.0328 2012 NetTcpPortSharing - ok
12:02:34.0343 2012 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:02:34.0343 2012 NIC1394 - ok
12:02:34.0484 2012 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
12:02:34.0515 2012 NICCONFIGSVC - ok
12:02:34.0562 2012 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:02:34.0578 2012 Nla - ok
12:02:34.0609 2012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:02:34.0609 2012 Npfs - ok
12:02:34.0640 2012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:02:34.0671 2012 Ntfs - ok
12:02:34.0718 2012 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:34.0718 2012 NtLmSsp - ok
12:02:34.0765 2012 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:02:34.0781 2012 NtmsSvc - ok
12:02:34.0812 2012 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:02:34.0812 2012 NuidFltr - ok
12:02:34.0843 2012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:02:34.0843 2012 Null - ok
12:02:35.0125 2012 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:02:35.0312 2012 nv - ok
12:02:35.0390 2012 NVSvc (7ee6243758619a391491148eabf0e7b7) C:\WINDOWS\system32\nvsvc32.exe
12:02:35.0406 2012 NVSvc - ok
12:02:35.0437 2012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:02:35.0437 2012 NwlnkFlt - ok
12:02:35.0453 2012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:02:35.0453 2012 NwlnkFwd - ok
12:02:35.0578 2012 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:02:35.0593 2012 odserv - ok
12:02:35.0625 2012 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:02:35.0625 2012 ohci1394 - ok
12:02:35.0671 2012 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:35.0671 2012 ose - ok
12:02:35.0718 2012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:02:35.0718 2012 Parport - ok
12:02:35.0750 2012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:02:35.0750 2012 PartMgr - ok
12:02:35.0781 2012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:02:35.0781 2012 ParVdm - ok
12:02:35.0796 2012 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
12:02:35.0796 2012 PBADRV - ok
12:02:35.0828 2012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:02:35.0828 2012 PCI - ok
12:02:35.0859 2012 PCIDump - ok
12:02:35.0890 2012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:02:35.0890 2012 PCIIde - ok
12:02:35.0937 2012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:02:35.0937 2012 Pcmcia - ok
12:02:35.0968 2012 PDCOMP - ok
12:02:35.0984 2012 PDFRAME - ok
12:02:36.0015 2012 PDRELI - ok
12:02:36.0046 2012 PDRFRAME - ok
12:02:36.0125 2012 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:02:36.0125 2012 perc2 - ok
12:02:36.0171 2012 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:02:36.0171 2012 perc2hib - ok
12:02:36.0250 2012 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:02:36.0265 2012 PlugPlay - ok
12:02:36.0296 2012 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
12:02:36.0296 2012 Pml Driver HPZ12 - ok
12:02:36.0328 2012 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:36.0328 2012 PolicyAgent - ok
12:02:36.0359 2012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:02:36.0359 2012 PptpMiniport - ok
12:02:36.0375 2012 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:36.0375 2012 ProtectedStorage - ok
12:02:36.0406 2012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:02:36.0406 2012 PSched - ok
12:02:36.0468 2012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:02:36.0468 2012 Ptilink - ok
12:02:36.0500 2012 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:02:36.0515 2012 ql1080 - ok
12:02:36.0531 2012 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:02:36.0531 2012 Ql10wnt - ok
12:02:36.0562 2012 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:02:36.0562 2012 ql12160 - ok
12:02:36.0593 2012 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:02:36.0593 2012 ql1240 - ok
12:02:36.0625 2012 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:02:36.0625 2012 ql1280 - ok
12:02:36.0656 2012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:02:36.0656 2012 RasAcd - ok
12:02:36.0703 2012 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:02:36.0734 2012 RasAuto - ok
12:02:36.0781 2012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:02:36.0781 2012 Rasl2tp - ok
12:02:36.0812 2012 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:02:36.0812 2012 RasMan - ok
12:02:36.0843 2012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:02:36.0843 2012 RasPppoe - ok
12:02:36.0859 2012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:02:36.0859 2012 Raspti - ok
12:02:36.0921 2012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:02:36.0937 2012 Rdbss - ok
12:02:36.0953 2012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:02:36.0953 2012 RDPCDD - ok
12:02:37.0031 2012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:02:37.0031 2012 rdpdr - ok
12:02:37.0093 2012 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:02:37.0093 2012 RDPWD - ok
12:02:37.0140 2012 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:02:37.0140 2012 RDSessMgr - ok
12:02:37.0203 2012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:02:37.0203 2012 redbook - ok
12:02:37.0234 2012 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:02:37.0234 2012 RemoteAccess - ok
12:02:37.0281 2012 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:02:37.0281 2012 RemoteRegistry - ok
12:02:37.0296 2012 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:02:37.0296 2012 RpcLocator - ok
12:02:37.0359 2012 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:02:37.0375 2012 RpcSs - ok
12:02:37.0390 2012 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:02:37.0421 2012 RSVP - ok
12:02:37.0468 2012 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:37.0468 2012 SamSs - ok
12:02:37.0500 2012 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:02:37.0546 2012 SCardSvr - ok
12:02:37.0578 2012 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:02:37.0593 2012 Schedule - ok
12:02:37.0656 2012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:02:37.0656 2012 Secdrv - ok
12:02:37.0687 2012 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:02:37.0687 2012 seclogon - ok
12:02:37.0812 2012 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
12:02:37.0828 2012 SecureStorageService - ok
12:02:37.0859 2012 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:02:37.0859 2012 SENS - ok
12:02:37.0890 2012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:02:37.0890 2012 serenum - ok
12:02:37.0937 2012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:02:37.0937 2012 Serial - ok
12:02:38.0078 2012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:02:38.0078 2012 Sfloppy - ok
12:02:38.0109 2012 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:02:38.0125 2012 SharedAccess - ok
12:02:38.0171 2012 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:38.0171 2012 ShellHWDetection - ok
12:02:38.0187 2012 Shockprf - ok
12:02:38.0218 2012 Simbad - ok
12:02:38.0265 2012 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:02:38.0265 2012 sisagp - ok
12:02:38.0359 2012 SONICWALL_NetExtender (692082a7fdcab0ef31bda8a4d03f747f) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
12:02:38.0375 2012 SONICWALL_NetExtender - ok
12:02:38.0437 2012 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:02:38.0437 2012 SONYPVU1 - ok
12:02:38.0500 2012 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:02:38.0515 2012 Sparrow - ok
12:02:38.0531 2012 spcflt - ok
12:02:38.0578 2012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:02:38.0578 2012 splitter - ok
12:02:38.0609 2012 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:02:38.0609 2012 Spooler - ok
12:02:38.0734 2012 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:02:38.0750 2012 SQLBrowser - ok
12:02:38.0781 2012 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:02:38.0781 2012 SQLWriter - ok
12:02:38.0812 2012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:02:38.0812 2012 sr - ok
12:02:38.0843 2012 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:02:38.0859 2012 srservice - ok
12:02:38.0906 2012 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:02:38.0921 2012 Srv - ok
12:02:38.0953 2012 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:02:38.0953 2012 SSDPSRV - ok
12:02:38.0984 2012 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys
12:02:38.0984 2012 SSLDrv - ok
12:02:39.0046 2012 STacSV (686fa4acfdcb4e16b7f0230b88f6d17e) C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
12:02:39.0046 2012 STacSV - ok
12:02:39.0281 2012 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
12:02:39.0640 2012 STHDA - ok
12:02:39.0703 2012 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:02:39.0703 2012 StillCam - ok
12:02:39.0750 2012 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:02:39.0765 2012 stisvc - ok
12:02:39.0812 2012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:39.0812 2012 swenum - ok
12:02:39.0875 2012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:02:39.0890 2012 swmidi - ok
12:02:39.0906 2012 SwPrv - ok
12:02:39.0953 2012 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:02:39.0953 2012 symc810 - ok
12:02:39.0984 2012 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:02:39.0984 2012 symc8xx - ok
12:02:40.0015 2012 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:02:40.0015 2012 sym_hi - ok
12:02:40.0046 2012 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:02:40.0046 2012 sym_u3 - ok
12:02:40.0093 2012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:02:40.0093 2012 sysaudio - ok
12:02:40.0140 2012 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:02:40.0140 2012 SysmonLog - ok
12:02:40.0171 2012 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:02:40.0187 2012 TapiSrv - ok
12:02:40.0234 2012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:02:40.0250 2012 Tcpip - ok
12:02:40.0375 2012 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:02:40.0437 2012 tcsd_win32.exe - ok
12:02:40.0578 2012 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
12:02:40.0609 2012 TdmService - ok
12:02:40.0859 2012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:02:40.0859 2012 TDPIPE - ok
12:02:40.0921 2012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:02:40.0921 2012 TDTCP - ok
12:02:40.0953 2012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:02:40.0953 2012 TermDD - ok
12:02:41.0000 2012 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:02:41.0015 2012 TermService - ok
12:02:41.0046 2012 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:41.0046 2012 Themes - ok
12:02:41.0062 2012 tlnrj - ok
12:02:41.0156 2012 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:02:41.0156 2012 TlntSvr - ok
12:02:41.0203 2012 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:02:41.0203 2012 TosIde - ok
12:02:41.0265 2012 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:02:41.0265 2012 TrkWks - ok
12:02:41.0312 2012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:02:41.0312 2012 Udfs - ok
12:02:41.0375 2012 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:02:41.0390 2012 ultra - ok
12:02:41.0453 2012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:02:41.0468 2012 Update - ok
12:02:41.0500 2012 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:02:41.0546 2012 upnphost - ok
12:02:41.0625 2012 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:02:41.0640 2012 UPS - ok
12:02:41.0718 2012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:02:41.0718 2012 usbccgp - ok
12:02:41.0750 2012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:02:41.0750 2012 usbehci - ok
12:02:41.0796 2012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:02:41.0796 2012 usbhub - ok
12:02:41.0843 2012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:02:41.0843 2012 usbprint - ok
12:02:41.0875 2012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:02:41.0875 2012 USBSTOR - ok
12:02:41.0921 2012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:02:41.0921 2012 usbuhci - ok
12:02:41.0937 2012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:02:41.0937 2012 VgaSave - ok
12:02:41.0984 2012 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:02:41.0984 2012 viaagp - ok
12:02:42.0015 2012 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:02:42.0015 2012 ViaIde - ok
12:02:42.0062 2012 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys
12:02:42.0078 2012 vmm - ok
12:02:42.0109 2012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:02:42.0109 2012 VolSnap - ok
12:02:42.0156 2012 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
12:02:42.0156 2012 VPCNetS2 - ok
12:02:42.0281 2012 vpnagent (816366044657795ffce1d66f113f93c2) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
12:02:42.0296 2012 vpnagent - ok
12:02:42.0328 2012 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys
12:02:42.0328 2012 vpnva - ok
12:02:42.0421 2012 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
12:02:42.0453 2012 vsdatant - ok
12:02:42.0484 2012 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:02:42.0500 2012 VSS - ok
12:02:42.0609 2012 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:02:42.0625 2012 w32time - ok
12:02:42.0671 2012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:02:42.0671 2012 Wanarp - ok
12:02:42.0687 2012 Wave UCSPlus - ok
12:02:43.0343 2012 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
12:02:43.0359 2012 WaveEnrollmentService - ok
12:02:43.0390 2012 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
12:02:43.0390 2012 WaveFDE - ok
12:02:43.0421 2012 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
12:02:43.0437 2012 WavxDMgr - ok
12:02:43.0484 2012 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
12:02:43.0484 2012 WDC_SAM - ok
12:02:43.0531 2012 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:02:43.0546 2012 Wdf01000 - ok
12:02:43.0578 2012 WDICA - ok
12:02:43.0625 2012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:02:43.0625 2012 wdmaud - ok
12:02:43.0671 2012 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:02:43.0671 2012 WebClient - ok
12:02:43.0843 2012 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:02:43.0859 2012 winachsf - ok
12:02:44.0171 2012 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:02:44.0171 2012 winmgmt - ok
12:02:44.0234 2012 wltrysvc - ok
12:02:44.0281 2012 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:02:44.0281 2012 WmdmPmSN - ok
12:02:44.0359 2012 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:02:44.0390 2012 Wmi - ok
12:02:44.0515 2012 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:02:44.0531 2012 WmiAcpi - ok
12:02:44.0578 2012 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:02:44.0593 2012 WmiApSrv - ok
12:02:44.0718 2012 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:02:44.0734 2012 WMPNetworkSvc - ok
12:02:45.0093 2012 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:02:45.0187 2012 WPFFontCache_v0400 - ok
12:02:45.0281 2012 WSearch - ok
12:02:45.0328 2012 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:02:45.0343 2012 wuauserv - ok
12:02:45.0421 2012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:02:45.0421 2012 WudfPf - ok
12:02:45.0453 2012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:02:45.0453 2012 WudfRd - ok
12:02:45.0484 2012 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:02:45.0500 2012 WudfSvc - ok
12:02:45.0765 2012 WYNIT (71fd245a4dca081d570eeeeff0f4d45f) C:\Navision\2009 SP1\Application Server\nassql.exe
12:02:45.0843 2012 WYNIT - ok
12:02:46.0312 2012 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:02:46.0328 2012 WZCSVC - ok
12:02:46.0375 2012 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:02:46.0375 2012 xmlprov - ok
12:02:46.0500 2012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:02:46.0656 2012 \Device\Harddisk0\DR0 - ok
12:02:46.0671 2012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
12:02:46.0671 2012 \Device\Harddisk1\DR3 - ok
12:02:46.0687 2012 Boot (0x1200) (ff4f97aa9f8e4394fbaf9eb0d198a6c0) \Device\Harddisk0\DR0\Partition0
12:02:46.0687 2012 \Device\Harddisk0\DR0\Partition0 - ok
12:02:46.0718 2012 Boot (0x1200) (f7aa2af5924cdda0bbd13a2472ae584a) \Device\Harddisk1\DR3\Partition0
12:02:46.0718 2012 \Device\Harddisk1\DR3\Partition0 - ok
12:02:46.0734 2012 ============================================================
12:02:46.0734 2012 Scan finished
12:02:46.0734 2012 ============================================================
12:02:46.0781 1900 Detected object count: 1
12:02:46.0781 1900 Actual detected object count: 1
12:03:25.0546 1900 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine
12:03:27.0390 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\@ - copied to quarantine
12:03:27.0390 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\cfg.ini - copied to quarantine
12:03:27.0390 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\Desktop.ini - copied to quarantine
12:03:27.0406 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\L\iahonoel - copied to quarantine
12:03:27.0437 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\oemid - copied to quarantine
12:03:27.0625 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000001.@ - copied to quarantine
12:03:27.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000002.@ - copied to quarantine
12:03:27.0734 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000004.@ - copied to quarantine
12:03:27.0765 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000000.@ - copied to quarantine
12:03:27.0781 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000004.@ - copied to quarantine
12:03:27.0843 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000032.@ - copied to quarantine
12:03:27.0843 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\version - copied to quarantine
12:03:35.0500 1900 Backup copy found, using it..
12:03:35.0546 1900 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\655626357 - will be deleted on reboot
12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\@ - will be deleted on reboot
12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\cfg.ini - will be deleted on reboot
12:03:38.0343 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\Desktop.ini - will be deleted on reboot
12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\oemid - will be deleted on reboot
12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000001.@ - will be deleted on reboot
12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000002.@ - will be deleted on reboot
12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\00000004.@ - will be deleted on reboot
12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000000.@ - will be deleted on reboot
12:03:38.0703 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000004.@ - will be deleted on reboot
12:03:38.0718 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\U\80000032.@ - will be deleted on reboot
12:03:38.0718 1900 C:\WINDOWS\$NtUninstallKB43642$\697926627\version - will be deleted on reboot
12:03:38.0718 1900 Cdrom ( Virus.Win32.ZAccess.k ) - User select action: Cure
12:03:45.0843 0692 Deinitialize success



GMER.log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-07 19:38:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160823ASG rev.3.ADD
Running: qoogsktl[1].exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypog.sys

---- Kernel code sections - GMER 1.0.15 ----
? 36713168.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1036] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat B8860D20
---- EOF - GMER 1.0.15 ----</sup>

[JWW1]

I rebooted and tried scanning with aswMBR again. I saw that there were infected files identified - but before it finished, an error came up like the one I put in the .BMP that I uploaded previously.

At this point, I don't know what to do. - - So, I'm just going to wait to see what you suggest...

Thanks!

[Jintan]

I usually can't assist until after work. TDSSKiller picked out the bootkit and the bootkit's hidden file system, but Gmer still shows an unknown driver loading there.

If you haven't yet, please reboot and run TDSSKiller and then Gmer again and post those logs.

Also I would like a second Gmer log to check.

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[JWW1]

Please do not think that I'm not satisfied with your response time. I do know that this is a volunteer thing. And - Thanks for that!

Contents of TDSSKiller:
16:14:38.0984 0800 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:14:39.0375 0800 ============================================================
16:14:39.0375 0800 Current date / time: 2012/05/08 16:14:39.0375
16:14:39.0375 0800 SystemInfo:
16:14:39.0375 0800
16:14:39.0375 0800 OS Version: 5.1.2600 ServicePack: 3.0
16:14:39.0375 0800 Product type: Workstation
16:14:39.0375 0800 ComputerName: JERRYW08
16:14:39.0375 0800 UserName: jerryw
16:14:39.0375 0800 Windows directory: C:\WINDOWS
16:14:39.0375 0800 System windows directory: C:\WINDOWS
16:14:39.0375 0800 Processor architecture: Intel x86
16:14:39.0375 0800 Number of processors: 2
16:14:39.0375 0800 Page size: 0x1000
16:14:39.0375 0800 Boot type: Safe boot with network
16:14:39.0375 0800 ============================================================
16:14:43.0531 0800 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:14:43.0531 0800 Drive \Device\Harddisk1\DR3 - Size: 0x15D4EF00000 (1397.23 Gb), SectorSize: 0x200, Cylinders: 0x2C87D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:14:43.0531 0800 ============================================================
16:14:43.0531 0800 \Device\Harddisk0\DR0:
16:14:43.0531 0800 MBR partitions:
16:14:43.0531 0800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876
16:14:43.0531 0800 \Device\Harddisk1\DR3:
16:14:43.0531 0800 MBR partitions:
16:14:43.0531 0800 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA77000
16:14:43.0531 0800 ============================================================
16:14:43.0625 0800 C: <-> \Device\Harddisk0\DR0\Partition0
16:14:43.0671 0800 F: <-> \Device\Harddisk1\DR3\Partition0
16:14:43.0671 0800 ============================================================
16:14:43.0671 0800 Initialize success
16:14:43.0671 0800 ============================================================
16:14:54.0250 1044 ============================================================
16:14:54.0250 1044 Scan started
16:14:54.0250 1044 Mode: Manual;
16:14:54.0250 1044 ============================================================
16:14:55.0171 1044 Abiosdsk - ok
16:14:55.0234 1044 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:14:55.0234 1044 abp480n5 - ok
16:14:55.0296 1044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:14:55.0296 1044 ACPI - ok
16:14:55.0328 1044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:14:55.0328 1044 ACPIEC - ok
16:14:55.0421 1044 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:14:55.0437 1044 AdobeFlashPlayerUpdateSvc - ok
16:14:55.0468 1044 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:14:55.0468 1044 adpu160m - ok
16:14:55.0500 1044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:14:55.0515 1044 aec - ok
16:14:55.0562 1044 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:14:55.0562 1044 AFD - ok
16:14:55.0593 1044 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:14:55.0609 1044 agp440 - ok
16:14:55.0625 1044 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:14:55.0625 1044 agpCPQ - ok
16:14:55.0656 1044 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:14:55.0656 1044 Aha154x - ok
16:14:55.0687 1044 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:14:55.0687 1044 aic78u2 - ok
16:14:55.0703 1044 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:14:55.0703 1044 aic78xx - ok
16:14:55.0765 1044 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:14:55.0781 1044 Alerter - ok
16:14:55.0812 1044 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:14:55.0828 1044 ALG - ok
16:14:55.0843 1044 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:14:55.0843 1044 AliIde - ok
16:14:55.0875 1044 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:14:55.0875 1044 alim1541 - ok
16:14:55.0906 1044 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:14:55.0906 1044 amdagp - ok
16:14:55.0937 1044 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:14:55.0953 1044 amsint - ok
16:14:55.0984 1044 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:14:55.0984 1044 ApfiltrService - ok
16:14:56.0031 1044 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
16:14:56.0031 1044 APPDRV - ok
16:14:56.0078 1044 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:14:56.0078 1044 AppMgmt - ok
16:14:56.0093 1044 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:14:56.0093 1044 Arp1394 - ok
16:14:56.0156 1044 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:14:56.0156 1044 asc - ok
16:14:56.0171 1044 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:14:56.0171 1044 asc3350p - ok
16:14:56.0203 1044 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:14:56.0203 1044 asc3550 - ok
16:14:56.0296 1044 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
16:14:56.0296 1044 ASFIPmon - ok
16:14:56.0468 1044 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:14:56.0578 1044 aspnet_state - ok
16:14:56.0593 1044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:14:56.0593 1044 AsyncMac - ok
16:14:56.0640 1044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:14:56.0640 1044 atapi - ok
16:14:56.0656 1044 Atdisk - ok
16:14:56.0718 1044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:14:56.0718 1044 Atmarpc - ok
16:14:56.0765 1044 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:14:56.0765 1044 AudioSrv - ok
16:14:56.0812 1044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:14:56.0812 1044 audstub - ok
16:14:56.0828 1044 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:14:56.0828 1044 b57w2k - ok
16:14:56.0859 1044 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
16:14:56.0859 1044 BASFND - ok
16:14:56.0937 1044 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:14:56.0968 1044 BCM43XX - ok
16:14:57.0015 1044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:14:57.0015 1044 Beep - ok
16:14:57.0062 1044 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:14:57.0203 1044 BITS - ok
16:14:57.0265 1044 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:14:57.0265 1044 Browser - ok
16:14:57.0312 1044 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:14:57.0312 1044 cbidf - ok
16:14:57.0328 1044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:14:57.0328 1044 cbidf2k - ok
16:14:57.0359 1044 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:14:57.0359 1044 cd20xrnt - ok
16:14:57.0390 1044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:14:57.0390 1044 Cdaudio - ok
16:14:57.0421 1044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:14:57.0437 1044 Cdfs - ok
16:14:57.0453 1044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:14:57.0453 1044 Cdrom - ok
16:14:57.0468 1044 Changer - ok
16:14:57.0515 1044 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:14:57.0531 1044 CiSvc - ok
16:14:57.0562 1044 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:14:57.0562 1044 ClipSrv - ok
16:14:57.0656 1044 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:57.0875 1044 clr_optimization_v2.0.50727_32 - ok
16:14:57.0968 1044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:58.0218 1044 clr_optimization_v4.0.30319_32 - ok
16:14:58.0265 1044 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:14:58.0265 1044 CmBatt - ok
16:14:58.0296 1044 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:14:58.0296 1044 CmdIde - ok
16:14:58.0328 1044 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:14:58.0328 1044 Compbatt - ok
16:14:58.0343 1044 COMSysApp - ok
16:14:58.0406 1044 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:14:58.0406 1044 Cpqarray - ok
16:14:58.0453 1044 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:14:58.0453 1044 CryptSvc - ok
16:14:58.0484 1044 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
16:14:58.0484 1044 ctxusbm - ok
16:14:58.0515 1044 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
16:14:58.0515 1044 CVirtA - ok
16:14:58.0671 1044 CVPND (d4a26b0926171dc4f969955d157d1311) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
16:14:58.0734 1044 CVPND - ok
16:14:58.0875 1044 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
16:14:58.0890 1044 CVPNDRVA - ok
16:14:58.0921 1044 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:14:58.0937 1044 dac2w2k - ok
16:14:58.0953 1044 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:14:58.0953 1044 dac960nt - ok
16:14:58.0984 1044 dashsvc - ok
16:14:59.0046 1044 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:14:59.0062 1044 DcomLaunch - ok
16:14:59.0093 1044 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:14:59.0109 1044 Dhcp - ok
16:14:59.0125 1044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:14:59.0125 1044 Disk - ok
16:14:59.0140 1044 dmadmin - ok
16:14:59.0234 1044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:14:59.0265 1044 dmboot - ok
16:14:59.0296 1044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:14:59.0296 1044 dmio - ok
16:14:59.0328 1044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:14:59.0328 1044 dmload - ok
16:14:59.0375 1044 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:14:59.0375 1044 dmserver - ok
16:14:59.0406 1044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:14:59.0421 1044 DMusic - ok
16:14:59.0453 1044 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
16:14:59.0453 1044 DNE - ok
16:14:59.0515 1044 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:14:59.0515 1044 Dnscache - ok
16:14:59.0546 1044 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:14:59.0562 1044 Dot3svc - ok
16:14:59.0593 1044 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:14:59.0593 1044 dpti2o - ok
16:14:59.0625 1044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:14:59.0625 1044 drmkaud - ok
16:14:59.0671 1044 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
16:14:59.0687 1044 DXEC01 - ok
16:14:59.0718 1044 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:14:59.0718 1044 E100B - ok
16:14:59.0765 1044 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:14:59.0765 1044 EapHost - ok
16:14:59.0812 1044 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:14:59.0812 1044 ERSvc - ok
16:14:59.0843 1044 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:14:59.0890 1044 Eventlog - ok
16:14:59.0921 1044 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:14:59.0937 1044 EventSystem - ok
16:14:59.0984 1044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:14:59.0984 1044 Fastfat - ok
16:15:00.0031 1044 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:15:00.0046 1044 FastUserSwitchingCompatibility - ok
16:15:00.0078 1044 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
16:15:00.0109 1044 Fax - ok
16:15:00.0156 1044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:15:00.0156 1044 Fdc - ok
16:15:00.0187 1044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:15:00.0187 1044 Fips - ok
16:15:00.0218 1044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:15:00.0234 1044 Flpydisk - ok
16:15:00.0328 1044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:15:00.0343 1044 FltMgr - ok
16:15:00.0437 1044 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:15:00.0437 1044 FontCache3.0.0.0 - ok
16:15:00.0515 1044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:15:00.0515 1044 Fs_Rec - ok
16:15:00.0562 1044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:15:00.0562 1044 Ftdisk - ok
16:15:00.0593 1044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:15:00.0593 1044 Gpc - ok
16:15:00.0640 1044 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
16:15:00.0640 1044 guardian2 - ok
16:15:00.0656 1044 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:15:00.0656 1044 HDAudBus - ok
16:15:00.0734 1044 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:15:00.0734 1044 helpsvc - ok
16:15:00.0781 1044 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:15:00.0781 1044 HidServ - ok
16:15:00.0812 1044 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:15:00.0812 1044 HidUsb - ok
16:15:00.0843 1044 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:15:00.0843 1044 hkmsvc - ok
16:15:00.0921 1044 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
16:15:00.0921 1044 HP Port Resolver - ok
16:15:00.0937 1044 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
16:15:00.0937 1044 HP Status Server - ok
16:15:00.0984 1044 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:15:00.0984 1044 hpn - ok
16:15:01.0031 1044 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:15:01.0046 1044 HSFHWAZL - ok
16:15:01.0109 1044 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:15:01.0140 1044 HSF_DPV - ok
16:15:01.0203 1044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:15:01.0218 1044 HTTP - ok
16:15:01.0250 1044 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:15:01.0265 1044 HTTPFilter - ok
16:15:01.0296 1044 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:15:01.0296 1044 i2omgmt - ok
16:15:01.0312 1044 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:15:01.0312 1044 i2omp - ok
16:15:01.0343 1044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:15:01.0343 1044 i8042prt - ok
16:15:01.0406 1044 ibmpmsvc - ok
16:15:01.0546 1044 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:15:01.0578 1044 idsvc - ok
16:15:01.0609 1044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:15:01.0609 1044 Imapi - ok
16:15:01.0656 1044 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:15:01.0656 1044 ImapiService - ok
16:15:01.0703 1044 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:15:01.0703 1044 ini910u - ok
16:15:01.0765 1044 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:15:01.0765 1044 IntelIde - ok
16:15:01.0796 1044 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:15:01.0796 1044 intelppm - ok
16:15:01.0812 1044 iolo_srv - ok
16:15:01.0859 1044 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:15:01.0859 1044 Ip6Fw - ok
16:15:01.0890 1044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:15:01.0890 1044 IpFilterDriver - ok
16:15:01.0906 1044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:15:01.0906 1044 IpInIp - ok
16:15:01.0953 1044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:15:01.0953 1044 IpNat - ok
16:15:01.0984 1044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:15:01.0984 1044 IPSec - ok
16:15:02.0015 1044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:15:02.0015 1044 IRENUM - ok
16:15:02.0062 1044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:15:02.0062 1044 isapnp - ok
16:15:02.0109 1044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:15:02.0109 1044 Kbdclass - ok
16:15:02.0140 1044 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:15:02.0140 1044 kbdhid - ok
16:15:02.0156 1044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:15:02.0171 1044 kmixer - ok
16:15:02.0187 1044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:15:02.0187 1044 KSecDD - ok
16:15:02.0234 1044 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:15:02.0234 1044 lanmanserver - ok
16:15:02.0281 1044 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:15:02.0281 1044 lanmanworkstation - ok
16:15:02.0296 1044 lbrtfdc - ok
16:15:02.0390 1044 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:15:02.0390 1044 LmHosts - ok
16:15:02.0406 1044 LVVI500A - ok
16:15:02.0453 1044 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:15:02.0453 1044 mdmxsdk - ok
16:15:02.0484 1044 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:15:02.0500 1044 Messenger - ok
16:15:02.0609 1044 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:15:02.0687 1044 Microsoft Office Groove Audit Service - ok
16:15:02.0718 1044 MicrosoftDynamicsNAVServer$NAV2 - ok
16:15:02.0750 1044 MicrosoftDynamicsNAVServer$NAV3 - ok
16:15:02.0796 1044 MicrosoftDynamicsNAVServer$NAV4 - ok
16:15:02.0843 1044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:15:02.0843 1044 mnmdd - ok
16:15:02.0875 1044 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:15:02.0875 1044 mnmsrvc - ok
16:15:02.0906 1044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:15:02.0906 1044 Modem - ok
16:15:02.0921 1044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:15:02.0921 1044 Mouclass - ok
16:15:02.0953 1044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:15:02.0953 1044 mouhid - ok
16:15:02.0984 1044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:15:02.0984 1044 MountMgr - ok
16:15:03.0031 1044 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:15:03.0031 1044 mraid35x - ok
16:15:03.0046 1044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:15:03.0046 1044 MRxDAV - ok
16:15:03.0125 1044 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:15:03.0140 1044 MRxSmb - ok
16:15:03.0171 1044 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:15:03.0171 1044 MSDTC - ok
16:15:03.0234 1044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:15:03.0234 1044 Msfs - ok
16:15:03.0250 1044 MSIServer - ok
16:15:03.0296 1044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:15:03.0296 1044 MSKSSRV - ok
16:15:03.0312 1044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:15:03.0312 1044 MSPCLOCK - ok
16:15:03.0343 1044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:15:03.0343 1044 MSPQM - ok
16:15:03.0390 1044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:15:03.0390 1044 mssmbios - ok
16:15:03.0453 1044 MSSQLSERVER - ok
16:15:03.0515 1044 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:15:03.0546 1044 MSSQLServerADHelper - ok
16:15:03.0578 1044 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:15:03.0593 1044 Mup - ok
16:15:03.0625 1044 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:15:03.0640 1044 napagent - ok
16:15:03.0671 1044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:15:03.0687 1044 NDIS - ok
16:15:03.0703 1044 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:15:03.0703 1044 NdisTapi - ok
16:15:03.0734 1044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:15:03.0734 1044 Ndisuio - ok
16:15:03.0765 1044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:15:03.0765 1044 NdisWan - ok
16:15:03.0796 1044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:15:03.0796 1044 NDProxy - ok
16:15:03.0828 1044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:15:03.0828 1044 NetBIOS - ok
16:15:03.0859 1044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:15:03.0859 1044 NetBT - ok
16:15:03.0906 1044 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:15:03.0921 1044 NetDDE - ok
16:15:03.0937 1044 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:15:03.0937 1044 NetDDEdsdm - ok
16:15:03.0984 1044 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:03.0984 1044 Netlogon - ok
16:15:04.0015 1044 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:15:04.0031 1044 Netman - ok
16:15:04.0140 1044 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:15:04.0234 1044 NetTcpPortSharing - ok
16:15:04.0281 1044 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:15:04.0281 1044 NIC1394 - ok
16:15:04.0390 1044 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
16:15:04.0406 1044 NICCONFIGSVC - ok
16:15:04.0453 1044 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:15:04.0468 1044 Nla - ok
16:15:04.0500 1044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:15:04.0500 1044 Npfs - ok
16:15:04.0531 1044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:15:04.0546 1044 Ntfs - ok
16:15:04.0593 1044 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:04.0593 1044 NtLmSsp - ok
16:15:04.0625 1044 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:15:04.0640 1044 NtmsSvc - ok
16:15:04.0671 1044 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:15:04.0671 1044 NuidFltr - ok
16:15:04.0718 1044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:15:04.0718 1044 Null - ok
16:15:04.0937 1044 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:15:05.0109 1044 nv - ok
16:15:05.0203 1044 NVSvc (7ee6243758619a391491148eabf0e7b7) C:\WINDOWS\system32\nvsvc32.exe
16:15:05.0203 1044 NVSvc - ok
16:15:05.0281 1044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:15:05.0281 1044 NwlnkFlt - ok
16:15:05.0296 1044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:15:05.0296 1044 NwlnkFwd - ok
16:15:05.0421 1044 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:15:05.0437 1044 odserv - ok
16:15:05.0468 1044 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:15:05.0468 1044 ohci1394 - ok
16:15:05.0515 1044 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:15:05.0578 1044 ose - ok
16:15:05.0625 1044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:15:05.0625 1044 Parport - ok
16:15:05.0640 1044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:15:05.0640 1044 PartMgr - ok
16:15:05.0687 1044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:15:05.0687 1044 ParVdm - ok
16:15:05.0703 1044 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
16:15:05.0703 1044 PBADRV - ok
16:15:05.0734 1044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:15:05.0734 1044 PCI - ok
16:15:05.0765 1044 PCIDump - ok
16:15:05.0796 1044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:15:05.0796 1044 PCIIde - ok
16:15:05.0843 1044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:15:05.0843 1044 Pcmcia - ok
16:15:05.0875 1044 PDCOMP - ok
16:15:05.0890 1044 PDFRAME - ok
16:15:05.0921 1044 PDRELI - ok
16:15:05.0953 1044 PDRFRAME - ok
16:15:06.0015 1044 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:15:06.0015 1044 perc2 - ok
16:15:06.0062 1044 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:15:06.0062 1044 perc2hib - ok
16:15:06.0140 1044 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:15:06.0140 1044 PlugPlay - ok
16:15:06.0171 1044 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
16:15:06.0171 1044 Pml Driver HPZ12 - ok
16:15:06.0203 1044 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:06.0218 1044 PolicyAgent - ok
16:15:06.0250 1044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:15:06.0250 1044 PptpMiniport - ok
16:15:06.0265 1044 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:06.0265 1044 ProtectedStorage - ok
16:15:06.0296 1044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:15:06.0296 1044 PSched - ok
16:15:06.0343 1044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:15:06.0343 1044 Ptilink - ok
16:15:06.0375 1044 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:15:06.0375 1044 ql1080 - ok
16:15:06.0390 1044 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:15:06.0406 1044 Ql10wnt - ok
16:15:06.0421 1044 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:15:06.0421 1044 ql12160 - ok
16:15:06.0453 1044 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:15:06.0453 1044 ql1240 - ok
16:15:06.0500 1044 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:15:06.0500 1044 ql1280 - ok
16:15:06.0515 1044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:15:06.0515 1044 RasAcd - ok
16:15:06.0546 1044 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:15:06.0562 1044 RasAuto - ok
16:15:06.0593 1044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:15:06.0593 1044 Rasl2tp - ok
16:15:06.0625 1044 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:15:06.0640 1044 RasMan - ok
16:15:06.0656 1044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:15:06.0671 1044 RasPppoe - ok
16:15:06.0687 1044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:15:06.0687 1044 Raspti - ok
16:15:06.0734 1044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:15:06.0734 1044 Rdbss - ok
16:15:06.0765 1044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:15:06.0765 1044 RDPCDD - ok
16:15:06.0828 1044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:15:06.0828 1044 rdpdr - ok
16:15:06.0875 1044 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:15:06.0890 1044 RDPWD - ok
16:15:06.0921 1044 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:15:06.0937 1044 RDSessMgr - ok
16:15:06.0968 1044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:15:06.0968 1044 redbook - ok
16:15:07.0015 1044 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:15:07.0015 1044 RemoteAccess - ok
16:15:07.0062 1044 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:15:07.0062 1044 RemoteRegistry - ok
16:15:07.0093 1044 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:15:07.0093 1044 RpcLocator - ok
16:15:07.0140 1044 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:15:07.0140 1044 RpcSs - ok
16:15:07.0171 1044 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:15:07.0171 1044 RSVP - ok
16:15:07.0234 1044 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:15:07.0234 1044 SamSs - ok
16:15:07.0265 1044 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:15:07.0265 1044 SCardSvr - ok
16:15:07.0312 1044 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:15:07.0312 1044 Schedule - ok
16:15:07.0390 1044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:15:07.0390 1044 Secdrv - ok
16:15:07.0406 1044 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:15:07.0421 1044 seclogon - ok
16:15:07.0531 1044 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
16:15:07.0546 1044 SecureStorageService - ok
16:15:07.0578 1044 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:15:07.0593 1044 SENS - ok
16:15:07.0625 1044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:15:07.0625 1044 serenum - ok
16:15:07.0640 1044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:15:07.0640 1044 Serial - ok
16:15:07.0765 1044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:15:07.0765 1044 Sfloppy - ok
16:15:07.0796 1044 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:15:07.0812 1044 SharedAccess - ok
16:15:07.0859 1044 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:15:07.0859 1044 ShellHWDetection - ok
16:15:07.0890 1044 Shockprf - ok
16:15:07.0921 1044 Simbad - ok
16:15:07.0953 1044 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:15:07.0953 1044 sisagp - ok
16:15:08.0062 1044 SONICWALL_NetExtender (692082a7fdcab0ef31bda8a4d03f747f) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
16:15:08.0078 1044 SONICWALL_NetExtender - ok
16:15:08.0109 1044 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
16:15:08.0109 1044 SONYPVU1 - ok
16:15:08.0140 1044 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:15:08.0140 1044 Sparrow - ok
16:15:08.0171 1044 spcflt - ok
16:15:08.0203 1044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:15:08.0203 1044 splitter - ok
16:15:08.0250 1044 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:15:08.0250 1044 Spooler - ok
16:15:08.0343 1044 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:15:08.0359 1044 SQLBrowser - ok
16:15:08.0406 1044 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:15:08.0406 1044 SQLWriter - ok
16:15:08.0437 1044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:15:08.0437 1044 sr - ok
16:15:08.0468 1044 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:15:08.0484 1044 srservice - ok
16:15:08.0546 1044 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:15:08.0562 1044 Srv - ok
16:15:08.0593 1044 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:15:08.0593 1044 SSDPSRV - ok
16:15:08.0625 1044 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys
16:15:08.0625 1044 SSLDrv - ok
16:15:08.0718 1044 STacSV (686fa4acfdcb4e16b7f0230b88f6d17e) C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
16:15:08.0718 1044 STacSV - ok
16:15:08.0781 1044 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
16:15:08.0828 1044 STHDA - ok
16:15:08.0843 1044 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:15:08.0859 1044 StillCam - ok
16:15:08.0890 1044 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:15:08.0906 1044 stisvc - ok
16:15:08.0953 1044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:15:08.0953 1044 swenum - ok
16:15:08.0968 1044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:15:08.0968 1044 swmidi - ok
16:15:08.0984 1044 SwPrv - ok
16:15:09.0046 1044 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:15:09.0046 1044 symc810 - ok
16:15:09.0078 1044 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:15:09.0078 1044 symc8xx - ok
16:15:09.0109 1044 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:15:09.0109 1044 sym_hi - ok
16:15:09.0125 1044 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:15:09.0125 1044 sym_u3 - ok
16:15:09.0171 1044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:15:09.0171 1044 sysaudio - ok
16:15:09.0218 1044 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:15:09.0218 1044 SysmonLog - ok
16:15:09.0281 1044 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:15:09.0296 1044 TapiSrv - ok
16:15:09.0343 1044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:15:09.0359 1044 Tcpip - ok
16:15:09.0468 1044 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
16:15:09.0515 1044 tcsd_win32.exe - ok
16:15:09.0593 1044 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
16:15:09.0640 1044 TdmService - ok
16:15:09.0781 1044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:15:09.0781 1044 TDPIPE - ok
16:15:09.0812 1044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:15:09.0812 1044 TDTCP - ok
16:15:09.0843 1044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:15:09.0843 1044 TermDD - ok
16:15:09.0890 1044 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:15:09.0906 1044 TermService - ok
16:15:09.0937 1044 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:15:09.0937 1044 Themes - ok
16:15:09.0953 1044 tlnrj - ok
16:15:10.0000 1044 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:15:10.0000 1044 TlntSvr - ok
16:15:10.0031 1044 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:15:10.0031 1044 TosIde - ok
16:15:10.0078 1044 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:15:10.0109 1044 TrkWks - ok
16:15:10.0156 1044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:15:10.0156 1044 Udfs - ok
16:15:10.0203 1044 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:15:10.0203 1044 ultra - ok
16:15:10.0281 1044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:15:10.0281 1044 Update - ok
16:15:10.0328 1044 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:15:10.0328 1044 upnphost - ok
16:15:10.0375 1044 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:15:10.0375 1044 UPS - ok
16:15:10.0437 1044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:15:10.0437 1044 usbccgp - ok
16:15:10.0484 1044 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:15:10.0484 1044 usbehci - ok
16:15:10.0515 1044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:15:10.0515 1044 usbhub - ok
16:15:10.0546 1044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:15:10.0546 1044 usbprint - ok
16:15:10.0578 1044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:15:10.0578 1044 USBSTOR - ok
16:15:10.0609 1044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:15:10.0625 1044 usbuhci - ok
16:15:10.0640 1044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:15:10.0640 1044 VgaSave - ok
16:15:10.0671 1044 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:15:10.0687 1044 viaagp - ok
16:15:10.0703 1044 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:15:10.0703 1044 ViaIde - ok
16:15:10.0750 1044 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys
16:15:10.0750 1044 vmm - ok
16:15:10.0781 1044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:15:10.0781 1044 VolSnap - ok
16:15:10.0828 1044 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
16:15:10.0828 1044 VPCNetS2 - ok
16:15:10.0937 1044 vpnagent (816366044657795ffce1d66f113f93c2) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
16:15:10.0953 1044 vpnagent - ok
16:15:10.0984 1044 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys
16:15:10.0984 1044 vpnva - ok
16:15:11.0062 1044 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
16:15:11.0093 1044 vsdatant - ok
16:15:11.0156 1044 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:15:11.0171 1044 VSS - ok
16:15:11.0203 1044 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:15:11.0218 1044 w32time - ok
16:15:11.0296 1044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:15:11.0296 1044 Wanarp - ok
16:15:11.0312 1044 Wave UCSPlus - ok
16:15:11.0453 1044 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
16:15:11.0468 1044 WaveEnrollmentService - ok
16:15:11.0500 1044 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
16:15:11.0500 1044 WaveFDE - ok
16:15:11.0531 1044 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
16:15:11.0546 1044 WavxDMgr - ok
16:15:11.0578 1044 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:15:11.0578 1044 WDC_SAM - ok
16:15:11.0625 1044 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:15:11.0640 1044 Wdf01000 - ok
16:15:11.0656 1044 WDICA - ok
16:15:11.0718 1044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:15:11.0718 1044 wdmaud - ok
16:15:11.0750 1044 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:15:11.0750 1044 WebClient - ok
16:15:11.0812 1044 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:15:11.0843 1044 winachsf - ok
16:15:11.0968 1044 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:15:11.0968 1044 winmgmt - ok
16:15:12.0031 1044 wltrysvc - ok
16:15:12.0078 1044 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:15:12.0078 1044 WmdmPmSN - ok
16:15:12.0125 1044 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:15:12.0140 1044 Wmi - ok
16:15:12.0234 1044 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:15:12.0234 1044 WmiAcpi - ok
16:15:12.0296 1044 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:15:12.0312 1044 WmiApSrv - ok
16:15:12.0390 1044 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:15:12.0421 1044 WMPNetworkSvc - ok
16:15:12.0718 1044 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:15:12.0812 1044 WPFFontCache_v0400 - ok
16:15:12.0859 1044 WSearch - ok
16:15:12.0921 1044 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:15:12.0937 1044 wuauserv - ok
16:15:13.0015 1044 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:15:13.0031 1044 WudfPf - ok
16:15:13.0062 1044 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:15:13.0078 1044 WudfRd - ok
16:15:13.0125 1044 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:15:13.0125 1044 WudfSvc - ok
16:15:13.0312 1044 WYNIT (71fd245a4dca081d570eeeeff0f4d45f) C:\Navision\2009 SP1\Application Server\nassql.exe
16:15:13.0390 1044 WYNIT - ok
16:15:13.0531 1044 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:15:13.0593 1044 WZCSVC - ok
16:15:13.0828 1044 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:15:13.0843 1044 xmlprov - ok
16:15:13.0953 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:15:14.0109 1044 \Device\Harddisk0\DR0 - ok
16:15:14.0125 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
16:15:14.0125 1044 \Device\Harddisk1\DR3 - ok
16:15:14.0156 1044 Boot (0x1200) (ff4f97aa9f8e4394fbaf9eb0d198a6c0) \Device\Harddisk0\DR0\Partition0
16:15:14.0156 1044 \Device\Harddisk0\DR0\Partition0 - ok
16:15:14.0187 1044 Boot (0x1200) (f7aa2af5924cdda0bbd13a2472ae584a) \Device\Harddisk1\DR3\Partition0
16:15:14.0187 1044 \Device\Harddisk1\DR3\Partition0 - ok
16:15:14.0187 1044 ============================================================
16:15:14.0187 1044 Scan finished
16:15:14.0187 1044 ============================================================
16:15:14.0234 1084 Detected object count: 0
16:15:14.0234 1084 Actual detected object count: 0
16:15:30.0265 0792 Deinitialize success


GMER - first run:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-09 01:34:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160823ASG rev.3.ADD
Running: jypgrepg.exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypob.sys

---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat B9143D20
---- EOF - GMER 1.0.15 ----

GMER - second run:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-09 01:38:40
Windows 5.1.2600 Service Pack 3
Running: jypgrepg.exe; Driver: C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypob.sys

---- Modules - GMER 1.0.15 ----
Module PBADRV.sys (PBA Support Driver/Dell Inc) F7647000-F7652000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) BA679000-BA6A1000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corp.) BA566000-BA679000 (1126400 bytes)
Module \SystemRoot\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) BA53B000-BA566000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.) BA517000-BA53B000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\dne2000.sys (Deterministic Network Enhancer/Deterministic Networks, Inc.) BA49C000-BA4BB000 (126976 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F77A7000-F77AC000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\SSLDrv.sys (SonicWALL SSL-VPN NetExtender driver for Windows./SonicWALL Inc.) BA7B6000-BA7BA000 (16384 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF012000-BF059000 (290816 bytes)
Module \??\C:\DOCUME~1\jerryw\LOCALS~1\Temp\fwloypob.sys (GMER) B9160000-B9179000 (102400 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\Documents and Settings\jerryw\Desktop\jypgrepg.exe 808
Library C:\Documents and Settings\jerryw\Desktop\jypgrepg.exe 0x00400000
Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1400
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x01B30000
Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 1676
Library C:\WINDOWS\system32\wvauth.dll (Authentication Package/Wave Systems Corp.) 0x10000000
Library C:\WINDOWS\system32\biolsp.dll (BioLsp/Wave Systems Corp.) 0x00960000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.2 r202/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] AliIde
Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [DISABLED] amdagp
Service C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.) [MANUAL] ApfiltrService
Service C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (App Support Driver/Dell Inc) [SYSTEM] APPDRV
Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [DISABLED] asc
Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [DISABLED] asc3550
Service C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom ASF IP and SMBIOS Mailbox Monitor/Broadcom Corporation) [AUTO] ASFIPmon
Service ATSWPDRV
Service C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) [MANUAL] b57w2k
Service C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom NetDetect Driver./Broadcom Corporation) [AUTO] BASFND
Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corp.) [MANUAL] BCM43XX
Service BCMLogon
Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] CmdIde
Service C:\WINDOWS\system32\DRIVERS\ctxusbm.sys (Citrix USB Filter Driver/Citrix Systems, Inc.) [SYSTEM] ctxusbm
Service C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems VPN Adapter/Cisco Systems, Inc.) [MANUAL] CVirtA
Service C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems VPN Client/Cisco Systems, Inc.) [AUTO] CVPND
Service C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems VPN Client IPSec Driver/Cisco Systems, Inc.) [AUTO] CVPNDRVA
Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [DISABLED] dac2w2k
Service C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Network Enhancer/Deterministic Networks, Inc.) [MANUAL] DNE
Service DTSPipeline
Service C:\WINDOWS\system32\drivers\dxec01.sys (dxec01.sys/Knowles Acoustics) [MANUAL] DXEC01
Service C:\WINDOWS\system32\DRIVERS\e100b325.sys (NDIS 5 driver/Intel Corporation) [MANUAL] E100B
Service C:\WINDOWS\System32\Drivers\oz776.sys (O2Micro USB CCID SmartCard Reader/O2Micro) [MANUAL] guardian2
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE (PortResolver Module/Hewlett-Packard Company) [MANUAL] HP Port Resolver
Service C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (HP Status Server Module/Hewlett-Packard Company) [MANUAL] HP Status Server
Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL
Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk
Service C:\Navision\2009 [AUTO] MicrosoftDynamicsNAVServer$NAV2
Service C:\Navision\2009 [AUTO] MicrosoftDynamicsNAVServer$NAV3
Service C:\Navision\2009 [AUTO] MicrosoftDynamicsNAVServer$NAV4
Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [DISABLED] mraid35x
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Internal Network Card Power Management Service/Dell Inc.) [AUTO] NICCONFIGSVC
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.19 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 101.19/NVIDIA Corporation) [AUTO] NVSvc
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\PBADRV.sys (PBA Support Driver/Dell Inc) [BOOT] PBADRV
Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1080
Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql12160
Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Secure Storage Service/Wave Systems Corp.) [MANUAL] SecureStorageService
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelEndpoint 4.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelOperation 4.0.0.0
Service ServiceModelService 3.0.0.0
Service ServiceModelService 4.0.0.0
Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [DISABLED] sisagp
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL NetExtender Windows NT Service/SonicWALL Inc.) [AUTO] SONICWALL_NetExtender
Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation) [MANUAL] SONYPVU1
Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [DISABLED] Sparrow
Service C:\WINDOWS\system32\DRIVERS\SSLDrv.sys (SonicWALL SSL-VPN NetExtender driver for Windows./SonicWALL Inc.) [MANUAL] SSLDrv
Service C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe (STacSV Module/SigmaTel, Inc.) [AUTO] STacSV
Service C:\WINDOWS\system32\drivers\sthda.sys (NDRC/SigmaTel, Inc.) [MANUAL] STHDA
Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [DISABLED] symc810
Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] symc8xx
Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] sym_hi
Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [DISABLED] sym_u3
Service C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [AUTO] tcsd_win32.exe
Service TcUsb
Service C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Tdm Service/Wave Systems Corp.) [AUTO] TdmService
Service System32\drivers\ober.sys [BOOT] tlnrj
Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] ViaIde
Service C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (VPN Agent Service/Cisco Systems, Inc.) [AUTO] vpnagent
Service C:\WINDOWS\system32\DRIVERS\vpnva.sys (Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows/Cisco Systems, Inc.) [MANUAL] vpnva
Service C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) [MANUAL] vsdatant
Service C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (WaveEnrollemntService/Wave Systems Corp.) [MANUAL] WaveEnrollmentService
Service C:\WINDOWS\system32\DRIVERS\WaveFDE.sys (WaveFDE Device Driver/Windows ® Codename Longhorn DDK provider) [MANUAL] WaveFDE
Service C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys (WavX Document Manager Filter Driver/Wave Systems Corp.) [AUTO] WavxDMgr
Service C:\WINDOWS\system32\DRIVERS\wdcsam.sys (WD SCSI Architecture Model (SAM) driver/Western Digital Technologies) [MANUAL] WDC_SAM
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
Service Windows Workflow Foundation 4.0.0.0
Service C:\WINDOWS\System32\WLTRYSVC.EXE [AUTO] wltrysvc
Service WSearchIdxPi
---- EOF - GMER 1.0.15 ----

THANKS!

[Jintan]

No, I was sure you understood, so was just helping with time issues.

The mystery driver seems to not show now, so it's looks safe to run an aggressive repair scan. Doing good there so far.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[JWW1]

Here are the results of the scan. I hope that I didn't do the wrong thing. I have quite a few things in my startup and when the PC was coming up after the last reboot they were starting, so I exited from them as I could. So, at those times I was touching the mouse/keyboard. How are we looking?

BTW - Thanks again and again!


ComboFix 12-05-09.01 - jerryw 05/09/2012 21:03:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3044 [GMT -5:00]
Running from: c:\documents and settings\jerryw\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jerryw\g2mdlhlpx.exe
c:\documents and settings\jerryw\System
c:\documents and settings\jerryw\System\win_qs8.jqx
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\mrxsmb.dll
c:\windows\system32\SET4A9.tmp
c:\windows\system32\SET4AD.tmp
c:\windows\system32\SET4B5.tmp
c:\windows\system32\test
c:\windows\system32\traprcvr.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETWORKLOG
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 02:27 . 2012-05-10 02:27 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-07 17:03 . 2012-05-07 17:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\jerryw\Application Data\Malwarebytes
2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 17:02 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 14:04 . 2012-05-01 18:01 -------- d-----w- c:\documents and settings\jerryw\Application Data\Kiwefa
2012-05-01 14:04 . 2012-05-01 14:04 -------- d-----w- c:\documents and settings\jerryw\Application Data\Ebfed
2012-04-25 15:08 . 2012-04-25 15:08 -------- d-----w- c:\documents and settings\jerryw\Local Settings\Application Data\Cisco
2012-04-13 15:09 . 2012-04-13 15:09 230808 ----a-r- c:\windows\cpnprt2.cid
2012-04-13 15:09 . 2012-04-13 15:09 230808 ------w- c:\windows\system32\cpnprt2.cid
2012-04-13 15:09 . 2012-04-13 15:09 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 02:28 . 2012-04-05 19:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 02:28 . 2011-05-20 18:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 02:27 . 2008-04-19 04:31 0 ----a-w- c:\documents and settings\jerryw\Local Settings\Application Data\WavXMapDrive.bat
2012-05-07 17:04 . 2004-08-04 04:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 710528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
.
c:\documents and settings\jerryw\Start Menu\Programs\Startup\
370b - TimeKeeper.lnk - c:\navision\370b\TimeKeeper\fin.exe [2008-6-24 5167928]
Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2011-8-3 12997488]
Navision Shortcuts.lnk - f:\wit\Navision Shortcuts [2011-12-8] [Folder]
Shortcut to Navision Shortcuts.lnk - c:\navision\Navision Shortcuts [2008-6-23] [Folder]
SQL2005 Service Manager.lnk - c:\documents and settings\jerryw\Application Data\Microsoft\Installer\{4FAF7E5F-6A13-4FFB-9534-4A60A12136ED}\_929D0F3838C75D34D4C025.exe [2010-3-11 318]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-4 50688]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2012-4-5 6144]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Navision\\370b\\TimeKeeper\\AtDebug.exe"=
"c:\\Navision\\400 SP3\\Client2\\AtDebug.exe"=
"c:\\Navision\\500 SP1\\AtDebug.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Navision\\400 SP3\\AtDebug.exe"=
"f:\\WIT\\WIT Timekeeper\\AtDebug.exe"=
"c:\\Navision\\500 SP1\\Client2\\AtDebug.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Navision\\370b\\AtDebug.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\jerryw\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Navision\\2009 SP1\\Classic\\AtDebug.exe"=
"c:\\Navision\\2009 SP1\\Classic\\Client2\\AtDebug.exe"=
"c:\\Navision\\2009 R2\\Classic\\AtDebug.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 MicrosoftDynamicsNAVServer$NAV2;Microsoft Dynamics NAV Server Instance 2;c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 --> c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 [?]
R2 MicrosoftDynamicsNAVServer$NAV3;Microsoft Dynamics NAV Server Instance 3;c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 --> c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 [?]
R2 MicrosoftDynamicsNAVServer$NAV4;Microsoft Dynamics NAV Server Instance 4;c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 --> c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 [?]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 2:32 PM 592120]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S0 tlnrj;tlnrj;c:\windows\system32\drivers\ober.sys --> c:\windows\system32\drivers\ober.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 2:24 PM 257696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WYNIT;Application Server for Microsoft Dynamics NAV WYNIT;c:\navision\2009 SP1\Application Server\nassql.exe [8/26/2011 2:34 PM 2352464]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LVVI500A
SE2Ebus
unlockerdriver5
spcflt
iolo_srv
Shockprf
{834170a7-af3b-4d34-a757-e05eb29ee96d}
ikhfile
AEADIFilters
Packet
plscsi
Bcim
clientservice
db2governor
TeamViewer
USBCCID
com4qlb
avg7core
ibmfilter
dashsvc
ibmpmsvc
dpfusmgr
lfsfilt
v124
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:30]
.
2012-05-10 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-07 12:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://connect.jcehrlich.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://downloads.freehandmusic.com/soleromusiccontrol.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://67.134.35.205/MLWebCacheCleaner.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-28707618.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 21:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1800)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe
c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\HidFind.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe
c:\windows\system32\msdtc.exe
c:\program files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Completion time: 2012-05-09 21:35:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 02:35
.
Pre-Run: 28,327,866,368 bytes free
Post-Run: 30,276,120,576 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4F564BD06C9990D099D569BEC851803D

[Jintan]

On the other hand, my mention of volunteer time does not include me just wandering off from an active thread like this, so feel free to PM me if it occurs again.

ComboFix does seem to have picked up an unknown service, so let's address that.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

-------------

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

Browser Address Error Redirector - Dell installed search hijacker.
Coupon Printer for Windows - long negative history - see here
SearchAssist - Dell installed search hijacker.

-------------------

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

KillAll::
Driver::
tlnrj
Rootkit::
c:\windows\system32\drivers\ober.sys
NetSvc::
iolo_srv
avg7core

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[JWW1]

I don't know what "feel free to PM me" means?

I found and removed:
Browser Address Error Redirector
Coupon Printer for Windows
SearchAssist

When ComboFix ran, (I ran it over night) I came back to find a message about page size. It could not finish the reboot that it was doing, so I ended up turningboot off the power and then after turning the power back on, rebooted into safe mode. It appeared to finish the ComboFix tasks. Here is the log:


ComboFix 12-05-12.01 - jerryw 05/12/2012 21:36:01.2.2 - x86
Running from: c:\documents and settings\jerryw\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jerryw\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_tlnrj
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-07 17:03 . 2012-05-07 17:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\jerryw\Application Data\Malwarebytes
2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-01 17:02 . 2012-05-01 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 17:02 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 14:04 . 2012-05-01 18:01 -------- d-----w- c:\documents and settings\jerryw\Application Data\Kiwefa
2012-05-01 14:04 . 2012-05-01 14:04 -------- d-----w- c:\documents and settings\jerryw\Application Data\Ebfed
2012-04-25 15:08 . 2012-04-25 15:08 -------- d-----w- c:\documents and settings\jerryw\Local Settings\Application Data\Cisco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 02:14 . 2008-04-19 04:31 0 ----a-w- c:\documents and settings\jerryw\Local Settings\Application Data\WavXMapDrive.bat
2012-05-10 02:28 . 2012-04-05 19:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 02:28 . 2011-05-20 18:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 17:04 . 2004-08-04 04:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-10_02.27.06 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 710528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
.
c:\documents and settings\jerryw\Start Menu\Programs\Startup\
370b - TimeKeeper.lnk - c:\navision\370b\TimeKeeper\fin.exe [2008-6-24 5167928]
Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2011-8-3 12997488]
Navision Shortcuts.lnk - f:\wit\Navision Shortcuts [2011-12-8] [Folder]
Shortcut to Navision Shortcuts.lnk - c:\navision\Navision Shortcuts [2008-6-23] [Folder]
SQL2005 Service Manager.lnk - c:\documents and settings\jerryw\Application Data\Microsoft\Installer\{4FAF7E5F-6A13-4FFB-9534-4A60A12136ED}\_929D0F3838C75D34D4C025.exe [2010-3-11 318]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-4 50688]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2012-4-5 6144]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Navision\\370b\\TimeKeeper\\AtDebug.exe"=
"c:\\Navision\\400 SP3\\Client2\\AtDebug.exe"=
"c:\\Navision\\500 SP1\\AtDebug.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Navision\\400 SP3\\AtDebug.exe"=
"f:\\WIT\\WIT Timekeeper\\AtDebug.exe"=
"c:\\Navision\\500 SP1\\Client2\\AtDebug.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Navision\\370b\\AtDebug.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\jerryw\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Navision\\2009 SP1\\Classic\\AtDebug.exe"=
"c:\\Navision\\2009 SP1\\Classic\\Client2\\AtDebug.exe"=
"c:\\Navision\\2009 R2\\Classic\\AtDebug.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 MicrosoftDynamicsNAVServer$NAV2;Microsoft Dynamics NAV Server Instance 2;c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 --> c:\navision\2009 SP1\Service2\Microsoft.Dynamics.Nav.Server.exe $NAV2 [?]
S2 MicrosoftDynamicsNAVServer$NAV3;Microsoft Dynamics NAV Server Instance 3;c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 --> c:\navision\2009 SP1\Service3\Microsoft.Dynamics.Nav.Server.exe $NAV3 [?]
S2 MicrosoftDynamicsNAVServer$NAV4;Microsoft Dynamics NAV Server Instance 4;c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 --> c:\navision\2009 SP1\Service - Av-DEC\Microsoft.Dynamics.Nav.Server.exe $NAV4 [?]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 2:32 PM 592120]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 2:24 PM 257696]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WYNIT;Application Server for Microsoft Dynamics NAV WYNIT;c:\navision\2009 SP1\Application Server\nassql.exe [8/26/2011 2:34 PM 2352464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LVVI500A
SE2Ebus
unlockerdriver5
spcflt
Shockprf
{834170a7-af3b-4d34-a757-e05eb29ee96d}
ikhfile
AEADIFilters
Packet
plscsi
Bcim
clientservice
db2governor
TeamViewer
USBCCID
com4qlb
ibmfilter
dashsvc
ibmpmsvc
dpfusmgr
lfsfilt
v124
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:30]
.
2012-05-13 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-01-07 12:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://connect.jcehrlich.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://downloads.freehandmusic.com/soleromusiccontrol.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://67.134.35.205/MLWebCacheCleaner.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 12:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1672)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(1476)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-05-13 12:41:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-13 17:41
ComboFix2.txt 2012-05-10 02:35
.
Pre-Run: 29,941,256,192 bytes free
Post-Run: 34,212,016,128 bytes free
.
- - End Of File - - D680AFEB330CFDBF383C79B40554750C

[Jintan]

ComboFix did take out an unknown service. ComboFix is a heavy resource user, so not sure if it was competing with something else using a lot of cpu time, or just the Virtual settings having a limit on them.

In normal mode, open Task Manager (Ctrl - Alt - Delete). Under the Processes tab, CPU header, see if you can ID anything that shows constant high activity. Post back on anything you notice.

Also go to Start - Settings - Control Panel. Click the System icon, Advanced tab, Performance - Settings Button. Advanced tab, Virtual Memory Change button.

If it is set to "Custom size", place a tick next to "System managed size", then click the Set button. Then click OK/Apply to save those settings and close the display. You will need to reboot to complete the changes, but post back on any high cpu use programs for now.

[JWW1]

I notice that searchindexer.exe is regularly right at the top of the list. Is that related to the one that I removed earlier?
I sorted on the CPU column and am attaching a screen shot.

Thanks

Attached Files

•  Windows Tassk Mgr ScreenShot.bmp   2.15MB   7 downloads