Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google.com is not accessible


  • Please log in to reply
20 replies to this topic

#1 driven13

driven13

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 20 March 2012 - 10:05 PM

Hello all experts.

A few months ago I had a virus/rootkit on a Windows XP computer and I had successfully removed it.

Everything on the computer is working fine EXCEPT that I cannot browse to google.com or www.google.com either on Internet Explorer 8 nor on FireFox.

It just gives me the standard "Internet Explorer cannot display the webpage" error.

I have run CCCleaner and MalwareBytes multiple times and they have all come up empty.

My "hosts" file contains just that one line for localhost.

Can someone please help me figuring this out as it is frustrating to say the least?

Thanx in advance.

--d.

Edited by driven13, 20 March 2012 - 10:08 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:34 PM

Posted 21 March 2012 - 07:18 AM

Hello,

I will be helping you with your problems
Please do the following:

Step 1

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------------

Step 2

Please download Farbar Service Scanner to your Desktop and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

----------------

Step 3

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

----------------

Step 4

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 driven13

driven13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 21 March 2012 - 10:05 PM

Hello dev00790.

Thanx for the response.

I have attached the 4 logs to this post.

Let me know if there is anything else I need to do.

Thanx for your help.

Regards,

--d.


=== Security Check Logs ===


Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Gmer
CCleaner
Java™ 6 Update 26
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


=== Farbar Service Scanner Logs ===


Farbar Service Scanner Version: 01-03-2012
Ran by JEANNE (administrator) on 21-03-2012 at 22:28:41
Running from "C:\Documents and Settings\JEANNIE\Desktop\New Folder"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



=== MiniToolBox Logs ===


MiniToolBox by Farbar Version: 18-01-2012
Ran by JEANNE (administrator) on 21-03-2012 at 22:31:14
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MSL3-EXEC2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

Physical Address. . . . . . . . . : 00-21-9B-05-59-C9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.30

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 71.242.0.12

71.252.0.12

Lease Obtained. . . . . . . . . . : Wednesday, March 21, 2012 9:56:33 PM

Lease Expires . . . . . . . . . . : Thursday, March 22, 2012 9:56:33 PM

Server: nsphil01.verizon.net
Address: 71.242.0.12

Name: google.com
Address: 87.125.87.99



Pinging google.com [87.125.87.99] with 32 bytes of data:



Reply from 87.125.87.99: bytes=32 time=104ms TTL=53

Reply from 87.125.87.99: bytes=32 time=105ms TTL=53



Ping statistics for 87.125.87.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 104ms, Maximum = 105ms, Average = 104ms

Server: nsphil01.verizon.net
Address: 71.242.0.12

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=141ms TTL=56

Reply from 72.30.38.140: bytes=32 time=109ms TTL=56



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 109ms, Maximum = 141ms, Average = 125ms

Server: nsphil01.verizon.net
Address: 71.242.0.12

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 9b 05 59 c9 ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.30 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.30 192.168.0.30 20
192.168.0.30 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.30 192.168.0.30 20
224.0.0.0 240.0.0.0 192.168.0.30 192.168.0.30 20
255.255.255.255 255.255.255.255 192.168.0.30 192.168.0.30 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/20/2012 10:00:18 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (04/20/2012 06:54:25 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (04/20/2012 05:34:24 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (03/19/2012 06:42:24 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (03/13/2012 07:10:50 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (03/07/2012 07:56:43 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (03/05/2012 07:44:26 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (03/01/2012 09:35:07 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 procare.exe, P2 10.2.4148.0, P3 4dcae7a9, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 clr20r30, P10 clr20r31.

Error: (03/01/2012 09:35:07 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 procare.exe, P2 10.2.4148.0, P3 4dcae7a9, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 clr20r30, P10 clr20r31.

Error: (02/23/2012 11:55:03 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (04/20/2012 07:51:47 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (04/20/2012 07:51:47 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (04/20/2012 05:35:44 PM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by -2678391 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.30:123->65.55.21.15:123) is working properly.

Error: (04/20/2012 05:35:28 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (04/20/2012 05:35:28 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (03/20/2012 10:12:10 AM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (03/20/2012 10:12:10 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (03/19/2012 07:14:56 AM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (03/19/2012 07:14:56 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (03/13/2012 05:40:11 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Reader 9.5.0 (Version: 9.5.0)
Belarc Advisor 8.1
Brother HL-2040 (Version: 1.00)
CCleaner (Version: 3.16)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Creative WebCam Instant User's Guide (English)
Crystal Reports 2008 Runtime SP2 (Version: 12.2.0.290)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 1.21)
Dell Driver Download Manager (Version: 1.0.0.0)
DigitalPersona One Touch for Windows RTE 1.4.0.1 (Version: 1.4.0.835)
Express ClickYes 1.2 (Version: 1.2)
EZBook 8.0.052 (Version: EZBook)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.99)
GoToMeeting 4.5.0.457
iLivid (Version: 1.92.0.118480)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Connections 12.1.12.0 (Version: )
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Kyocera Product Library (Version: 2.0.0713)
LAN-Fax Utilities
LogMeIn (Version: 4.1.1586)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Publisher 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (Version: 2.0.1578.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Minute Menu Kids
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Nero 6 Ultra Edition
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Procare (Version: 10.1)
ProCare for Windows
QuickBooks Pro Edition 2003
QuickTime (Version: 7.1.3.100)
Realtek High Definition Audio Driver (Version: 5.10.0.5408)
SIW version 2010.07.14 (Version: 2010.07.14)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SyncToy 2.1 (x86) (Version: 2.1.0)
U3Launcher (Version: 1.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
URL Assistant
Viewpoint Manager (Remove Only)
WebCam Instant Product Registration
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows iLivid Toolbar (Version: 3.0.0.118320)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 2037.1 MB
Available physical RAM: 1511.55 MB
Total Pagefile: 3384.1 MB
Available Pagefile: 3051.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.06 GB) (Free:261.6 GB) NTFS
3 Drive m: () (Network) (Total:74.46 GB) (Free:35.84 GB) NTFS

========================= Users: ========================================

User accounts for \\MSL3-EXEC2

Administrator Guest HelpAssistant
JEANNE madhabi salema
support SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



=== MalwareBytes' Anti-Malware Logs ===


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JEANNE :: MSL3-EXEC2 [administrator]

3/21/2012 10:37:18 PM
mbam-log-2012-03-21 (22-37-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256547
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Edited by driven13, 22 March 2012 - 08:31 AM.


#4 driven13

driven13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 22 March 2012 - 02:11 PM

Here is something else I found out.

Turns out that I cannot access three sites that I know of (google.com, bing.com, search.yahoo.com) and they are all search engine sites.

If I ping these addresses, I get the SAME return ip: 87.125.87.99

Also the entry for ◦HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "DataBasePath" = C:\windows\hosts

This is, of course, not the correct location and it points to a non-existant file that must have been removed when I cleaned up the computer.

So I reset that registry value to: %SystemRoot%\System32\drivers\etc

The "hosts" file in this diretory has only that one line for localhost.

I flushed the DNS.

Rebooted.

Still no changes in the behavior.

Not sure where else to look.

Thanx,

--d.

Edited by driven13, 22 March 2012 - 02:14 PM.


#5 driven13

driven13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 23 March 2012 - 08:18 AM

Hello dev00790.

I have not heard back from you in 48 hours.

So, has per your instructions, I have bumped this topic.

Best,

--d.

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:34 PM

Posted 23 March 2012 - 12:53 PM

Hi driven13

I am seeking advice about your issue. I'll get back to you shortly.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:34 PM

Posted 23 March 2012 - 02:01 PM

Hi driven13,

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Step 2

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 driven13

driven13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 24 March 2012 - 01:19 AM

Hello dev00790.

That did fix the problem!!!

Weird, as I had already run that a FEW times back when I was cleaning up the computer a couple of months ago.

Thanx for your time.

--d.

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:34 PM

Posted 24 March 2012 - 06:20 AM

Hi driven13,

We haven't finished yet :P
Next please do the following:

Step 1

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Step 2

Rerun MBAM as per step 4 of my earlier post link
Post the log in your next reply.

Step 3

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Select your Platform.
  • Under Which should I choose?, check the box for Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe (or jre-6u30-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
Step 5

Mozilla Firefox is outdated
  • Please download the latest version of Firefox from http://www.mozilla.org/en-US/firefox/fx/ to your Desktop
  • Double click the file to start the installation process
  • When it is installed restart the computer

Step 6


Adobe Reader is outdated
  • Please download the latest version of Adobe Reader from http://get.adobe.com/uk/reader/ to your Desktop
  • Double click the file to start the installation process
  • When it is installed restart the computer


Step 7


How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 driven13

driven13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 24 March 2012 - 11:34 AM

Hello dev00790.

OK, I followed your instructions.

The logs files for TDSSKiller and MalwareBytes' are attached below.

I have updated the JAVA runtime, after deleting all previous instances of it.

I have also update FireFox and Adobe Acrobat Reader to their latest versions.

Let me know if there is anything else you want me to do.

Thanx for all your time and help.

It is much appreciated.

--d.

===== TDSSKiller Logs =====


15:49:50.0296 2460 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
15:49:50.0609 2460 ============================================================
15:49:50.0609 2460 Current date / time: 2012/03/23 15:49:50.0609
15:49:50.0609 2460 SystemInfo:
15:49:50.0609 2460
15:49:50.0609 2460 OS Version: 5.1.2600 ServicePack: 3.0
15:49:50.0609 2460 Product type: Workstation
15:49:50.0609 2460 ComputerName: MSL3-EXEC2
15:49:50.0609 2460 UserName: JEANNE
15:49:50.0609 2460 Windows directory: C:\WINDOWS
15:49:50.0609 2460 System windows directory: C:\WINDOWS
15:49:50.0609 2460 Processor architecture: Intel x86
15:49:50.0609 2460 Number of processors: 2
15:49:50.0609 2460 Page size: 0x1000
15:49:50.0609 2460 Boot type: Normal boot
15:49:50.0609 2460 ============================================================
15:49:52.0140 2460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:49:52.0156 2460 \Device\Harddisk0\DR0:
15:49:52.0156 2460 MBR used
15:49:52.0156 2460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x2541DBBD
15:49:52.0171 2460 Initialize success
15:49:52.0171 2460 ============================================================
15:50:08.0500 1448 ============================================================
15:50:08.0500 1448 Scan started
15:50:08.0500 1448 Mode: Manual;
15:50:08.0500 1448 ============================================================
15:50:09.0015 1448 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:50:09.0015 1448 !SASCORE - ok
15:50:09.0140 1448 Abiosdsk - ok
15:50:09.0187 1448 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:50:09.0187 1448 abp480n5 - ok
15:50:09.0218 1448 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:50:09.0234 1448 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
15:50:09.0234 1448 ACPI ( Virus.Win32.Rloader.a ) - infected
15:50:09.0234 1448 ACPI - detected Virus.Win32.Rloader.a (0)
15:50:09.0265 1448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:50:09.0265 1448 ACPIEC - ok
15:50:09.0281 1448 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:50:09.0281 1448 adpu160m - ok
15:50:09.0296 1448 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
15:50:09.0296 1448 aeaudio - ok
15:50:09.0328 1448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:50:09.0343 1448 aec - ok
15:50:09.0375 1448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:50:09.0390 1448 AFD - ok
15:50:09.0421 1448 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:50:09.0421 1448 agp440 - ok
15:50:09.0468 1448 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:50:09.0468 1448 agpCPQ - ok
15:50:09.0468 1448 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:50:09.0468 1448 Aha154x - ok
15:50:09.0500 1448 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:50:09.0500 1448 aic78u2 - ok
15:50:09.0500 1448 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:50:09.0500 1448 aic78xx - ok
15:50:09.0546 1448 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:50:09.0546 1448 Alerter - ok
15:50:09.0562 1448 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:50:09.0562 1448 ALG - ok
15:50:09.0578 1448 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:50:09.0578 1448 AliIde - ok
15:50:09.0609 1448 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:50:09.0609 1448 alim1541 - ok
15:50:09.0625 1448 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:50:09.0625 1448 amdagp - ok
15:50:09.0640 1448 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:50:09.0640 1448 amsint - ok
15:50:09.0687 1448 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:50:09.0687 1448 AppMgmt - ok
15:50:09.0687 1448 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:50:09.0687 1448 asc - ok
15:50:09.0703 1448 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:50:09.0718 1448 asc3350p - ok
15:50:09.0734 1448 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:50:09.0734 1448 asc3550 - ok
15:50:09.0828 1448 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:50:09.0859 1448 aspnet_state - ok
15:50:09.0890 1448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:50:09.0890 1448 AsyncMac - ok
15:50:09.0906 1448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:50:09.0906 1448 atapi - ok
15:50:09.0921 1448 Atdisk - ok
15:50:09.0968 1448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:50:09.0968 1448 Atmarpc - ok
15:50:09.0984 1448 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:50:09.0984 1448 AudioSrv - ok
15:50:10.0000 1448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:50:10.0000 1448 audstub - ok
15:50:10.0046 1448 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
15:50:10.0046 1448 BANTExt - ok
15:50:10.0062 1448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:50:10.0062 1448 Beep - ok
15:50:10.0093 1448 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:50:10.0093 1448 BITS - ok
15:50:10.0109 1448 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:50:10.0109 1448 Browser - ok
15:50:10.0140 1448 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
15:50:10.0140 1448 BrPar - ok
15:50:10.0140 1448 catchme - ok
15:50:10.0187 1448 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:50:10.0187 1448 cbidf - ok
15:50:10.0187 1448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:50:10.0187 1448 cbidf2k - ok
15:50:10.0218 1448 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:50:10.0234 1448 CCDECODE - ok
15:50:10.0265 1448 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:50:10.0265 1448 cd20xrnt - ok
15:50:10.0265 1448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:50:10.0265 1448 Cdaudio - ok
15:50:10.0296 1448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:50:10.0296 1448 Cdfs - ok
15:50:10.0328 1448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:50:10.0328 1448 Cdrom - ok
15:50:10.0328 1448 Changer - ok
15:50:10.0359 1448 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:50:10.0359 1448 CiSvc - ok
15:50:10.0375 1448 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:50:10.0375 1448 ClipSrv - ok
15:50:10.0421 1448 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:10.0453 1448 clr_optimization_v2.0.50727_32 - ok
15:50:10.0468 1448 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:50:10.0468 1448 CmdIde - ok
15:50:10.0484 1448 COMSysApp - ok
15:50:10.0515 1448 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:50:10.0515 1448 Cpqarray - ok
15:50:10.0640 1448 cpuz134 - ok
15:50:10.0687 1448 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:50:10.0687 1448 CryptSvc - ok
15:50:10.0718 1448 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:50:10.0718 1448 dac2w2k - ok
15:50:10.0718 1448 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:50:10.0718 1448 dac960nt - ok
15:50:10.0765 1448 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:50:10.0781 1448 DcomLaunch - ok
15:50:10.0796 1448 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:50:10.0796 1448 Dhcp - ok
15:50:10.0812 1448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:50:10.0812 1448 Disk - ok
15:50:10.0828 1448 dmadmin - ok
15:50:10.0875 1448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:50:10.0875 1448 dmboot - ok
15:50:10.0890 1448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:50:10.0890 1448 dmio - ok
15:50:10.0906 1448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:50:10.0906 1448 dmload - ok
15:50:10.0937 1448 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:50:10.0937 1448 dmserver - ok
15:50:10.0968 1448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:50:10.0968 1448 DMusic - ok
15:50:11.0015 1448 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:50:11.0015 1448 Dnscache - ok
15:50:11.0046 1448 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:50:11.0046 1448 Dot3svc - ok
15:50:11.0125 1448 DpHost (32dffb0f96f0978606bc1043b50d54cd) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
15:50:11.0187 1448 DpHost - ok
15:50:11.0203 1448 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:50:11.0203 1448 dpti2o - ok
15:50:11.0218 1448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:50:11.0218 1448 drmkaud - ok
15:50:11.0250 1448 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:50:11.0250 1448 E100B - ok
15:50:11.0281 1448 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:50:11.0281 1448 e1express - ok
15:50:11.0328 1448 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:50:11.0328 1448 EapHost - ok
15:50:11.0359 1448 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:50:11.0359 1448 ERSvc - ok
15:50:11.0406 1448 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:50:11.0406 1448 Eventlog - ok
15:50:11.0453 1448 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:50:11.0453 1448 EventSystem - ok
15:50:11.0484 1448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:50:11.0484 1448 Fastfat - ok
15:50:11.0531 1448 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:50:11.0531 1448 FastUserSwitchingCompatibility - ok
15:50:11.0546 1448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:50:11.0546 1448 Fdc - ok
15:50:11.0578 1448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:50:11.0578 1448 Fips - ok
15:50:11.0593 1448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:50:11.0593 1448 Flpydisk - ok
15:50:11.0640 1448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:50:11.0640 1448 FltMgr - ok
15:50:11.0718 1448 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:50:11.0718 1448 FontCache3.0.0.0 - ok
15:50:11.0734 1448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:50:11.0734 1448 Fs_Rec - ok
15:50:11.0765 1448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:50:11.0765 1448 Ftdisk - ok
15:50:11.0812 1448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:50:11.0812 1448 Gpc - ok
15:50:11.0890 1448 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:11.0890 1448 gupdate - ok
15:50:11.0906 1448 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:11.0906 1448 gupdatem - ok
15:50:11.0968 1448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:50:11.0968 1448 gusvc - ok
15:50:12.0015 1448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:50:12.0015 1448 HDAudBus - ok
15:50:12.0046 1448 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:50:12.0046 1448 helpsvc - ok
15:50:12.0062 1448 HidServ - ok
15:50:12.0109 1448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:50:12.0109 1448 HidUsb - ok
15:50:12.0140 1448 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:50:12.0140 1448 hkmsvc - ok
15:50:12.0171 1448 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:50:12.0171 1448 hpn - ok
15:50:12.0218 1448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:50:12.0218 1448 HTTP - ok
15:50:12.0250 1448 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:50:12.0250 1448 HTTPFilter - ok
15:50:12.0296 1448 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:50:12.0296 1448 i2omgmt - ok
15:50:12.0328 1448 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:50:12.0328 1448 i2omp - ok
15:50:12.0328 1448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:50:12.0328 1448 i8042prt - ok
15:50:12.0375 1448 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:50:12.0406 1448 ialm - ok
15:50:12.0468 1448 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:50:12.0484 1448 idsvc - ok
15:50:12.0500 1448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:50:12.0500 1448 Imapi - ok
15:50:12.0546 1448 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:50:12.0546 1448 ImapiService - ok
15:50:12.0578 1448 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:50:12.0578 1448 ini910u - ok
15:50:12.0687 1448 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:50:12.0718 1448 IntcAzAudAddService - ok
15:50:12.0734 1448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:50:12.0734 1448 IntelIde - ok
15:50:12.0781 1448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:50:12.0781 1448 intelppm - ok
15:50:12.0828 1448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:50:12.0828 1448 Ip6Fw - ok
15:50:12.0859 1448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:50:12.0859 1448 IpFilterDriver - ok
15:50:12.0875 1448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:50:12.0875 1448 IpInIp - ok
15:50:12.0890 1448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:50:12.0890 1448 IpNat - ok
15:50:12.0906 1448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:50:12.0906 1448 IPSec - ok
15:50:12.0953 1448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:50:12.0953 1448 IRENUM - ok
15:50:12.0968 1448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:50:12.0968 1448 isapnp - ok
15:50:13.0093 1448 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
15:50:13.0109 1448 JavaQuickStarterService - ok
15:50:13.0109 1448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:50:13.0125 1448 Kbdclass - ok
15:50:13.0125 1448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:50:13.0125 1448 kbdhid - ok
15:50:13.0156 1448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:50:13.0156 1448 kmixer - ok
15:50:13.0171 1448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:50:13.0171 1448 KSecDD - ok
15:50:13.0218 1448 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:50:13.0218 1448 lanmanserver - ok
15:50:13.0234 1448 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:50:13.0234 1448 lanmanworkstation - ok
15:50:13.0265 1448 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:50:13.0265 1448 LmHosts - ok
15:50:13.0343 1448 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
15:50:13.0359 1448 LMIGuardianSvc - ok
15:50:13.0375 1448 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
15:50:13.0375 1448 LMIInfo - ok
15:50:13.0390 1448 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
15:50:13.0390 1448 LMIMaint - ok
15:50:13.0421 1448 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
15:50:13.0421 1448 LMImirr - ok
15:50:13.0437 1448 LMIRfsClientNP - ok
15:50:13.0468 1448 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
15:50:13.0468 1448 LMIRfsDriver - ok
15:50:13.0515 1448 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
15:50:13.0515 1448 LogMeIn - ok
15:50:13.0562 1448 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
15:50:13.0562 1448 MDM - ok
15:50:13.0578 1448 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:50:13.0593 1448 Messenger - ok
15:50:13.0703 1448 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:50:13.0703 1448 Microsoft Office Groove Audit Service - ok
15:50:13.0718 1448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:50:13.0718 1448 mnmdd - ok
15:50:13.0765 1448 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:50:13.0765 1448 mnmsrvc - ok
15:50:13.0796 1448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:50:13.0796 1448 Modem - ok
15:50:13.0812 1448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:50:13.0812 1448 Mouclass - ok
15:50:13.0859 1448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:50:13.0859 1448 mouhid - ok
15:50:13.0875 1448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:50:13.0875 1448 MountMgr - ok
15:50:13.0890 1448 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:50:13.0890 1448 MpFilter - ok
15:50:14.0171 1448 MpKslfc122aad (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92B3F1AC-6994-4585-8CA5-632A4EF4ADD7}\MpKslfc122aad.sys
15:50:14.0171 1448 MpKslfc122aad - ok
15:50:14.0250 1448 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:50:14.0250 1448 mraid35x - ok
15:50:14.0281 1448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:50:14.0281 1448 MRxDAV - ok
15:50:14.0312 1448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:50:14.0312 1448 MRxSmb - ok
15:50:14.0359 1448 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:50:14.0359 1448 MSDTC - ok
15:50:14.0375 1448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:50:14.0375 1448 Msfs - ok
15:50:14.0390 1448 MSIServer - ok
15:50:14.0421 1448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:50:14.0421 1448 MSKSSRV - ok
15:50:14.0453 1448 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:50:14.0453 1448 MsMpSvc - ok
15:50:14.0484 1448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:50:14.0484 1448 MSPCLOCK - ok
15:50:14.0500 1448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:50:14.0500 1448 MSPQM - ok
15:50:14.0515 1448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:50:14.0515 1448 mssmbios - ok
15:50:14.0546 1448 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:50:14.0546 1448 MSTEE - ok
15:50:14.0562 1448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:50:14.0562 1448 Mup - ok
15:50:14.0609 1448 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:50:14.0609 1448 NABTSFEC - ok
15:50:14.0656 1448 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:50:14.0656 1448 napagent - ok
15:50:14.0671 1448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:50:14.0671 1448 NDIS - ok
15:50:14.0687 1448 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:50:14.0687 1448 NdisIP - ok
15:50:14.0734 1448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:50:14.0734 1448 NdisTapi - ok
15:50:14.0750 1448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:50:14.0750 1448 Ndisuio - ok
15:50:14.0765 1448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:50:14.0765 1448 NdisWan - ok
15:50:14.0796 1448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:50:14.0796 1448 NDProxy - ok
15:50:14.0812 1448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:50:14.0812 1448 NetBIOS - ok
15:50:14.0843 1448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:50:14.0843 1448 NetBT - ok
15:50:14.0890 1448 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:50:14.0890 1448 NetDDE - ok
15:50:14.0906 1448 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:50:14.0906 1448 NetDDEdsdm - ok
15:50:14.0937 1448 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:50:14.0953 1448 Netlogon - ok
15:50:14.0984 1448 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:50:14.0984 1448 Netman - ok
15:50:15.0046 1448 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:50:15.0046 1448 NetTcpPortSharing - ok
15:50:15.0078 1448 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:50:15.0078 1448 Nla - ok
15:50:15.0093 1448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:50:15.0093 1448 Npfs - ok
15:50:15.0125 1448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:50:15.0140 1448 Ntfs - ok
15:50:15.0140 1448 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:50:15.0140 1448 NtLmSsp - ok
15:50:15.0187 1448 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:50:15.0203 1448 NtmsSvc - ok
15:50:15.0218 1448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:50:15.0218 1448 Null - ok
15:50:15.0281 1448 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:50:15.0312 1448 nv - ok
15:50:15.0328 1448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:50:15.0328 1448 NwlnkFlt - ok
15:50:15.0343 1448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:50:15.0343 1448 NwlnkFwd - ok
15:50:15.0484 1448 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:50:15.0484 1448 odserv - ok
15:50:15.0531 1448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:15.0531 1448 ose - ok
15:50:15.0687 1448 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:50:15.0750 1448 osppsvc - ok
15:50:15.0781 1448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:50:15.0781 1448 Parport - ok
15:50:15.0796 1448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:50:15.0796 1448 PartMgr - ok
15:50:15.0828 1448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:50:15.0828 1448 ParVdm - ok
15:50:15.0843 1448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:50:15.0843 1448 PCI - ok
15:50:15.0859 1448 PCIDump - ok
15:50:15.0875 1448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:50:15.0875 1448 PCIIde - ok
15:50:15.0906 1448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:50:15.0906 1448 Pcmcia - ok
15:50:15.0953 1448 PD0620VID (ea296b87ba381c640b441d95f90785f8) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
15:50:15.0953 1448 PD0620VID - ok
15:50:15.0953 1448 PDCOMP - ok
15:50:15.0984 1448 PDFRAME - ok
15:50:16.0000 1448 PDRELI - ok
15:50:16.0015 1448 PDRFRAME - ok
15:50:16.0031 1448 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:50:16.0031 1448 perc2 - ok
15:50:16.0062 1448 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:50:16.0062 1448 perc2hib - ok
15:50:16.0125 1448 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:50:16.0125 1448 PlugPlay - ok
15:50:16.0156 1448 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:50:16.0156 1448 PolicyAgent - ok
15:50:16.0187 1448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:50:16.0187 1448 PptpMiniport - ok
15:50:16.0203 1448 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:50:16.0203 1448 ProtectedStorage - ok
15:50:16.0218 1448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:50:16.0218 1448 PSched - ok
15:50:16.0234 1448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:50:16.0234 1448 Ptilink - ok
15:50:16.0265 1448 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:50:16.0265 1448 PxHelp20 - ok
15:50:16.0281 1448 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:50:16.0281 1448 ql1080 - ok
15:50:16.0296 1448 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:50:16.0296 1448 Ql10wnt - ok
15:50:16.0312 1448 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:50:16.0312 1448 ql12160 - ok
15:50:16.0328 1448 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:50:16.0328 1448 ql1240 - ok
15:50:16.0343 1448 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:50:16.0343 1448 ql1280 - ok
15:50:16.0375 1448 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys
15:50:16.0375 1448 radpms - ok
15:50:16.0406 1448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:50:16.0406 1448 RasAcd - ok
15:50:16.0421 1448 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:50:16.0421 1448 RasAuto - ok
15:50:16.0453 1448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:50:16.0453 1448 Rasl2tp - ok
15:50:16.0500 1448 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:50:16.0500 1448 RasMan - ok
15:50:16.0500 1448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:50:16.0500 1448 RasPppoe - ok
15:50:16.0515 1448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:50:16.0515 1448 Raspti - ok
15:50:16.0546 1448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:50:16.0546 1448 Rdbss - ok
15:50:16.0562 1448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:50:16.0562 1448 RDPCDD - ok
15:50:16.0578 1448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:50:16.0593 1448 rdpdr - ok
15:50:16.0640 1448 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:50:16.0640 1448 RDPWD - ok
15:50:16.0656 1448 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:50:16.0656 1448 RDSessMgr - ok
15:50:16.0671 1448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:50:16.0671 1448 redbook - ok
15:50:16.0718 1448 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:50:16.0718 1448 RemoteAccess - ok
15:50:16.0750 1448 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:50:16.0750 1448 RemoteRegistry - ok
15:50:16.0765 1448 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:50:16.0765 1448 RpcLocator - ok
15:50:16.0812 1448 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:50:16.0812 1448 RpcSs - ok
15:50:16.0843 1448 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:50:16.0843 1448 RSVP - ok
15:50:16.0875 1448 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:50:16.0875 1448 SamSs - ok
15:50:16.0968 1448 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:50:16.0968 1448 SASDIFSV - ok
15:50:16.0984 1448 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:50:16.0984 1448 SASKUTIL - ok
15:50:17.0000 1448 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:50:17.0000 1448 SCardSvr - ok
15:50:17.0031 1448 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:50:17.0046 1448 Schedule - ok
15:50:17.0078 1448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:50:17.0078 1448 Secdrv - ok
15:50:17.0109 1448 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:50:17.0109 1448 seclogon - ok
15:50:17.0125 1448 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:50:17.0140 1448 SENS - ok
15:50:17.0171 1448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:50:17.0171 1448 serenum - ok
15:50:17.0187 1448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:50:17.0187 1448 Serial - ok
15:50:17.0234 1448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:50:17.0234 1448 Sfloppy - ok
15:50:17.0250 1448 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:50:17.0265 1448 SharedAccess - ok
15:50:17.0296 1448 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:50:17.0296 1448 ShellHWDetection - ok
15:50:17.0312 1448 Simbad - ok
15:50:17.0359 1448 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:50:17.0359 1448 sisagp - ok
15:50:17.0375 1448 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:50:17.0375 1448 SLIP - ok
15:50:17.0421 1448 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
15:50:17.0437 1448 smwdm - ok
15:50:17.0453 1448 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:50:17.0453 1448 Sparrow - ok
15:50:17.0484 1448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:50:17.0484 1448 splitter - ok
15:50:17.0515 1448 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:50:17.0515 1448 Spooler - ok
15:50:17.0546 1448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:50:17.0546 1448 sr - ok
15:50:17.0578 1448 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:50:17.0578 1448 srservice - ok
15:50:17.0609 1448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:50:17.0609 1448 Srv - ok
15:50:17.0656 1448 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:50:17.0656 1448 SSDPSRV - ok
15:50:17.0671 1448 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:50:17.0671 1448 stisvc - ok
15:50:17.0703 1448 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:50:17.0703 1448 streamip - ok
15:50:17.0734 1448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:50:17.0734 1448 swenum - ok
15:50:17.0750 1448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:50:17.0750 1448 swmidi - ok
15:50:17.0765 1448 SwPrv - ok
15:50:17.0796 1448 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:50:17.0796 1448 symc810 - ok
15:50:17.0812 1448 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:50:17.0812 1448 symc8xx - ok
15:50:17.0828 1448 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:50:17.0828 1448 sym_hi - ok
15:50:17.0843 1448 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:50:17.0843 1448 sym_u3 - ok
15:50:17.0906 1448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:50:17.0906 1448 sysaudio - ok
15:50:17.0921 1448 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:50:17.0921 1448 SysmonLog - ok
15:50:17.0937 1448 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:50:17.0937 1448 TapiSrv - ok
15:50:17.0968 1448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:50:17.0968 1448 Tcpip - ok
15:50:17.0984 1448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:50:18.0000 1448 TDPIPE - ok
15:50:18.0015 1448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:50:18.0015 1448 TDTCP - ok
15:50:18.0031 1448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:50:18.0031 1448 TermDD - ok
15:50:18.0062 1448 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:50:18.0062 1448 TermService - ok
15:50:18.0109 1448 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:50:18.0109 1448 Themes - ok
15:50:18.0140 1448 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:50:18.0140 1448 TlntSvr - ok
15:50:18.0156 1448 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:50:18.0156 1448 TosIde - ok
15:50:18.0187 1448 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:50:18.0187 1448 TrkWks - ok
15:50:18.0218 1448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:50:18.0218 1448 Udfs - ok
15:50:18.0234 1448 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:50:18.0234 1448 ultra - ok
15:50:18.0281 1448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:50:18.0296 1448 Update - ok
15:50:18.0312 1448 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:50:18.0312 1448 upnphost - ok
15:50:18.0328 1448 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:50:18.0328 1448 UPS - ok
15:50:18.0375 1448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:50:18.0375 1448 usbehci - ok
15:50:18.0390 1448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:50:18.0390 1448 usbhub - ok
15:50:18.0421 1448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:50:18.0421 1448 usbprint - ok
15:50:18.0437 1448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:50:18.0437 1448 usbscan - ok
15:50:18.0468 1448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:50:18.0468 1448 USBSTOR - ok
15:50:18.0500 1448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:50:18.0500 1448 usbuhci - ok
15:50:18.0546 1448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:50:18.0546 1448 VgaSave - ok
15:50:18.0578 1448 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:50:18.0578 1448 viaagp - ok
15:50:18.0593 1448 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:50:18.0593 1448 ViaIde - ok
15:50:18.0671 1448 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
15:50:18.0671 1448 Viewpoint Manager Service - ok
15:50:18.0671 1448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:50:18.0671 1448 VolSnap - ok
15:50:18.0734 1448 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:50:18.0734 1448 VSS - ok
15:50:18.0765 1448 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:50:18.0781 1448 w32time - ok
15:50:18.0828 1448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:50:18.0828 1448 Wanarp - ok
15:50:18.0843 1448 WDICA - ok
15:50:18.0890 1448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:50:18.0890 1448 wdmaud - ok
15:50:18.0921 1448 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:50:18.0921 1448 WebClient - ok
15:50:18.0984 1448 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:50:18.0984 1448 winmgmt - ok
15:50:19.0078 1448 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:50:19.0078 1448 WmdmPmSN - ok
15:50:19.0125 1448 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:50:19.0125 1448 Wmi - ok
15:50:19.0156 1448 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:50:19.0156 1448 WmiApSrv - ok
15:50:19.0234 1448 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:50:19.0250 1448 WMPNetworkSvc - ok
15:50:19.0265 1448 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:50:19.0281 1448 WS2IFSL - ok
15:50:19.0296 1448 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:50:19.0296 1448 wscsvc - ok
15:50:19.0343 1448 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:50:19.0343 1448 WSTCODEC - ok
15:50:19.0359 1448 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:50:19.0359 1448 wuauserv - ok
15:50:19.0390 1448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:50:19.0390 1448 WudfPf - ok
15:50:19.0406 1448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:50:19.0406 1448 WudfRd - ok
15:50:19.0437 1448 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:50:19.0453 1448 WudfSvc - ok
15:50:19.0484 1448 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:50:19.0484 1448 WZCSVC - ok
15:50:19.0515 1448 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:50:19.0515 1448 xmlprov - ok
15:50:19.0562 1448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:50:19.0734 1448 \Device\Harddisk0\DR0 - ok
15:50:19.0750 1448 Boot (0x1200) (dbfac8ec8a1d82b87ee989871ca86ae1) \Device\Harddisk0\DR0\Partition0
15:50:19.0750 1448 \Device\Harddisk0\DR0\Partition0 - ok
15:50:19.0750 1448 ============================================================
15:50:19.0750 1448 Scan finished
15:50:19.0750 1448 ============================================================
15:50:19.0796 3924 Detected object count: 1
15:50:19.0796 3924 Actual detected object count: 1
15:50:33.0968 3924 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
15:50:36.0281 3924 Backup copy found, using it..
15:50:36.0312 3924 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
15:50:36.0312 3924 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
15:51:43.0015 3112 Deinitialize success


===== MalwareBytes' Logs =====


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JEANNE :: MSL3-EXEC2 [administrator]

3/24/2012 11:55:54 AM
mbam-log-2012-03-24 (11-55-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257793
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:34 PM

Posted 24 March 2012 - 03:07 PM

Hi

Ok lets check for any residual malware:

Step 1


Please rerun TDSSkiller as per my earlier post - link
Post the log in your reply.

Step 2

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation. For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.

Step 3


ESET Online Scanner: Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here. Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Edited by dev00790, 24 March 2012 - 03:08 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 driven13

driven13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 25 March 2012 - 12:58 AM

Hello dev00790.

I have run both TDSSKiller and SUPERAntiSpyware. The log files are posted below.

The log from ESET Online Scanner is also posted below.

Let me know if there is anything else I need to do.

Thanx again.

--d.

====== TDSSKiller Logs ======


00:14:19.0750 1228 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
00:14:20.0015 1228 ============================================================
00:14:20.0015 1228 Current date / time: 2012/03/25 00:14:20.0015
00:14:20.0015 1228 SystemInfo:
00:14:20.0015 1228
00:14:20.0015 1228 OS Version: 5.1.2600 ServicePack: 3.0
00:14:20.0015 1228 Product type: Workstation
00:14:20.0015 1228 ComputerName: MSL3-EXEC2
00:14:20.0015 1228 UserName: JEANNE
00:14:20.0015 1228 Windows directory: C:\WINDOWS
00:14:20.0015 1228 System windows directory: C:\WINDOWS
00:14:20.0015 1228 Processor architecture: Intel x86
00:14:20.0015 1228 Number of processors: 2
00:14:20.0015 1228 Page size: 0x1000
00:14:20.0015 1228 Boot type: Normal boot
00:14:20.0015 1228 ============================================================
00:14:21.0703 1228 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:14:21.0718 1228 \Device\Harddisk0\DR0:
00:14:21.0718 1228 MBR used
00:14:21.0718 1228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x2541DBBD
00:14:21.0812 1228 Initialize success
00:14:21.0812 1228 ============================================================
00:14:29.0218 1448 ============================================================
00:14:29.0218 1448 Scan started
00:14:29.0218 1448 Mode: Manual;
00:14:29.0218 1448 ============================================================
00:14:29.0625 1448 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:14:29.0625 1448 !SASCORE - ok
00:14:29.0750 1448 Abiosdsk - ok
00:14:29.0796 1448 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:14:29.0796 1448 abp480n5 - ok
00:14:29.0828 1448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:14:29.0828 1448 ACPI - ok
00:14:29.0859 1448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:14:29.0859 1448 ACPIEC - ok
00:14:29.0875 1448 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:14:29.0875 1448 adpu160m - ok
00:14:29.0890 1448 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
00:14:29.0906 1448 aeaudio - ok
00:14:29.0921 1448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:14:29.0937 1448 aec - ok
00:14:29.0984 1448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:14:29.0984 1448 AFD - ok
00:14:30.0015 1448 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:14:30.0015 1448 agp440 - ok
00:14:30.0062 1448 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:14:30.0062 1448 agpCPQ - ok
00:14:30.0078 1448 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:14:30.0078 1448 Aha154x - ok
00:14:30.0093 1448 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:14:30.0093 1448 aic78u2 - ok
00:14:30.0109 1448 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:14:30.0109 1448 aic78xx - ok
00:14:30.0156 1448 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:14:30.0156 1448 Alerter - ok
00:14:30.0171 1448 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:14:30.0171 1448 ALG - ok
00:14:30.0187 1448 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:14:30.0187 1448 AliIde - ok
00:14:30.0218 1448 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:14:30.0218 1448 alim1541 - ok
00:14:30.0234 1448 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:14:30.0234 1448 amdagp - ok
00:14:30.0234 1448 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:14:30.0234 1448 amsint - ok
00:14:30.0281 1448 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:14:30.0296 1448 AppMgmt - ok
00:14:30.0296 1448 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:14:30.0296 1448 asc - ok
00:14:30.0312 1448 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:14:30.0312 1448 asc3350p - ok
00:14:30.0328 1448 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:14:30.0328 1448 asc3550 - ok
00:14:30.0437 1448 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:14:30.0468 1448 aspnet_state - ok
00:14:30.0500 1448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:14:30.0500 1448 AsyncMac - ok
00:14:30.0531 1448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:14:30.0531 1448 atapi - ok
00:14:30.0546 1448 Atdisk - ok
00:14:30.0578 1448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:14:30.0578 1448 Atmarpc - ok
00:14:30.0609 1448 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:14:30.0609 1448 AudioSrv - ok
00:14:30.0625 1448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:14:30.0625 1448 audstub - ok
00:14:30.0656 1448 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
00:14:30.0656 1448 BANTExt - ok
00:14:30.0687 1448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:14:30.0687 1448 Beep - ok
00:14:30.0703 1448 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:14:30.0796 1448 BITS - ok
00:14:30.0812 1448 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:14:30.0812 1448 Browser - ok
00:14:30.0859 1448 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
00:14:30.0875 1448 BrPar - ok
00:14:30.0875 1448 catchme - ok
00:14:30.0906 1448 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:14:30.0906 1448 cbidf - ok
00:14:30.0921 1448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:14:30.0921 1448 cbidf2k - ok
00:14:30.0953 1448 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:14:30.0953 1448 CCDECODE - ok
00:14:30.0984 1448 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:14:30.0984 1448 cd20xrnt - ok
00:14:30.0984 1448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:14:31.0000 1448 Cdaudio - ok
00:14:31.0031 1448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:14:31.0031 1448 Cdfs - ok
00:14:31.0046 1448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:14:31.0046 1448 Cdrom - ok
00:14:31.0062 1448 Changer - ok
00:14:31.0093 1448 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:14:31.0093 1448 CiSvc - ok
00:14:31.0109 1448 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:14:31.0109 1448 ClipSrv - ok
00:14:31.0156 1448 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:14:31.0187 1448 clr_optimization_v2.0.50727_32 - ok
00:14:31.0203 1448 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:14:31.0203 1448 CmdIde - ok
00:14:31.0218 1448 COMSysApp - ok
00:14:31.0250 1448 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:14:31.0250 1448 Cpqarray - ok
00:14:31.0390 1448 cpuz134 - ok
00:14:31.0421 1448 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:14:31.0421 1448 CryptSvc - ok
00:14:31.0453 1448 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:14:31.0453 1448 dac2w2k - ok
00:14:31.0468 1448 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:14:31.0468 1448 dac960nt - ok
00:14:31.0515 1448 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:14:31.0515 1448 DcomLaunch - ok
00:14:31.0531 1448 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:14:31.0531 1448 Dhcp - ok
00:14:31.0546 1448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:14:31.0546 1448 Disk - ok
00:14:31.0562 1448 dmadmin - ok
00:14:31.0609 1448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:14:31.0625 1448 dmboot - ok
00:14:31.0625 1448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:14:31.0625 1448 dmio - ok
00:14:31.0640 1448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:14:31.0640 1448 dmload - ok
00:14:31.0671 1448 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:14:31.0671 1448 dmserver - ok
00:14:31.0718 1448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:14:31.0718 1448 DMusic - ok
00:14:31.0734 1448 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:14:31.0734 1448 Dnscache - ok
00:14:31.0796 1448 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:14:31.0796 1448 Dot3svc - ok
00:14:31.0875 1448 DpHost (32dffb0f96f0978606bc1043b50d54cd) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
00:14:31.0937 1448 DpHost - ok
00:14:31.0953 1448 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:14:31.0953 1448 dpti2o - ok
00:14:31.0968 1448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:14:31.0968 1448 drmkaud - ok
00:14:31.0984 1448 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:14:31.0984 1448 E100B - ok
00:14:32.0031 1448 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
00:14:32.0031 1448 e1express - ok
00:14:32.0062 1448 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:14:32.0078 1448 EapHost - ok
00:14:32.0109 1448 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:14:32.0109 1448 ERSvc - ok
00:14:32.0140 1448 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:14:32.0156 1448 Eventlog - ok
00:14:32.0203 1448 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:14:32.0218 1448 EventSystem - ok
00:14:32.0250 1448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:14:32.0250 1448 Fastfat - ok
00:14:32.0296 1448 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:14:32.0312 1448 FastUserSwitchingCompatibility - ok
00:14:32.0343 1448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:14:32.0343 1448 Fdc - ok
00:14:32.0375 1448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:14:32.0375 1448 Fips - ok
00:14:32.0390 1448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:14:32.0390 1448 Flpydisk - ok
00:14:32.0437 1448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:14:32.0437 1448 FltMgr - ok
00:14:32.0515 1448 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:14:32.0515 1448 FontCache3.0.0.0 - ok
00:14:32.0531 1448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:14:32.0531 1448 Fs_Rec - ok
00:14:32.0562 1448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:14:32.0562 1448 Ftdisk - ok
00:14:32.0593 1448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:14:32.0593 1448 Gpc - ok
00:14:32.0671 1448 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:14:32.0671 1448 gupdate - ok
00:14:32.0687 1448 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:14:32.0687 1448 gupdatem - ok
00:14:32.0734 1448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:14:32.0750 1448 gusvc - ok
00:14:32.0781 1448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:14:32.0781 1448 HDAudBus - ok
00:14:32.0828 1448 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:14:32.0828 1448 helpsvc - ok
00:14:32.0828 1448 HidServ - ok
00:14:32.0859 1448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:14:32.0859 1448 HidUsb - ok
00:14:32.0906 1448 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:14:32.0906 1448 hkmsvc - ok
00:14:32.0953 1448 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:14:32.0953 1448 hpn - ok
00:14:32.0984 1448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:14:33.0000 1448 HTTP - ok
00:14:33.0031 1448 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:14:33.0031 1448 HTTPFilter - ok
00:14:33.0062 1448 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:14:33.0062 1448 i2omgmt - ok
00:14:33.0093 1448 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:14:33.0093 1448 i2omp - ok
00:14:33.0109 1448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:14:33.0109 1448 i8042prt - ok
00:14:33.0156 1448 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:14:33.0187 1448 ialm - ok
00:14:33.0250 1448 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:14:33.0265 1448 idsvc - ok
00:14:33.0281 1448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:14:33.0281 1448 Imapi - ok
00:14:33.0328 1448 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:14:33.0328 1448 ImapiService - ok
00:14:33.0359 1448 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:14:33.0359 1448 ini910u - ok
00:14:33.0468 1448 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:14:33.0484 1448 IntcAzAudAddService - ok
00:14:33.0515 1448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:14:33.0515 1448 IntelIde - ok
00:14:33.0562 1448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:14:33.0562 1448 intelppm - ok
00:14:33.0578 1448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:14:33.0578 1448 Ip6Fw - ok
00:14:33.0609 1448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:14:33.0609 1448 IpFilterDriver - ok
00:14:33.0625 1448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:14:33.0625 1448 IpInIp - ok
00:14:33.0640 1448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:14:33.0640 1448 IpNat - ok
00:14:33.0656 1448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:14:33.0656 1448 IPSec - ok
00:14:33.0671 1448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:14:33.0671 1448 IRENUM - ok
00:14:33.0687 1448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:14:33.0703 1448 isapnp - ok
00:14:33.0859 1448 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
00:14:33.0859 1448 JavaQuickStarterService - ok
00:14:33.0890 1448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:14:33.0890 1448 Kbdclass - ok
00:14:33.0906 1448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:14:33.0906 1448 kbdhid - ok
00:14:33.0937 1448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:14:33.0937 1448 kmixer - ok
00:14:33.0953 1448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:14:33.0953 1448 KSecDD - ok
00:14:33.0984 1448 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:14:33.0984 1448 lanmanserver - ok
00:14:34.0000 1448 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:14:34.0015 1448 lanmanworkstation - ok
00:14:34.0046 1448 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:14:34.0046 1448 LmHosts - ok
00:14:34.0125 1448 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
00:14:34.0125 1448 LMIGuardianSvc - ok
00:14:34.0140 1448 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
00:14:34.0140 1448 LMIInfo - ok
00:14:34.0156 1448 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
00:14:34.0171 1448 LMIMaint - ok
00:14:34.0203 1448 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
00:14:34.0203 1448 LMImirr - ok
00:14:34.0218 1448 LMIRfsClientNP - ok
00:14:34.0234 1448 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
00:14:34.0234 1448 LMIRfsDriver - ok
00:14:34.0281 1448 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
00:14:34.0281 1448 LogMeIn - ok
00:14:34.0312 1448 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
00:14:34.0328 1448 MDM - ok
00:14:34.0343 1448 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:14:34.0343 1448 Messenger - ok
00:14:34.0453 1448 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:14:34.0468 1448 Microsoft Office Groove Audit Service - ok
00:14:34.0500 1448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:14:34.0500 1448 mnmdd - ok
00:14:34.0546 1448 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:14:34.0546 1448 mnmsrvc - ok
00:14:34.0562 1448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:14:34.0562 1448 Modem - ok
00:14:34.0593 1448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:14:34.0593 1448 Mouclass - ok
00:14:34.0640 1448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:14:34.0640 1448 mouhid - ok
00:14:34.0640 1448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:14:34.0640 1448 MountMgr - ok
00:14:34.0687 1448 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:14:34.0687 1448 MpFilter - ok
00:14:34.0812 1448 MpKsle3c18e5f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92B3F1AC-6994-4585-8CA5-632A4EF4ADD7}\MpKsle3c18e5f.sys
00:14:34.0812 1448 MpKsle3c18e5f - ok
00:14:34.0859 1448 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:14:34.0859 1448 mraid35x - ok
00:14:34.0890 1448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:14:34.0890 1448 MRxDAV - ok
00:14:34.0921 1448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:14:34.0921 1448 MRxSmb - ok
00:14:34.0953 1448 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:14:34.0953 1448 MSDTC - ok
00:14:34.0984 1448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:14:34.0984 1448 Msfs - ok
00:14:35.0000 1448 MSIServer - ok
00:14:35.0015 1448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:14:35.0031 1448 MSKSSRV - ok
00:14:35.0093 1448 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:14:35.0093 1448 MsMpSvc - ok
00:14:35.0109 1448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:14:35.0109 1448 MSPCLOCK - ok
00:14:35.0140 1448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:14:35.0140 1448 MSPQM - ok
00:14:35.0171 1448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:14:35.0171 1448 mssmbios - ok
00:14:35.0203 1448 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:14:35.0203 1448 MSTEE - ok
00:14:35.0234 1448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:14:35.0234 1448 Mup - ok
00:14:35.0265 1448 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:14:35.0265 1448 NABTSFEC - ok
00:14:35.0328 1448 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:14:35.0328 1448 napagent - ok
00:14:35.0343 1448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:14:35.0343 1448 NDIS - ok
00:14:35.0359 1448 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:14:35.0359 1448 NdisIP - ok
00:14:35.0390 1448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:14:35.0390 1448 NdisTapi - ok
00:14:35.0406 1448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:14:35.0421 1448 Ndisuio - ok
00:14:35.0421 1448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:14:35.0421 1448 NdisWan - ok
00:14:35.0453 1448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:14:35.0453 1448 NDProxy - ok
00:14:35.0468 1448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:14:35.0468 1448 NetBIOS - ok
00:14:35.0515 1448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:14:35.0515 1448 NetBT - ok
00:14:35.0546 1448 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:14:35.0546 1448 NetDDE - ok
00:14:35.0562 1448 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:14:35.0562 1448 NetDDEdsdm - ok
00:14:35.0609 1448 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:14:35.0609 1448 Netlogon - ok
00:14:35.0640 1448 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:14:35.0656 1448 Netman - ok
00:14:35.0703 1448 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:14:35.0718 1448 NetTcpPortSharing - ok
00:14:35.0734 1448 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:14:35.0750 1448 Nla - ok
00:14:35.0750 1448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:14:35.0750 1448 Npfs - ok
00:14:35.0781 1448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:14:35.0796 1448 Ntfs - ok
00:14:35.0812 1448 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:14:35.0812 1448 NtLmSsp - ok
00:14:35.0859 1448 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:14:35.0859 1448 NtmsSvc - ok
00:14:35.0890 1448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:14:35.0890 1448 Null - ok
00:14:35.0953 1448 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:14:35.0984 1448 nv - ok
00:14:36.0000 1448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:14:36.0000 1448 NwlnkFlt - ok
00:14:36.0015 1448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:14:36.0015 1448 NwlnkFwd - ok
00:14:36.0156 1448 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:14:36.0171 1448 odserv - ok
00:14:36.0203 1448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:14:36.0203 1448 ose - ok
00:14:36.0359 1448 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:14:36.0453 1448 osppsvc - ok
00:14:36.0515 1448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:14:36.0515 1448 Parport - ok
00:14:36.0515 1448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:14:36.0515 1448 PartMgr - ok
00:14:36.0546 1448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:14:36.0546 1448 ParVdm - ok
00:14:36.0593 1448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:14:36.0593 1448 PCI - ok
00:14:36.0609 1448 PCIDump - ok
00:14:36.0625 1448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:14:36.0625 1448 PCIIde - ok
00:14:36.0656 1448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:14:36.0671 1448 Pcmcia - ok
00:14:36.0703 1448 PD0620VID (ea296b87ba381c640b441d95f90785f8) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
00:14:36.0703 1448 PD0620VID - ok
00:14:36.0718 1448 PDCOMP - ok
00:14:36.0734 1448 PDFRAME - ok
00:14:36.0750 1448 PDRELI - ok
00:14:36.0765 1448 PDRFRAME - ok
00:14:36.0796 1448 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:14:36.0796 1448 perc2 - ok
00:14:36.0812 1448 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:14:36.0812 1448 perc2hib - ok
00:14:36.0890 1448 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:14:36.0890 1448 PlugPlay - ok
00:14:36.0906 1448 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:14:36.0921 1448 PolicyAgent - ok
00:14:36.0953 1448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:14:36.0953 1448 PptpMiniport - ok
00:14:36.0968 1448 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:14:36.0968 1448 ProtectedStorage - ok
00:14:36.0984 1448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:14:36.0984 1448 PSched - ok
00:14:37.0015 1448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:14:37.0015 1448 Ptilink - ok
00:14:37.0031 1448 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:14:37.0031 1448 PxHelp20 - ok
00:14:37.0062 1448 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:14:37.0078 1448 ql1080 - ok
00:14:37.0093 1448 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:14:37.0093 1448 Ql10wnt - ok
00:14:37.0109 1448 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:14:37.0109 1448 ql12160 - ok
00:14:37.0125 1448 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:14:37.0125 1448 ql1240 - ok
00:14:37.0140 1448 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:14:37.0140 1448 ql1280 - ok
00:14:37.0171 1448 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys
00:14:37.0171 1448 radpms - ok
00:14:37.0187 1448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:14:37.0203 1448 RasAcd - ok
00:14:37.0234 1448 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:14:37.0234 1448 RasAuto - ok
00:14:37.0250 1448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:14:37.0250 1448 Rasl2tp - ok
00:14:37.0296 1448 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:14:37.0296 1448 RasMan - ok
00:14:37.0312 1448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:14:37.0312 1448 RasPppoe - ok
00:14:37.0328 1448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:14:37.0328 1448 Raspti - ok
00:14:37.0359 1448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:14:37.0359 1448 Rdbss - ok
00:14:37.0375 1448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:14:37.0375 1448 RDPCDD - ok
00:14:37.0390 1448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:14:37.0406 1448 rdpdr - ok
00:14:37.0453 1448 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:14:37.0453 1448 RDPWD - ok
00:14:37.0468 1448 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:14:37.0484 1448 RDSessMgr - ok
00:14:37.0500 1448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:14:37.0500 1448 redbook - ok
00:14:37.0546 1448 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:14:37.0546 1448 RemoteAccess - ok
00:14:37.0593 1448 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:14:37.0593 1448 RemoteRegistry - ok
00:14:37.0593 1448 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:14:37.0609 1448 RpcLocator - ok
00:14:37.0656 1448 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:14:37.0656 1448 RpcSs - ok
00:14:37.0671 1448 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:14:37.0671 1448 RSVP - ok
00:14:37.0718 1448 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:14:37.0718 1448 SamSs - ok
00:14:37.0812 1448 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:14:37.0812 1448 SASDIFSV - ok
00:14:37.0843 1448 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:14:37.0843 1448 SASKUTIL - ok
00:14:37.0843 1448 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:14:37.0843 1448 SCardSvr - ok
00:14:37.0890 1448 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:14:37.0890 1448 Schedule - ok
00:14:37.0921 1448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:14:37.0921 1448 Secdrv - ok
00:14:37.0968 1448 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:14:37.0968 1448 seclogon - ok
00:14:37.0984 1448 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:14:37.0984 1448 SENS - ok
00:14:38.0015 1448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:14:38.0015 1448 serenum - ok
00:14:38.0046 1448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:14:38.0046 1448 Serial - ok
00:14:38.0125 1448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:14:38.0125 1448 Sfloppy - ok
00:14:38.0156 1448 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:14:38.0156 1448 SharedAccess - ok
00:14:38.0203 1448 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:14:38.0203 1448 ShellHWDetection - ok
00:14:38.0218 1448 Simbad - ok
00:14:38.0250 1448 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:14:38.0250 1448 sisagp - ok
00:14:38.0281 1448 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:14:38.0281 1448 SLIP - ok
00:14:38.0312 1448 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
00:14:38.0328 1448 smwdm - ok
00:14:38.0375 1448 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:14:38.0375 1448 Sparrow - ok
00:14:38.0390 1448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:14:38.0390 1448 splitter - ok
00:14:38.0437 1448 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:14:38.0437 1448 Spooler - ok
00:14:38.0453 1448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:14:38.0453 1448 sr - ok
00:14:38.0500 1448 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:14:38.0500 1448 srservice - ok
00:14:38.0531 1448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:14:38.0531 1448 Srv - ok
00:14:38.0562 1448 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:14:38.0578 1448 SSDPSRV - ok
00:14:38.0593 1448 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:14:38.0593 1448 stisvc - ok
00:14:38.0625 1448 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:14:38.0625 1448 streamip - ok
00:14:38.0640 1448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:14:38.0640 1448 swenum - ok
00:14:38.0656 1448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:14:38.0671 1448 swmidi - ok
00:14:38.0671 1448 SwPrv - ok
00:14:38.0718 1448 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:14:38.0718 1448 symc810 - ok
00:14:38.0734 1448 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:14:38.0734 1448 symc8xx - ok
00:14:38.0750 1448 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:14:38.0750 1448 sym_hi - ok
00:14:38.0765 1448 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:14:38.0765 1448 sym_u3 - ok
00:14:38.0796 1448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:14:38.0796 1448 sysaudio - ok
00:14:38.0828 1448 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:14:38.0828 1448 SysmonLog - ok
00:14:38.0843 1448 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:14:38.0843 1448 TapiSrv - ok
00:14:38.0875 1448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:14:38.0875 1448 Tcpip - ok
00:14:38.0890 1448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:14:38.0890 1448 TDPIPE - ok
00:14:38.0921 1448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:14:38.0921 1448 TDTCP - ok
00:14:38.0937 1448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:14:38.0937 1448 TermDD - ok
00:14:38.0953 1448 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:14:38.0968 1448 TermService - ok
00:14:39.0015 1448 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:14:39.0015 1448 Themes - ok
00:14:39.0031 1448 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:14:39.0046 1448 TlntSvr - ok
00:14:39.0062 1448 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:14:39.0062 1448 TosIde - ok
00:14:39.0093 1448 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:14:39.0093 1448 TrkWks - ok
00:14:39.0140 1448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:14:39.0140 1448 Udfs - ok
00:14:39.0140 1448 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:14:39.0140 1448 ultra - ok
00:14:39.0203 1448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:14:39.0203 1448 Update - ok
00:14:39.0234 1448 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:14:39.0234 1448 upnphost - ok
00:14:39.0234 1448 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:14:39.0250 1448 UPS - ok
00:14:39.0281 1448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:14:39.0281 1448 usbehci - ok
00:14:39.0296 1448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:14:39.0296 1448 usbhub - ok
00:14:39.0328 1448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:14:39.0328 1448 usbprint - ok
00:14:39.0343 1448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:14:39.0343 1448 usbscan - ok
00:14:39.0375 1448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:14:39.0375 1448 USBSTOR - ok
00:14:39.0421 1448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:14:39.0421 1448 usbuhci - ok
00:14:39.0437 1448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:14:39.0437 1448 VgaSave - ok
00:14:39.0468 1448 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:14:39.0468 1448 viaagp - ok
00:14:39.0468 1448 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:14:39.0484 1448 ViaIde - ok
00:14:39.0546 1448 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
00:14:39.0546 1448 Viewpoint Manager Service - ok
00:14:39.0578 1448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:14:39.0578 1448 VolSnap - ok
00:14:39.0609 1448 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:14:39.0625 1448 VSS - ok
00:14:39.0656 1448 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:14:39.0656 1448 w32time - ok
00:14:39.0718 1448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:14:39.0718 1448 Wanarp - ok
00:14:39.0718 1448 WDICA - ok
00:14:39.0765 1448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:14:39.0765 1448 wdmaud - ok
00:14:39.0812 1448 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:14:39.0812 1448 WebClient - ok
00:14:39.0859 1448 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:14:39.0859 1448 winmgmt - ok
00:14:39.0968 1448 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:14:39.0968 1448 WmdmPmSN - ok
00:14:40.0015 1448 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:14:40.0031 1448 Wmi - ok
00:14:40.0078 1448 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:14:40.0078 1448 WmiApSrv - ok
00:14:40.0156 1448 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:14:40.0171 1448 WMPNetworkSvc - ok
00:14:40.0203 1448 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:14:40.0203 1448 WS2IFSL - ok
00:14:40.0218 1448 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:14:40.0234 1448 wscsvc - ok
00:14:40.0250 1448 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:14:40.0250 1448 WSTCODEC - ok
00:14:40.0281 1448 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:14:40.0281 1448 wuauserv - ok
00:14:40.0312 1448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:14:40.0312 1448 WudfPf - ok
00:14:40.0312 1448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:14:40.0328 1448 WudfRd - ok
00:14:40.0343 1448 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:14:40.0343 1448 WudfSvc - ok
00:14:40.0390 1448 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:14:40.0406 1448 WZCSVC - ok
00:14:40.0437 1448 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:14:40.0437 1448 xmlprov - ok
00:14:40.0500 1448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:14:40.0671 1448 \Device\Harddisk0\DR0 - ok
00:14:40.0671 1448 Boot (0x1200) (dbfac8ec8a1d82b87ee989871ca86ae1) \Device\Harddisk0\DR0\Partition0
00:14:40.0671 1448 \Device\Harddisk0\DR0\Partition0 - ok
00:14:40.0703 1448 ============================================================
00:14:40.0703 1448 Scan finished
00:14:40.0703 1448 ============================================================
00:14:40.0718 0576 Detected object count: 0
00:14:40.0718 0576 Actual detected object count: 0
00:14:44.0921 2764 Deinitialize success


====== SUPERAntiSpyware Logs ======


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/25/2012 at 00:59 AM

Application Version : 5.0.1146

Core Rules Database Version : 8377
Trace Rules Database Version: 6189

Scan type : Complete Scan
Total Scan Time : 00:35:13

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 35680
Registry threats detected : 0
File items scanned : 41817
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\JEANNIE\Cookies\7OTDGIUA.txt [ /kaspersky.122.2o7.net ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\JEANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H8Q4WG3Z.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JEANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H8Q4WG3Z.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JEANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H8Q4WG3Z.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JEANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H8Q4WG3Z.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JEANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H8Q4WG3Z.DEFAULT\COOKIES.SQLITE ]


====== ESET Online Scanner Logs ======


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=79091b5b7a715a49bc11eab87585f0ad
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-25 05:55:08
# local_time=2012-03-25 01:55:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 0 28583846 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=87478
# found=8
# cleaned=0
# scan_time=2332
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\8f9323\6221.mof.vir Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP775\A0053957.mof Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Toolbar.SearchSuite application 00000000000000000000000000000000 I



#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:34 PM

Posted 25 March 2012 - 04:14 PM

Hi driven13,

One malicious process is running in memory according to the ESET log. I need some more information before we can stop and remove it.

Step 1

  • Press start, then in the "Run" box type "cmd" and press enter
  • In the black command prompt window that appears please type the following:

    tasklist > c:\tasklist_log.txt

Press enter, wait a few seconds, then type "exit".

Step 2

Post the contents of the text file named "tasklist_log" located in the root of your c:\ drive in your next reply

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 driven13

driven13
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 25 March 2012 - 04:24 PM

Hello dev00790.

Here are the contents of tasklist_log.txt:

Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 236 K
smss.exe 628 Console 0 444 K
csrss.exe 696 Console 0 3,988 K
winlogon.exe 720 Console 0 2,320 K
services.exe 764 Console 0 3,644 K
lsass.exe 776 Console 0 6,556 K
svchost.exe 948 Console 0 5,716 K
svchost.exe 1016 Console 0 4,676 K
MsMpEng.exe 1112 Console 0 45,140 K
svchost.exe 1148 Console 0 39,124 K
svchost.exe 1252 Console 0 3,680 K
svchost.exe 1352 Console 0 4,132 K
spoolsv.exe 1496 Console 0 6,576 K
DpHostW.exe 1540 Console 0 6,848 K
svchost.exe 1852 Console 0 3,820 K
SASCore.exe 1888 Console 0 2,252 K
jqs.exe 1960 Console 0 1,424 K
LMIGuardianSvc.exe 1980 Console 0 4,624 K
ramaint.exe 2020 Console 0 3,752 K
LogMeIn.exe 208 Console 0 34,060 K
mdm.exe 504 Console 0 3,120 K
svchost.exe 568 Console 0 4,268 K
dllhost.exe 688 Console 0 5,008 K
ViewpointService.exe 920 Console 0 2,652 K
wuauclt.exe 2104 Console 0 81,860 K
wmiprvse.exe 2252 Console 0 7,580 K
dllhost.exe 2320 Console 0 8,352 K
alg.exe 2568 Console 0 3,648 K
msdtc.exe 3036 Console 0 5,152 K
wmiprvse.exe 3056 Console 0 5,148 K
LogMeIn.exe 4020 Console 0 16,432 K
ViewMgr.exe 256 Console 0 3,784 K
explorer.exe 2192 Console 0 26,588 K
rundll32.exe 2996 Console 0 3,348 K
GrooveMonitor.exe 3044 Console 0 5,336 K
msseces.exe 3140 Console 0 8,792 K
LogMeInSystray.exe 3148 Console 0 6,656 K
RTHDCPL.exe 3156 Console 0 21,704 K
DATAMN~1.EXE 3172 Console 0 3,460 K
jusched.exe 3260 Console 0 2,652 K
CamTray.exe 3532 Console 0 4,468 K
ctfmon.exe 3592 Console 0 3,476 K
cmd.exe 268 Console 0 2,752 K
tasklist.exe 3612 Console 0 4,428 K


Thanx,

--d.

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:34 PM

Posted 26 March 2012 - 04:31 PM

Hi driven13,

Let's rerun ESET, this time selecting to removing all threats found, followed by viewpoint warning:

Step 1

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Step 2

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.


To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.


Viewpoint Manager
is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware. I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
Step 3
How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users