Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with tcp/ip settings (ZeroAccess inserted into TCP/IP stack)


  • Please log in to reply
13 replies to this topic

#1 mn_sailor

mn_sailor

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 02 July 2012 - 01:56 PM

Hi there,

nasdaq sent me to this forum seeking help for a possible TCP/IP issue. When I run ComboFix, I get a message that ZeroAccess! rootkit has inserted itself into the TCP/IP stack. After many days of cleaning, the logs appear ok but this message persists. Can you help with this particular issue?

Thanks, John

===

Make and model of computer: home built - Abit AB9 Pro MB, Core2Duo CPU, 1 GB Ram, RAID SATA HD, WinXP Pro (SP3)
How the computer is connected (wireless or wired): Wireless
Make and model of Router: Linksys E3000 router
Approximate Distance From the router the PC is if its a wireless connection:25 ft, 1 floor down, OK signal
What type of internet you have (Dsl, Cable, T-1,etc..): Comcast Cable Modem

"Please download MiniToolBox To your desk top and run it."

MiniToolBox by Farbar Version: 25-06-2012
Ran by Sue and John (administrator) on 02-07-2012 at 13:52:42
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Atheros Wireless Network Adapter = Wireless Network Connection 3 (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dwofficee6300

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.mn.comcast.net.



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2

Physical Address. . . . . . . . . : 00-50-8D-94-E7-AF



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-50-8D-94-E7-AE



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . : hsd1.mn.comcast.net.

Description . . . . . . . . . . . : Atheros Wireless Network Adapter

Physical Address. . . . . . . . . : 00-19-5B-37-2C-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.10.1.116

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.10.1.1

DHCP Server . . . . . . . . . . . : 10.10.1.1

DNS Servers . . . . . . . . . . . : 75.75.76.76

75.75.75.75

10.10.1.1

Lease Obtained. . . . . . . . . . : Monday, July 02, 2012 1:29:36 PM

Lease Expires . . . . . . . . . . : Tuesday, July 03, 2012 1:29:36 PM

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 74.125.225.132, 74.125.225.129, 74.125.225.137, 74.125.225.135
74.125.225.134, 74.125.225.142, 74.125.225.131, 74.125.225.128, 74.125.225.130
74.125.225.133, 74.125.225.136



Pinging google.com [74.125.225.128] with 32 bytes of data:



Reply from 74.125.225.128: bytes=32 time=17ms TTL=55

Reply from 74.125.225.128: bytes=32 time=18ms TTL=55



Ping statistics for 74.125.225.128:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=132ms TTL=51

Reply from 72.30.38.140: bytes=32 time=73ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 132ms, Average = 102ms

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d 94 e7 af ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC #2 - Packet Scheduler Miniport
0x3 ...00 50 8d 94 e7 ae ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x4 ...00 19 5b 37 2c 31 ...... D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.1.1 10.10.1.116 1
10.10.1.0 255.255.255.0 10.10.1.116 10.10.1.116 25
10.10.1.116 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.10.1.116 10.10.1.116 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.10.1.116 10.10.1.116 25
255.255.255.255 255.255.255.255 10.10.1.116 2 1
255.255.255.255 255.255.255.255 10.10.1.116 3 1
255.255.255.255 255.255.255.255 10.10.1.116 10.10.1.116 1
Default Gateway: 10.10.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/02/2012 09:37:02 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (07/01/2012 05:06:49 PM) (Source: Application Error) (User: )
Description: Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module user32.dll, version 5.1.2600.5512, fault address 0x00014acd.
Processing media-specific event for [ANIWZCSdS.exe!ws!]

Error: (06/30/2012 10:37:02 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/30/2012 09:37:02 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/30/2012 02:37:17 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/30/2012 06:37:18 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/29/2012 01:37:17 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/28/2012 11:37:02 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/28/2012 00:37:05 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/27/2012 10:38:09 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Error in creating result PEAP-TLV in response to received PEAP-TLV (FlashPlayerUpdateService.exe!ld!)


System errors:
=============
Error: (07/02/2012 01:31:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {10DA4F3C-CC99-4190-BE4D-58330754E882} did not register with DCOM within the required timeout.

Error: (07/02/2012 01:31:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/02/2012 01:29:47 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/02/2012 01:28:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/02/2012 01:25:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
PCLEPCI

Error: (07/02/2012 01:24:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/02/2012 01:18:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {10DA4F3C-CC99-4190-BE4D-58330754E882} did not register with DCOM within the required timeout.

Error: (07/02/2012 01:18:29 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/02/2012 01:18:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/02/2012 01:17:04 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (07/02/2012 09:37:02 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (07/01/2012 05:06:49 PM) (Source: Application Error)(User: )
Description: ANIWZCSdS.exe1.0.3.7034user32.dll5.1.2600.551200014acd

Error: (06/30/2012 10:37:02 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/30/2012 09:37:02 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/30/2012 02:37:17 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/30/2012 06:37:18 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/29/2012 01:37:17 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/28/2012 11:37:02 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/28/2012 00:37:05 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/27/2012 10:38:09 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 1022.39 MB
Available physical RAM: 489.38 MB
Total Pagefile: 2459.28 MB
Available Pagefile: 2015.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.82 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:50.17 GB) (Free:30.54 GB) NTFS
4 Drive e: (Programs) (Fixed) (Total:24.41 GB) (Free:24.04 GB) NTFS
5 Drive f: (Video) (Fixed) (Total:262.35 GB) (Free:261.09 GB) NTFS
6 Drive g: (Photos_Docs) (Fixed) (Total:50.08 GB) (Free:24.89 GB) NTFS
7 Drive h: (Music) (Fixed) (Total:71.99 GB) (Free:69.64 GB) NTFS
8 Drive i: (Scratch) (Fixed) (Total:6.76 GB) (Free:4.68 GB) NTFS
9 Drive j: (Test) (Fixed) (Total:19.53 GB) (Free:3.14 GB) NTFS
10 Drive k: (Images) (Fixed) (Total:97.65 GB) (Free:10.75 GB) NTFS

========================= Users: ========================================

User accounts for \\DWOFFICEE6300

Administrator ASPNET Guest
HelpAssistant Sue and John SUPPORT_388945a0


**** End of log ****

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:07 PM

Posted 03 July 2012 - 12:13 AM

You're still infected.Let me ask a mod to move this to am i infected forum

Please run TDSSkiller once again and post the log

Update malwarebytes and run scan once again and post the log

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

Let me know if you still get the MESSAGE from combofix

Good luck

#3 mn_sailor

mn_sailor
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 03 July 2012 - 03:27 PM

Hi narenxp,

Thanks for your help. TDSSKiller and MBAM logs are included below.

I tried the two Winsock fixes. The ZeroAccess message still exists during a ComboFix scan. This is very frustrating.

John

===
11:02:48.0250 2344 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
11:02:50.0265 2344 ============================================================
11:02:50.0265 2344 Current date / time: 2012/07/03 11:02:50.0265
11:02:50.0265 2344 SystemInfo:
11:02:50.0265 2344
11:02:50.0265 2344 OS Version: 5.1.2600 ServicePack: 3.0
11:02:50.0265 2344 Product type: Workstation
11:02:50.0265 2344 ComputerName: DWOFFICEE6300
11:02:50.0265 2344 UserName: Sue and John
11:02:50.0265 2344 Windows directory: C:\WINDOWS
11:02:50.0265 2344 System windows directory: C:\WINDOWS
11:02:50.0265 2344 Processor architecture: Intel x86
11:02:50.0265 2344 Number of processors: 2
11:02:50.0265 2344 Page size: 0x1000
11:02:50.0265 2344 Boot type: Normal boot
11:02:50.0265 2344 ============================================================
11:02:50.0640 2344 Drive \Device\Harddisk0\DR0 - Size: 0x7471100000 (465.77 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:02:50.0656 2344 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:02:50.0656 2344 Drive \Device\Harddisk2\DR15 - Size: 0x3C800000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:02:50.0656 2344 ============================================================
11:02:50.0656 2344 \Device\Harddisk0\DR0:
11:02:50.0656 2344 MBR partitions:
11:02:50.0656 2344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6455F16
11:02:50.0671 2344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6455F94, BlocksNum 0x30D3C74
11:02:50.0671 2344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9529C68, BlocksNum 0x20CB0CA7
11:02:50.0687 2344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2A1DA96D, BlocksNum 0x6426DEB
11:02:50.0703 2344 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x306017BB, BlocksNum 0x8FFC0D3
11:02:50.0734 2344 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x395FD8D4, BlocksNum 0xD8736D
11:02:50.0734 2344 \Device\Harddisk1\DR1:
11:02:50.0734 2344 MBR partitions:
11:02:50.0734 2344 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
11:02:50.0750 2344 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0xC34F28D
11:02:50.0765 2344 \Device\Harddisk2\DR15:
11:02:50.0765 2344 MBR partitions:
11:02:50.0765 2344 \Device\Harddisk2\DR15\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3FE0
11:02:50.0765 2344 ============================================================
11:02:50.0796 2344 C: <-> \Device\Harddisk0\DR0\Partition0
11:02:50.0828 2344 E: <-> \Device\Harddisk0\DR0\Partition1
11:02:50.0859 2344 F: <-> \Device\Harddisk0\DR0\Partition2
11:02:50.0906 2344 G: <-> \Device\Harddisk0\DR0\Partition3
11:02:50.0937 2344 H: <-> \Device\Harddisk0\DR0\Partition4
11:02:50.0953 2344 I: <-> \Device\Harddisk0\DR0\Partition5
11:02:50.0968 2344 J: <-> \Device\Harddisk1\DR1\Partition0
11:02:51.0015 2344 K: <-> \Device\Harddisk1\DR1\Partition1
11:02:51.0015 2344 ============================================================
11:02:51.0015 2344 Initialize success
11:02:51.0015 2344 ============================================================
11:03:00.0390 4104 ============================================================
11:03:00.0390 4104 Scan started
11:03:00.0390 4104 Mode: Manual;
11:03:00.0390 4104 ============================================================
11:03:00.0640 4104 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
11:03:00.0640 4104 61883 - ok
11:03:00.0718 4104 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys
11:03:00.0734 4104 A3AB - ok
11:03:00.0734 4104 Abiosdsk - ok
11:03:00.0734 4104 abp480n5 - ok
11:03:00.0812 4104 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:03:00.0812 4104 ACPI - ok
11:03:00.0875 4104 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:03:00.0875 4104 ACPIEC - ok
11:03:00.0968 4104 AcrSch2Svc (46a5cbb09b8f0c46f8cbe9210e5e3be2) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:03:00.0984 4104 AcrSch2Svc - ok
11:03:01.0031 4104 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:03:01.0078 4104 AdobeFlashPlayerUpdateSvc - ok
11:03:01.0078 4104 adpu160m - ok
11:03:01.0093 4104 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:03:01.0109 4104 aec - ok
11:03:01.0140 4104 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:03:01.0156 4104 AFD - ok
11:03:01.0156 4104 Aha154x - ok
11:03:01.0171 4104 aic78u2 - ok
11:03:01.0171 4104 aic78xx - ok
11:03:01.0187 4104 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:03:01.0187 4104 Alerter - ok
11:03:01.0218 4104 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:03:01.0218 4104 ALG - ok
11:03:01.0218 4104 AliIde - ok
11:03:01.0328 4104 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:03:01.0390 4104 Ambfilt - ok
11:03:01.0453 4104 amsint - ok
11:03:01.0484 4104 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
11:03:01.0484 4104 ANIO - ok
11:03:01.0515 4104 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
11:03:01.0515 4104 ANIWZCSdService - ok
11:03:01.0546 4104 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:03:01.0546 4104 AppMgmt - ok
11:03:01.0687 4104 AR5416 (572d2cda0b0131cb4dbb31981ec75b49) C:\WINDOWS\system32\DRIVERS\athw.sys
11:03:01.0750 4104 AR5416 - ok
11:03:01.0765 4104 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:03:01.0781 4104 Arp1394 - ok
11:03:01.0781 4104 asc - ok
11:03:01.0781 4104 asc3350p - ok
11:03:01.0781 4104 asc3550 - ok
11:03:01.0859 4104 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:03:01.0859 4104 aspnet_state - ok
11:03:01.0859 4104 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:03:01.0859 4104 AsyncMac - ok
11:03:01.0875 4104 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:03:01.0875 4104 atapi - ok
11:03:01.0875 4104 Atdisk - ok
11:03:01.0906 4104 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:03:01.0906 4104 Atmarpc - ok
11:03:01.0937 4104 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:03:01.0937 4104 AudioSrv - ok
11:03:01.0953 4104 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:03:01.0953 4104 audstub - ok
11:03:01.0968 4104 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
11:03:01.0968 4104 Avc - ok
11:03:01.0968 4104 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:03:01.0984 4104 Beep - ok
11:03:02.0015 4104 BENDER (fc6d0c2f327a5f716fdfdc24a305aceb) C:\WINDOWS\system32\drivers\bender.sys
11:03:02.0015 4104 BENDER - ok
11:03:02.0062 4104 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:03:02.0125 4104 BITS - ok
11:03:02.0140 4104 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:03:02.0140 4104 Browser - ok
11:03:02.0218 4104 catchme - ok
11:03:02.0218 4104 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:03:02.0218 4104 cbidf2k - ok
11:03:02.0234 4104 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:03:02.0234 4104 CCDECODE - ok
11:03:02.0250 4104 cd20xrnt - ok
11:03:02.0250 4104 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:03:02.0265 4104 Cdaudio - ok
11:03:02.0265 4104 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:03:02.0265 4104 Cdfs - ok
11:03:02.0296 4104 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:03:02.0296 4104 Cdrom - ok
11:03:02.0312 4104 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:03:02.0312 4104 CiSvc - ok
11:03:02.0328 4104 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:03:02.0328 4104 ClipSrv - ok
11:03:02.0359 4104 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:02.0359 4104 clr_optimization_v2.0.50727_32 - ok
11:03:02.0421 4104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:03:02.0421 4104 clr_optimization_v4.0.30319_32 - ok
11:03:02.0421 4104 CmdIde - ok
11:03:02.0421 4104 COMSysApp - ok
11:03:02.0437 4104 Cpqarray - ok
11:03:02.0453 4104 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:03:02.0453 4104 CryptSvc - ok
11:03:02.0453 4104 dac2w2k - ok
11:03:02.0453 4104 dac960nt - ok
11:03:02.0500 4104 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:03:02.0546 4104 DcomLaunch - ok
11:03:02.0593 4104 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:03:02.0593 4104 Dhcp - ok
11:03:02.0593 4104 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:03:02.0593 4104 Disk - ok
11:03:02.0593 4104 dmadmin - ok
11:03:02.0656 4104 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:03:02.0671 4104 dmboot - ok
11:03:02.0703 4104 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:03:02.0703 4104 dmio - ok
11:03:02.0718 4104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:03:02.0718 4104 dmload - ok
11:03:02.0734 4104 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:03:02.0734 4104 dmserver - ok
11:03:02.0734 4104 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:03:02.0734 4104 DMusic - ok
11:03:02.0765 4104 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:03:02.0765 4104 Dnscache - ok
11:03:02.0812 4104 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:03:02.0812 4104 Dot3svc - ok
11:03:02.0828 4104 dpti2o - ok
11:03:02.0843 4104 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:03:02.0843 4104 drmkaud - ok
11:03:02.0875 4104 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:03:02.0875 4104 EapHost - ok
11:03:02.0875 4104 ENTECH - ok
11:03:02.0890 4104 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:03:02.0890 4104 ERSvc - ok
11:03:02.0906 4104 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:03:02.0921 4104 Eventlog - ok
11:03:02.0953 4104 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:03:02.0953 4104 EventSystem - ok
11:03:02.0968 4104 f5ipfw (b057b8a97376df8d5501bf5fd7dc3310) C:\WINDOWS\system32\drivers\urfltw2k.sys
11:03:02.0984 4104 f5ipfw - ok
11:03:03.0015 4104 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:03:03.0015 4104 Fastfat - ok
11:03:03.0046 4104 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:03:03.0046 4104 FastUserSwitchingCompatibility - ok
11:03:03.0062 4104 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:03:03.0062 4104 Fdc - ok
11:03:03.0062 4104 FilterService - ok
11:03:03.0078 4104 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:03:03.0078 4104 Fips - ok
11:03:03.0109 4104 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:03:03.0109 4104 Flpydisk - ok
11:03:03.0109 4104 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:03:03.0125 4104 FltMgr - ok
11:03:03.0156 4104 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:03:03.0156 4104 FontCache3.0.0.0 - ok
11:03:03.0171 4104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:03:03.0171 4104 Fs_Rec - ok
11:03:03.0171 4104 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:03:03.0171 4104 Ftdisk - ok
11:03:03.0187 4104 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:03:03.0203 4104 Gpc - ok
11:03:03.0234 4104 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:03:03.0234 4104 gupdate - ok
11:03:03.0250 4104 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:03:03.0250 4104 gupdatem - ok
11:03:03.0265 4104 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:03:03.0265 4104 HDAudBus - ok
11:03:03.0296 4104 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:03:03.0296 4104 helpsvc - ok
11:03:03.0312 4104 HidServ - ok
11:03:03.0328 4104 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:03:03.0328 4104 HidUsb - ok
11:03:03.0343 4104 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:03:03.0343 4104 hkmsvc - ok
11:03:03.0343 4104 hpn - ok
11:03:03.0406 4104 hpqcxs08 (390920e11d7729a7b98799ebe20e38fb) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:03:03.0406 4104 hpqcxs08 - ok
11:03:03.0468 4104 HPSLPSVC - ok
11:03:03.0500 4104 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:03:03.0500 4104 HPZid412 - ok
11:03:03.0546 4104 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:03:03.0546 4104 HPZipr12 - ok
11:03:03.0546 4104 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:03:03.0546 4104 HPZius12 - ok
11:03:03.0593 4104 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:03:03.0656 4104 HTTP - ok
11:03:03.0671 4104 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:03:03.0671 4104 HTTPFilter - ok
11:03:03.0671 4104 i2omp - ok
11:03:03.0687 4104 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:03:03.0687 4104 i8042prt - ok
11:03:03.0734 4104 IAANTMON (d72f2a013ada9e2dda417887a8dfd217) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:03:03.0734 4104 IAANTMON - ok
11:03:03.0765 4104 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys
11:03:03.0765 4104 iaStor - ok
11:03:03.0859 4104 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:03:03.0875 4104 idsvc - ok
11:03:03.0890 4104 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:03:03.0890 4104 Imapi - ok
11:03:03.0906 4104 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:03:03.0906 4104 ImapiService - ok
11:03:03.0906 4104 ini910u - ok
11:03:04.0203 4104 IntcAzAudAddService (4517fd80b6d734d99ac4b1578443d1d9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:03:04.0328 4104 IntcAzAudAddService - ok
11:03:04.0437 4104 IntelIde - ok
11:03:04.0453 4104 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:03:04.0453 4104 intelppm - ok
11:03:04.0500 4104 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:03:04.0500 4104 IntuitUpdateServiceV4 - ok
11:03:04.0515 4104 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:03:04.0515 4104 Ip6Fw - ok
11:03:04.0531 4104 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:03:04.0531 4104 IpFilterDriver - ok
11:03:04.0562 4104 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:03:04.0562 4104 IpInIp - ok
11:03:04.0562 4104 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:03:04.0562 4104 IpNat - ok
11:03:04.0578 4104 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:03:04.0578 4104 IPSec - ok
11:03:04.0593 4104 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:03:04.0593 4104 IRENUM - ok
11:03:04.0593 4104 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:03:04.0593 4104 isapnp - ok
11:03:04.0640 4104 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:03:04.0640 4104 JavaQuickStarterService - ok
11:03:04.0656 4104 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
11:03:04.0656 4104 JGOGO - ok
11:03:04.0656 4104 JRAID (c341318beae24fa4042c5f8c64cb38b6) C:\WINDOWS\system32\DRIVERS\jraid.sys
11:03:04.0656 4104 JRAID - ok
11:03:04.0671 4104 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:03:04.0671 4104 Kbdclass - ok
11:03:04.0703 4104 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:03:04.0703 4104 kmixer - ok
11:03:04.0718 4104 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:03:04.0718 4104 KSecDD - ok
11:03:04.0734 4104 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:03:04.0734 4104 lanmanserver - ok
11:03:04.0781 4104 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:03:04.0796 4104 lanmanworkstation - ok
11:03:04.0812 4104 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:03:04.0812 4104 LmHosts - ok
11:03:04.0828 4104 LVRS - ok
11:03:04.0828 4104 LVUSBSta - ok
11:03:04.0828 4104 LVUVC - ok
11:03:04.0859 4104 MarvinBus (7584ffb07305d2e9e3823059a9310b0f) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
11:03:04.0875 4104 MarvinBus - ok
11:03:04.0890 4104 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:03:04.0890 4104 Messenger - ok
11:03:04.0906 4104 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:03:04.0906 4104 mnmdd - ok
11:03:04.0921 4104 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:03:04.0921 4104 mnmsrvc - ok
11:03:04.0937 4104 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:03:04.0937 4104 Modem - ok
11:03:05.0015 4104 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:03:05.0062 4104 Monfilt - ok
11:03:05.0125 4104 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:03:05.0125 4104 Mouclass - ok
11:03:05.0140 4104 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:03:05.0140 4104 mouhid - ok
11:03:05.0140 4104 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:03:05.0140 4104 MountMgr - ok
11:03:05.0187 4104 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:03:05.0187 4104 MozillaMaintenance - ok
11:03:05.0203 4104 mraid35x - ok
11:03:05.0203 4104 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:03:05.0203 4104 MRxDAV - ok
11:03:05.0250 4104 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:03:05.0281 4104 MRxSmb - ok
11:03:05.0281 4104 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:03:05.0296 4104 MSDTC - ok
11:03:05.0312 4104 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
11:03:05.0312 4104 MSDV - ok
11:03:05.0312 4104 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:03:05.0312 4104 Msfs - ok
11:03:05.0312 4104 MSIServer - ok
11:03:05.0343 4104 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:03:05.0343 4104 MSKSSRV - ok
11:03:05.0359 4104 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:03:05.0359 4104 MSPCLOCK - ok
11:03:05.0359 4104 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:03:05.0359 4104 MSPQM - ok
11:03:05.0359 4104 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:03:05.0375 4104 mssmbios - ok
11:03:05.0390 4104 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:03:05.0406 4104 MSTEE - ok
11:03:05.0421 4104 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:03:05.0421 4104 Mup - ok
11:03:05.0437 4104 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:03:05.0437 4104 NABTSFEC - ok
11:03:05.0625 4104 NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
11:03:05.0625 4104 NanoServiceMain - ok
11:03:05.0656 4104 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:03:05.0656 4104 napagent - ok
11:03:05.0687 4104 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:03:05.0703 4104 NDIS - ok
11:03:05.0734 4104 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:03:05.0734 4104 NdisIP - ok
11:03:05.0734 4104 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:03:05.0734 4104 NdisTapi - ok
11:03:05.0750 4104 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:03:05.0750 4104 Ndisuio - ok
11:03:05.0765 4104 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:03:05.0781 4104 NdisWan - ok
11:03:05.0796 4104 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:03:05.0796 4104 NDProxy - ok
11:03:05.0828 4104 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
11:03:05.0828 4104 Net Driver HPZ12 - ok
11:03:05.0843 4104 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:03:05.0843 4104 NetBIOS - ok
11:03:05.0859 4104 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:03:05.0875 4104 NetBT - ok
11:03:05.0890 4104 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:03:05.0906 4104 NetDDE - ok
11:03:05.0906 4104 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:03:05.0906 4104 NetDDEdsdm - ok
11:03:05.0937 4104 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:05.0937 4104 Netlogon - ok
11:03:05.0968 4104 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:03:06.0000 4104 Netman - ok
11:03:06.0078 4104 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:06.0093 4104 NetTcpPortSharing - ok
11:03:06.0109 4104 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:03:06.0109 4104 NIC1394 - ok
11:03:06.0156 4104 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:03:06.0203 4104 Nla - ok
11:03:06.0203 4104 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:03:06.0203 4104 Npfs - ok
11:03:06.0234 4104 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:03:06.0250 4104 Ntfs - ok
11:03:06.0250 4104 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:06.0250 4104 NtLmSsp - ok
11:03:06.0281 4104 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:03:06.0296 4104 NtmsSvc - ok
11:03:06.0296 4104 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:03:06.0296 4104 Null - ok
11:03:06.0703 4104 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:03:06.0859 4104 nv - ok
11:03:06.0937 4104 nvsvc (cc4f8220ead1f6a38d51679708f435b9) C:\WINDOWS\system32\nvsvc32.exe
11:03:06.0953 4104 nvsvc - ok
11:03:06.0968 4104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:03:06.0968 4104 NwlnkFlt - ok
11:03:06.0984 4104 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:03:06.0984 4104 NwlnkFwd - ok
11:03:06.0984 4104 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:03:06.0984 4104 ohci1394 - ok
11:03:07.0015 4104 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:03:07.0015 4104 Parport - ok
11:03:07.0015 4104 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:03:07.0031 4104 PartMgr - ok
11:03:07.0031 4104 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:03:07.0046 4104 ParVdm - ok
11:03:07.0062 4104 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:03:07.0062 4104 PCI - ok
11:03:07.0062 4104 PCIDump - ok
11:03:07.0062 4104 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:03:07.0062 4104 PCIIde - ok
11:03:07.0093 4104 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
11:03:07.0093 4104 PCLEPCI - ok
11:03:07.0109 4104 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:03:07.0109 4104 Pcmcia - ok
11:03:07.0125 4104 PDCOMP - ok
11:03:07.0125 4104 perc2 - ok
11:03:07.0125 4104 perc2hib - ok
11:03:07.0156 4104 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:03:07.0156 4104 PlugPlay - ok
11:03:07.0171 4104 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
11:03:07.0187 4104 Pml Driver HPZ12 - ok
11:03:07.0203 4104 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
11:03:07.0203 4104 Point32 - ok
11:03:07.0203 4104 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:07.0203 4104 PolicyAgent - ok
11:03:07.0218 4104 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:03:07.0218 4104 PptpMiniport - ok
11:03:07.0218 4104 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:07.0218 4104 ProtectedStorage - ok
11:03:07.0218 4104 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:03:07.0218 4104 PSched - ok
11:03:07.0281 4104 PSINAflt (b66042e21d32fcdf193b3b80516da1b3) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
11:03:07.0281 4104 PSINAflt - ok
11:03:07.0312 4104 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
11:03:07.0312 4104 PSINFile - ok
11:03:07.0359 4104 PSINKNC (16066810f5dae092db226c6662feedc9) C:\WINDOWS\system32\DRIVERS\psinknc.sys
11:03:07.0390 4104 PSINKNC - ok
11:03:07.0406 4104 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
11:03:07.0406 4104 PSINProc - ok
11:03:07.0468 4104 PSINProt (72ce5f32ff8260a38127953555e29d66) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
11:03:07.0468 4104 PSINProt - ok
11:03:07.0468 4104 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:03:07.0468 4104 Ptilink - ok
11:03:07.0468 4104 ql1080 - ok
11:03:07.0468 4104 Ql10wnt - ok
11:03:07.0484 4104 ql12160 - ok
11:03:07.0484 4104 ql1240 - ok
11:03:07.0484 4104 ql1280 - ok
11:03:07.0500 4104 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:03:07.0500 4104 RasAcd - ok
11:03:07.0531 4104 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:03:07.0531 4104 RasAuto - ok
11:03:07.0531 4104 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:03:07.0531 4104 Rasl2tp - ok
11:03:07.0562 4104 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:03:07.0562 4104 RasMan - ok
11:03:07.0578 4104 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:03:07.0578 4104 RasPppoe - ok
11:03:07.0578 4104 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:03:07.0578 4104 Raspti - ok
11:03:07.0625 4104 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:03:07.0640 4104 Rdbss - ok
11:03:07.0640 4104 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:03:07.0640 4104 RDPCDD - ok
11:03:07.0671 4104 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:03:07.0687 4104 rdpdr - ok
11:03:07.0718 4104 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:03:07.0718 4104 RDPWD - ok
11:03:07.0734 4104 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:03:07.0734 4104 RDSessMgr - ok
11:03:07.0750 4104 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:03:07.0750 4104 redbook - ok
11:03:07.0765 4104 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:03:07.0765 4104 RemoteAccess - ok
11:03:07.0781 4104 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:03:07.0781 4104 RemoteRegistry - ok
11:03:07.0781 4104 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:03:07.0781 4104 RpcLocator - ok
11:03:07.0828 4104 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:03:07.0828 4104 RpcSs - ok
11:03:07.0828 4104 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:03:07.0828 4104 RSVP - ok
11:03:07.0875 4104 RTLE8023xp (40607773fecd00708354809e233823f2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:03:07.0875 4104 RTLE8023xp - ok
11:03:07.0890 4104 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:03:07.0906 4104 SamSs - ok
11:03:07.0906 4104 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:03:07.0921 4104 SCardSvr - ok
11:03:07.0937 4104 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:03:07.0953 4104 Schedule - ok
11:03:07.0984 4104 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:03:07.0984 4104 Secdrv - ok
11:03:08.0000 4104 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:03:08.0000 4104 seclogon - ok
11:03:08.0015 4104 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:03:08.0015 4104 SENS - ok
11:03:08.0031 4104 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:03:08.0031 4104 Serial - ok
11:03:08.0046 4104 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:03:08.0046 4104 Sfloppy - ok
11:03:08.0078 4104 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:03:08.0109 4104 SharedAccess - ok
11:03:08.0125 4104 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:03:08.0125 4104 ShellHWDetection - ok
11:03:08.0156 4104 SI3132 (0b9b5c6df6226497ef4819b6e1b2efd5) C:\WINDOWS\system32\DRIVERS\SI3132.sys
11:03:08.0156 4104 SI3132 - ok
11:03:08.0171 4104 SiFilter (6aaeb533189c72c7eaf7d78ab12e4bb7) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
11:03:08.0171 4104 SiFilter - ok
11:03:08.0171 4104 Simbad - ok
11:03:08.0171 4104 SiRemFil (1ff379ba5e844f03c8786bc059dc1ec1) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
11:03:08.0171 4104 SiRemFil - ok
11:03:08.0203 4104 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:03:08.0203 4104 SLIP - ok
11:03:08.0218 4104 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
11:03:08.0218 4104 snapman - ok
11:03:08.0218 4104 Sparrow - ok
11:03:08.0250 4104 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:03:08.0250 4104 splitter - ok
11:03:08.0265 4104 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:03:08.0265 4104 Spooler - ok
11:03:08.0265 4104 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:03:08.0265 4104 sr - ok
11:03:08.0281 4104 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:03:08.0296 4104 srservice - ok
11:03:08.0328 4104 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:03:08.0328 4104 Srv - ok
11:03:08.0375 4104 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:03:08.0375 4104 SSDPSRV - ok
11:03:08.0406 4104 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:03:08.0406 4104 StillCam - ok
11:03:08.0453 4104 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:03:08.0500 4104 stisvc - ok
11:03:08.0515 4104 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:03:08.0515 4104 streamip - ok
11:03:08.0515 4104 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:03:08.0515 4104 swenum - ok
11:03:08.0546 4104 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:03:08.0546 4104 swmidi - ok
11:03:08.0546 4104 SwPrv - ok
11:03:08.0546 4104 symc810 - ok
11:03:08.0546 4104 symc8xx - ok
11:03:08.0562 4104 sym_hi - ok
11:03:08.0562 4104 sym_u3 - ok
11:03:08.0578 4104 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:03:08.0578 4104 sysaudio - ok
11:03:08.0593 4104 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:03:08.0593 4104 SysmonLog - ok
11:03:08.0625 4104 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:03:08.0640 4104 TapiSrv - ok
11:03:08.0656 4104 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:03:08.0671 4104 Tcpip - ok
11:03:08.0687 4104 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:03:08.0687 4104 TDPIPE - ok
11:03:08.0687 4104 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:03:08.0687 4104 TDTCP - ok
11:03:08.0703 4104 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:03:08.0703 4104 TermDD - ok
11:03:08.0750 4104 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:03:08.0796 4104 TermService - ok
11:03:08.0796 4104 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:03:08.0796 4104 Themes - ok
11:03:08.0812 4104 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
11:03:08.0812 4104 tifsfilter - ok
11:03:08.0828 4104 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
11:03:08.0828 4104 timounter - ok
11:03:08.0843 4104 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:03:08.0843 4104 TlntSvr - ok
11:03:08.0843 4104 TosIde - ok
11:03:08.0859 4104 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:03:08.0859 4104 TrkWks - ok
11:03:08.0875 4104 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:03:08.0875 4104 Udfs - ok
11:03:08.0875 4104 UGURU (c3cd138762aab1797805c26bf5defcbe) C:\WINDOWS\system32\drivers\uGuru.sys
11:03:08.0875 4104 UGURU - ok
11:03:08.0890 4104 ultra - ok
11:03:08.0906 4104 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:03:08.0906 4104 Update - ok
11:03:08.0937 4104 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:03:08.0953 4104 upnphost - ok
11:03:08.0968 4104 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:03:08.0968 4104 UPS - ok
11:03:09.0000 4104 urvpndrv (8ee2e45b049a2d8ac547ae4c8552aef1) C:\WINDOWS\system32\DRIVERS\covpndrv.sys
11:03:09.0000 4104 urvpndrv - ok
11:03:09.0031 4104 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:03:09.0031 4104 usbaudio - ok
11:03:09.0062 4104 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:03:09.0062 4104 usbccgp - ok
11:03:09.0093 4104 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:03:09.0093 4104 usbehci - ok
11:03:09.0093 4104 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:03:09.0093 4104 usbhub - ok
11:03:09.0125 4104 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:03:09.0125 4104 usbprint - ok
11:03:09.0140 4104 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:03:09.0140 4104 usbscan - ok
11:03:09.0156 4104 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:03:09.0156 4104 USBSTOR - ok
11:03:09.0187 4104 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:03:09.0187 4104 usbuhci - ok
11:03:09.0203 4104 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:03:09.0203 4104 VgaSave - ok
11:03:09.0203 4104 ViaIde - ok
11:03:09.0203 4104 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:03:09.0203 4104 VolSnap - ok
11:03:09.0250 4104 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:03:09.0250 4104 VSS - ok
11:03:09.0281 4104 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:03:09.0281 4104 W32Time - ok
11:03:09.0296 4104 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:03:09.0312 4104 Wanarp - ok
11:03:09.0328 4104 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:03:09.0328 4104 wceusbsh - ok
11:03:09.0343 4104 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:03:09.0359 4104 wdmaud - ok
11:03:09.0375 4104 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:03:09.0375 4104 WebClient - ok
11:03:09.0437 4104 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:03:09.0453 4104 winmgmt - ok
11:03:09.0468 4104 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:03:09.0468 4104 WmdmPmSN - ok
11:03:09.0515 4104 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:03:09.0531 4104 Wmi - ok
11:03:09.0562 4104 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:03:09.0562 4104 WmiApSrv - ok
11:03:09.0625 4104 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:03:09.0640 4104 WMPNetworkSvc - ok
11:03:09.0671 4104 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:03:09.0671 4104 WpdUsb - ok
11:03:09.0796 4104 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:03:09.0812 4104 WPFFontCache_v0400 - ok
11:03:09.0843 4104 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:03:09.0843 4104 WS2IFSL - ok
11:03:09.0843 4104 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:03:09.0859 4104 wscsvc - ok
11:03:09.0875 4104 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:03:09.0875 4104 WSTCODEC - ok
11:03:09.0890 4104 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:03:09.0890 4104 wuauserv - ok
11:03:09.0906 4104 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:03:09.0906 4104 WudfPf - ok
11:03:09.0937 4104 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:03:09.0937 4104 WudfRd - ok
11:03:09.0953 4104 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:03:09.0953 4104 WudfSvc - ok
11:03:10.0000 4104 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:03:10.0015 4104 WZCSVC - ok
11:03:10.0046 4104 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:03:10.0046 4104 xmlprov - ok
11:03:10.0078 4104 MBR (0x1B8) (dd251b4bfe3188ce2ce45a78cfbf852d) \Device\Harddisk0\DR0
11:03:10.0468 4104 \Device\Harddisk0\DR0 - ok
11:03:10.0484 4104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:03:10.0687 4104 \Device\Harddisk1\DR1 - ok
11:03:10.0687 4104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR15
11:03:13.0671 4104 \Device\Harddisk2\DR15 - ok
11:03:13.0671 4104 Boot (0x1200) (f96dc7d6fc4267f82058cfa8a53c6300) \Device\Harddisk0\DR0\Partition0
11:03:13.0671 4104 \Device\Harddisk0\DR0\Partition0 - ok
11:03:13.0671 4104 Boot (0x1200) (b1d781132bd5ebd785abe3b3b54243e0) \Device\Harddisk0\DR0\Partition1
11:03:13.0671 4104 \Device\Harddisk0\DR0\Partition1 - ok
11:03:13.0687 4104 Boot (0x1200) (5f4f0932fa9bfcb7df8bf9182be18a9b) \Device\Harddisk0\DR0\Partition2
11:03:13.0687 4104 \Device\Harddisk0\DR0\Partition2 - ok
11:03:13.0718 4104 Boot (0x1200) (dd9bd3191420a05ba7deab069e903ae7) \Device\Harddisk0\DR0\Partition3
11:03:13.0718 4104 \Device\Harddisk0\DR0\Partition3 - ok
11:03:13.0718 4104 Boot (0x1200) (e57b762767617f38520cc9dad851b2e4) \Device\Harddisk0\DR0\Partition4
11:03:13.0734 4104 \Device\Harddisk0\DR0\Partition4 - ok
11:03:13.0750 4104 Boot (0x1200) (0facfd64ec458a36abf5239181e773f7) \Device\Harddisk0\DR0\Partition5
11:03:13.0750 4104 \Device\Harddisk0\DR0\Partition5 - ok
11:03:13.0750 4104 Boot (0x1200) (b59fb0f8144e79003c7df9bea81ec66d) \Device\Harddisk1\DR1\Partition0
11:03:13.0750 4104 \Device\Harddisk1\DR1\Partition0 - ok
11:03:13.0750 4104 Boot (0x1200) (e8af787486292c51a4b7aeb7c2533d2e) \Device\Harddisk1\DR1\Partition1
11:03:13.0765 4104 \Device\Harddisk1\DR1\Partition1 - ok
11:03:13.0765 4104 Boot (0x1200) (19a950cb4ad63830eaf0c9b95b8ab773) \Device\Harddisk2\DR15\Partition0
11:03:13.0765 4104 \Device\Harddisk2\DR15\Partition0 - ok
11:03:13.0765 4104 ============================================================
11:03:13.0765 4104 Scan finished
11:03:13.0765 4104 ============================================================
11:03:13.0765 4108 Detected object count: 0
11:03:13.0765 4108 Actual detected object count: 0
11:04:36.0593 5876 Deinitialize success

===
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sue and John :: DWOFFICEE6300 [administrator]

7/3/2012 11:08:42 AM
mbam-log-2012-07-03 (11-08-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322916
Time elapsed: 40 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:07 PM

Posted 03 July 2012 - 03:31 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 mn_sailor

mn_sailor
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 03 July 2012 - 05:40 PM

Results from aswMBR and ESET Online scans:

===
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 16:09:19
-----------------------------
16:09:19.578 OS Version: Windows 5.1.2600 Service Pack 3
16:09:19.578 Number of processors: 2 586 0xF06
16:09:19.578 ComputerName: DWOFFICEE6300 UserName: Sue and John
16:09:19.984 Initialize success
16:16:43.015 AVAST engine defs: 12070301
16:33:55.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:33:55.515 Disk 0 Vendor: Intel___ 1.0. Size: 476945MB BusType: 8
16:33:55.515 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
16:33:55.515 Disk 1 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 8
16:33:55.531 Disk 0 MBR read successfully
16:33:55.531 Disk 0 MBR scan
16:33:55.562 Disk 0 unknown MBR code
16:33:55.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 51371 MB offset 63
16:33:55.562 Disk 0 Partition - 00 05 Extended 425565 MB offset 105209685
16:33:55.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 24999 MB offset 105209748
16:33:55.578 Disk 0 Partition - 00 05 Extended 268641 MB offset 156408840
16:33:55.593 Disk 0 scanning sectors +976768065
16:33:55.656 Disk 0 scanning C:\WINDOWS\system32\drivers
16:34:04.281 Service scanning
16:34:13.859 Modules scanning
16:34:17.296 Disk 0 trace - called modules:
16:34:17.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:34:17.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87103030]
16:34:17.312 3 CLASSPNP.SYS[f7540fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87109028]
16:34:17.593 AVAST engine scan C:\WINDOWS
16:34:22.937 AVAST engine scan C:\WINDOWS\system32
16:36:43.328 AVAST engine scan C:\WINDOWS\system32\drivers
16:36:56.046 AVAST engine scan C:\Documents and Settings\Sue and John
16:38:57.656 AVAST engine scan C:\Documents and Settings\All Users
16:39:51.906 Scan finished successfully
16:41:11.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sue and John\Desktop\MBR.dat"
16:41:11.593 The log file has been saved successfully to "C:\Documents and Settings\Sue and John\Desktop\aswMBR.txt"

===
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fe97f0bd643b7d4f8c032d0216a707a3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 10:27:40
# local_time=2012-07-03 05:27:40 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1538 16774118 20 3 7468 168958281 0 0
# compatibility_mode=8192 67108863 100 0 10502653 10502653 0 0
# scanned=91603
# found=0
# cleaned=0
# scan_time=2469

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:07 PM

Posted 03 July 2012 - 05:52 PM

Download

System look

Launch it and copy this script

:folderfind
{1afc5200-042e-53c4-0a1e-0e45e0f3f4cd}

Click on look,post the generated log

#7 mn_sailor

mn_sailor
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 03 July 2012 - 06:07 PM

Systemlook log:

===
SystemLook 30.07.11 by jpshortstuff
Log created at 18:04 on 03/07/2012 by Sue and John
Administrator - Elevation successful

========== folderfind ==========

Searching for "{1afc5200-042e-53c4-0a1e-0e45e0f3f4cd} "
No folders found.

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:07 PM

Posted 03 July 2012 - 07:53 PM

Can you download a new copy and run it?

#9 mn_sailor

mn_sailor
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 03 July 2012 - 08:00 PM

A new copy of Systemlook?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:07 PM

Posted 03 July 2012 - 09:12 PM

Nope,combofix,also

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#11 mn_sailor

mn_sailor
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 03 July 2012 - 10:16 PM

The ComboFix log from a scan using a fresh copy is below. FSS log will follow in my next post.

Notes: The ZeroAccess message still occurred and if I'm not totally losing touch with reality, it seemed like ComboFix caused 2 reboots during it's scan vs the usual 1 reboot.

===
Edit: ComboFix log removed!!

Edited by mn_sailor, 03 July 2012 - 10:26 PM.


#12 mn_sailor

mn_sailor
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 03 July 2012 - 10:19 PM

FSS log:

===
Farbar Service Scanner Version: 02-07-2012
Ran by Sue and John (administrator) on 03-07-2012 at 22:17:30
Running from "C:\Documents and Settings\Sue and John\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:07 PM

Posted 03 July 2012 - 10:23 PM

Can you please remove the combofix log.We are not allowed to analyze or post combofix logs in this forum.

I have asked an expert help on this.You should get a reply soon.

good luck

#14 mn_sailor

mn_sailor
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ham Lake, MN
  • Local time:01:07 PM

Posted 03 July 2012 - 10:27 PM

Thanks for your help!! Sorry about the log posting - I removed it.

John




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users