Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer still infected?


  • This topic is locked This topic is locked
15 replies to this topic

#1 mrthon

mrthon

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 28 August 2012 - 09:47 PM

Hi-

First off, THANKS so much for looking at this. I'm a newbie, so my apologies in advance for any inadvertant protocol mistakes or transgressions I may make.

About 2 months ago my AV (Zonelabs Extreme Security) detected and removed 2 viruses, but it seemed to have to go through twice to get rid of the second virus. I use my computer for all of my bills, banking, etc, so I used Dell PC Restore by Symantec to wipe the drive and reload my OS and programs (it came pre-loaded on my computer - a DELL Dimension 8400). I used Windows Firewall while I loaded all XP and ie8 updates, and then reloaded Zonelabs.

I have done virus scans since (in safe mode) as recommended by ZoneAlarm User Community Forum (Malware Discussion) Guru "fax", with MBAM, and superantispyware showing no infection. I also ran Hitman Pro in regular mode which showed no infection.

In the last few weeks, however, my computer has been showing a window while I'm online saying that ie8 is about to access a "secure" website while I am on a regular website (such as CNN or the NY Times). When I see this, I typically hit Alt F4 to close the popup window. However, I once hit the "OK" button when this showed, but no new window/website popped up.

While looking into this, I used Sysinternals' Rootkitrevealer to see if I had anything that could survive a PC Restore, or if I had caught something since (even though all scans were clean). What worries me so much is the second and third entries show "Key name contains embedded nulls (*)". It's short, so here is the log file:

HKU\S-1-5-21-3660111269-1566611695-3768214229-1007 0 bytes Error dumping hive: Internal error.
HKLM\SECURITY\Policy\Secrets\SAC* 8/10/2004 6:23 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/10/2004 6:23 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 4/14/2005 4:29 PM 13 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Application Data\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\SysWHist\amlogs\366 8/23/2012 3:48 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\SysWHist\amlogs\367 8/23/2012 3:48 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\SysWHist\amlogs\368 8/23/2012 3:48 PM 0 bytes Visible in Windows API, but not in MFT or directory index.



Per the Preparation Guide to post a help request, here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Robert at 15:59:52 on 2012-08-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2395 [GMT -7:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341352599296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344035083234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{41063DFB-D88C-4A46-A94F-999DB77C8D78} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-7-3 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-7-3 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-7-3 485808]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-6-21 526640]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2012-4-30 36744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-4 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-4 116648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-6 22344]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-6 655944]
S4 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
.
=============== Created Last 30 ================
.
2012-08-25 00:01:15 -------- d-----w- c:\windows\Microsoft Antimalware
2012-08-24 00:15:34 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2012-08-23 23:29:38 -------- d-----w- c:\documents and settings\robert\application data\ElevatedDiagnostics
2012-08-21 22:48:21 -------- d-----w- c:\windows\system32\XPSViewer
2012-08-21 22:47:54 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-08-21 22:47:42 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-08-21 22:47:42 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-08-21 22:47:42 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-08-21 22:47:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-08-21 22:47:42 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-08-21 22:47:42 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-08-21 22:47:42 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-08-21 22:47:42 117760 ------w- c:\windows\system32\prntvpt.dll
2012-08-21 22:47:42 -------- d-----w- C:\12e2031ce851a7aa08104a
2012-08-07 23:42:38 -------- d-----w- c:\program files\HitmanPro
2012-08-07 23:39:38 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-06 19:40:43 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-08-06 19:40:42 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-08-04 08:00:27 -------- d-----w- c:\documents and settings\robert\local settings\application data\Google
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 06:30:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 06:30:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 16:03:39.08 ===============


Please note that while my ZoneAlarm is outdated, my subscription only just expired. However, the popup windows about ie8 attempting to contact a "secure" website were already occurring.

I guess my main issue is are there rootkits that can evade/hide from anti-virus scans these days? I haven't used my computer for anything important in weeks because this is concerning me so much.

Any help or advice you could give would be deeply appreciated. While I am somewhat literate in computers, I realize I am just literate enough to be dangerous to myself!

Again, thanks so much.

Regards!

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:17 AM

Posted 31 August 2012 - 11:23 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 mrthon

mrthon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 01 September 2012 - 12:48 PM

mOle-

Thanks so much for helping me out on this. I am subscribed to this topic, so will get back to you asap. :)

A quick update - this week I renewed my subscription to ZoneAlarm Extreme Security, ran a full scan with it and it just came up clean again. Apparently, though I've just read that PC magazine had rated ZA as not as effective against malware these days as Webroot or some other av programs. So I guess I can't be completely confident that there is no more malware on my machine.

I'll feel much better after your expert eye can give this a look.

Regards!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:17 AM

Posted 01 September 2012 - 08:04 PM

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 mrthon

mrthon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 02 September 2012 - 05:06 PM

Hi-

I did as you instructed, and the inital report came back clean. I re-ran TDSSKiller with all options checked and got a warning of 3 files unsigned - iaantmon.exe, omci.sys, and PxHelp20.sys. A google search seemed to show they are harmless.

The initial TDSSKiller report (without options checked) is below. Again, m0le, thanks for your help.


14:46:56.0421 0708 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:46:57.0015 0708 ============================================================
14:46:57.0015 0708 Current date / time: 2012/09/02 14:46:57.0015
14:46:57.0015 0708 SystemInfo:
14:46:57.0015 0708
14:46:57.0015 0708 OS Version: 5.1.2600 ServicePack: 3.0
14:46:57.0015 0708 Product type: Workstation
14:46:57.0015 0708 ComputerName: COMPUTER2
14:46:57.0015 0708 UserName: Robert
14:46:57.0015 0708 Windows directory: C:\WINDOWS
14:46:57.0015 0708 System windows directory: C:\WINDOWS
14:46:57.0015 0708 Processor architecture: Intel x86
14:46:57.0015 0708 Number of processors: 2
14:46:57.0015 0708 Page size: 0x1000
14:46:57.0015 0708 Boot type: Normal boot
14:46:57.0015 0708 ============================================================
14:46:57.0156 0708 BG loaded
14:46:57.0468 0708 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:46:57.0468 0708 ============================================================
14:46:57.0468 0708 \Device\Harddisk0\DR0:
14:46:57.0468 0708 MBR partitions:
14:46:57.0468 0708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x122CDBE5
14:46:57.0468 0708 ============================================================
14:46:57.0500 0708 C: <-> \Device\Harddisk0\DR0\Partition1
14:46:57.0500 0708 ============================================================
14:46:57.0500 0708 Initialize success
14:46:57.0500 0708 ============================================================
14:47:03.0046 2492 ============================================================
14:47:03.0046 2492 Scan started
14:47:03.0046 2492 Mode: Manual;
14:47:03.0046 2492 ============================================================
14:47:03.0218 2492 ================ Scan system memory ========================
14:47:03.0218 2492 System memory - ok
14:47:03.0218 2492 ================ Scan services =============================
14:47:03.0250 2492 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:47:03.0250 2492 !SASCORE - ok
14:47:03.0359 2492 Abiosdsk - ok
14:47:03.0375 2492 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:47:03.0375 2492 abp480n5 - ok
14:47:03.0406 2492 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:47:03.0406 2492 ACPI - ok
14:47:03.0421 2492 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:47:03.0421 2492 ACPIEC - ok
14:47:03.0437 2492 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:47:03.0437 2492 adpu160m - ok
14:47:03.0453 2492 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:47:03.0453 2492 aec - ok
14:47:03.0500 2492 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:47:03.0500 2492 AFD - ok
14:47:03.0500 2492 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:47:03.0500 2492 agp440 - ok
14:47:03.0515 2492 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:47:03.0515 2492 agpCPQ - ok
14:47:03.0515 2492 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:47:03.0515 2492 Aha154x - ok
14:47:03.0531 2492 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:47:03.0531 2492 aic78u2 - ok
14:47:03.0531 2492 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:47:03.0546 2492 aic78xx - ok
14:47:03.0562 2492 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:47:03.0562 2492 Alerter - ok
14:47:03.0593 2492 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:47:03.0593 2492 ALG - ok
14:47:03.0593 2492 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:47:03.0593 2492 AliIde - ok
14:47:03.0609 2492 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:47:03.0609 2492 alim1541 - ok
14:47:03.0609 2492 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:47:03.0609 2492 amdagp - ok
14:47:03.0625 2492 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:47:03.0625 2492 amsint - ok
14:47:03.0640 2492 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:47:03.0640 2492 Arp1394 - ok
14:47:03.0656 2492 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:47:03.0656 2492 asc - ok
14:47:03.0656 2492 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:47:03.0656 2492 asc3350p - ok
14:47:03.0687 2492 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:47:03.0687 2492 asc3550 - ok
14:47:03.0781 2492 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:47:03.0781 2492 aspnet_state - ok
14:47:03.0796 2492 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:47:03.0796 2492 AsyncMac - ok
14:47:03.0812 2492 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:47:03.0812 2492 atapi - ok
14:47:03.0812 2492 Atdisk - ok
14:47:03.0859 2492 [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:47:03.0859 2492 Ati HotKey Poller - ok
14:47:03.0906 2492 [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:47:03.0921 2492 ati2mtag - ok
14:47:03.0937 2492 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:47:03.0937 2492 Atmarpc - ok
14:47:03.0968 2492 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:47:03.0968 2492 AudioSrv - ok
14:47:03.0984 2492 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:47:03.0984 2492 audstub - ok
14:47:04.0015 2492 [ 2ACF06176B9D011567D7F25B83DDD066 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:47:04.0031 2492 b57w2k - ok
14:47:04.0046 2492 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:47:04.0046 2492 Beep - ok
14:47:04.0078 2492 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:47:04.0078 2492 BITS - ok
14:47:04.0109 2492 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:47:04.0125 2492 Browser - ok
14:47:04.0140 2492 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:47:04.0140 2492 cbidf - ok
14:47:04.0140 2492 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:47:04.0140 2492 cbidf2k - ok
14:47:04.0156 2492 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:47:04.0156 2492 cd20xrnt - ok
14:47:04.0156 2492 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:47:04.0156 2492 Cdaudio - ok
14:47:04.0187 2492 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:47:04.0187 2492 Cdfs - ok
14:47:04.0203 2492 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:47:04.0203 2492 Cdrom - ok
14:47:04.0218 2492 Changer - ok
14:47:04.0250 2492 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:47:04.0250 2492 CiSvc - ok
14:47:04.0250 2492 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:47:04.0250 2492 ClipSrv - ok
14:47:04.0281 2492 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:47:04.0281 2492 clr_optimization_v2.0.50727_32 - ok
14:47:04.0343 2492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:47:04.0343 2492 clr_optimization_v4.0.30319_32 - ok
14:47:04.0359 2492 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:47:04.0359 2492 CmdIde - ok
14:47:04.0359 2492 COMSysApp - ok
14:47:04.0375 2492 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:47:04.0375 2492 Cpqarray - ok
14:47:04.0390 2492 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:47:04.0390 2492 CryptSvc - ok
14:47:04.0421 2492 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:47:04.0421 2492 dac2w2k - ok
14:47:04.0421 2492 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:47:04.0421 2492 dac960nt - ok
14:47:04.0468 2492 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:47:04.0468 2492 DcomLaunch - ok
14:47:04.0500 2492 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:47:04.0500 2492 Dhcp - ok
14:47:04.0531 2492 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:47:04.0531 2492 Disk - ok
14:47:04.0531 2492 dmadmin - ok
14:47:04.0562 2492 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:47:04.0578 2492 dmboot - ok
14:47:04.0593 2492 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:47:04.0593 2492 dmio - ok
14:47:04.0609 2492 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:47:04.0609 2492 dmload - ok
14:47:04.0640 2492 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:47:04.0640 2492 dmserver - ok
14:47:04.0656 2492 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:47:04.0656 2492 DMusic - ok
14:47:04.0687 2492 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:47:04.0687 2492 Dnscache - ok
14:47:04.0718 2492 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:47:04.0718 2492 Dot3svc - ok
14:47:04.0734 2492 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:47:04.0734 2492 dpti2o - ok
14:47:04.0750 2492 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:47:04.0750 2492 drmkaud - ok
14:47:04.0781 2492 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:47:04.0781 2492 E100B - ok
14:47:04.0796 2492 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:47:04.0796 2492 EapHost - ok
14:47:04.0828 2492 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:47:04.0828 2492 ERSvc - ok
14:47:04.0859 2492 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:47:04.0859 2492 Eventlog - ok
14:47:04.0890 2492 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:47:04.0906 2492 EventSystem - ok
14:47:04.0937 2492 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:47:04.0937 2492 Fastfat - ok
14:47:04.0968 2492 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:47:04.0968 2492 FastUserSwitchingCompatibility - ok
14:47:04.0984 2492 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:47:04.0984 2492 Fdc - ok
14:47:04.0984 2492 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:47:04.0984 2492 Fips - ok
14:47:05.0000 2492 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:47:05.0000 2492 Flpydisk - ok
14:47:05.0015 2492 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:47:05.0015 2492 FltMgr - ok
14:47:05.0078 2492 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:47:05.0078 2492 FontCache3.0.0.0 - ok
14:47:05.0093 2492 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:47:05.0109 2492 Fs_Rec - ok
14:47:05.0125 2492 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:47:05.0125 2492 Ftdisk - ok
14:47:05.0156 2492 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:47:05.0156 2492 Gpc - ok
14:47:05.0171 2492 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:47:05.0171 2492 gupdate - ok
14:47:05.0187 2492 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:47:05.0187 2492 gupdatem - ok
14:47:05.0250 2492 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:47:05.0250 2492 helpsvc - ok
14:47:05.0281 2492 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:47:05.0281 2492 HidServ - ok
14:47:05.0312 2492 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:47:05.0312 2492 HidUsb - ok
14:47:05.0343 2492 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:47:05.0343 2492 hkmsvc - ok
14:47:05.0359 2492 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:47:05.0359 2492 hpn - ok
14:47:05.0406 2492 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:47:05.0406 2492 HTTP - ok
14:47:05.0437 2492 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:47:05.0437 2492 HTTPFilter - ok
14:47:05.0468 2492 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:47:05.0468 2492 i2omgmt - ok
14:47:05.0468 2492 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:47:05.0468 2492 i2omp - ok
14:47:05.0500 2492 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:47:05.0500 2492 i8042prt - ok
14:47:05.0546 2492 [ A38BF37FD0795382655F756DD4446FA0 ] IAANTMon C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
14:47:05.0562 2492 IAANTMon - ok
14:47:05.0593 2492 [ D7731536E183B4397402CA6F9E1D52F7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
14:47:05.0593 2492 iaStor - ok
14:47:05.0671 2492 [ 2C42C822A55AD028539149A05BD54464 ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
14:47:05.0671 2492 icsak - ok
14:47:05.0734 2492 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:47:05.0734 2492 idsvc - ok
14:47:05.0765 2492 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:47:05.0765 2492 Imapi - ok
14:47:05.0796 2492 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:47:05.0796 2492 ImapiService - ok
14:47:05.0812 2492 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:47:05.0812 2492 ini910u - ok
14:47:05.0875 2492 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
14:47:05.0875 2492 IntelC51 - ok
14:47:05.0906 2492 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
14:47:05.0906 2492 IntelC52 - ok
14:47:05.0921 2492 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
14:47:05.0921 2492 IntelC53 - ok
14:47:05.0937 2492 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:47:05.0937 2492 IntelIde - ok
14:47:05.0968 2492 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:47:05.0968 2492 intelppm - ok
14:47:06.0000 2492 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:47:06.0000 2492 Ip6Fw - ok
14:47:06.0015 2492 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:47:06.0015 2492 IpFilterDriver - ok
14:47:06.0046 2492 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:47:06.0046 2492 IpInIp - ok
14:47:06.0062 2492 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:47:06.0062 2492 IpNat - ok
14:47:06.0078 2492 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:47:06.0078 2492 IPSec - ok
14:47:06.0093 2492 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:47:06.0093 2492 IRENUM - ok
14:47:06.0109 2492 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:47:06.0109 2492 isapnp - ok
14:47:06.0140 2492 [ A195C4FC49492928E8296B8C4AB00517 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
14:47:06.0140 2492 ISWKL - ok
14:47:06.0187 2492 [ E78EACA70B4E0C260E4B32972B7086AC ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
14:47:06.0187 2492 IswSvc - ok
14:47:06.0250 2492 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
14:47:06.0250 2492 JavaQuickStarterService - ok
14:47:06.0265 2492 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:47:06.0265 2492 Kbdclass - ok
14:47:06.0281 2492 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:47:06.0281 2492 kbdhid - ok
14:47:06.0296 2492 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
14:47:06.0296 2492 KL1 - ok
14:47:06.0312 2492 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
14:47:06.0312 2492 kl2 - ok
14:47:06.0343 2492 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
14:47:06.0343 2492 KLIF - ok
14:47:06.0375 2492 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:47:06.0375 2492 kmixer - ok
14:47:06.0406 2492 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:47:06.0406 2492 KSecDD - ok
14:47:06.0437 2492 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:47:06.0437 2492 lanmanserver - ok
14:47:06.0468 2492 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:47:06.0468 2492 lanmanworkstation - ok
14:47:06.0484 2492 lbrtfdc - ok
14:47:06.0515 2492 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:47:06.0515 2492 LmHosts - ok
14:47:06.0546 2492 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
14:47:06.0546 2492 MBAMProtector - ok
14:47:06.0609 2492 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:47:06.0609 2492 MBAMService - ok
14:47:06.0656 2492 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:47:06.0656 2492 MDM - ok
14:47:06.0687 2492 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:47:06.0687 2492 Messenger - ok
14:47:06.0703 2492 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:47:06.0703 2492 mnmdd - ok
14:47:06.0734 2492 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:47:06.0734 2492 mnmsrvc - ok
14:47:06.0750 2492 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:47:06.0750 2492 Modem - ok
14:47:06.0765 2492 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:47:06.0765 2492 MODEMCSA - ok
14:47:06.0781 2492 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
14:47:06.0781 2492 mohfilt - ok
14:47:06.0796 2492 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:47:06.0796 2492 Mouclass - ok
14:47:06.0828 2492 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:47:06.0828 2492 mouhid - ok
14:47:06.0843 2492 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:47:06.0843 2492 MountMgr - ok
14:47:06.0843 2492 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:47:06.0843 2492 mraid35x - ok
14:47:06.0875 2492 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:47:06.0875 2492 MRxDAV - ok
14:47:06.0890 2492 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:47:06.0890 2492 MRxSmb - ok
14:47:06.0921 2492 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:47:06.0921 2492 MSDTC - ok
14:47:06.0968 2492 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:47:06.0968 2492 Msfs - ok
14:47:06.0984 2492 MSIServer - ok
14:47:07.0000 2492 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:47:07.0000 2492 MSKSSRV - ok
14:47:07.0015 2492 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:47:07.0015 2492 MSPCLOCK - ok
14:47:07.0031 2492 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:47:07.0031 2492 MSPQM - ok
14:47:07.0046 2492 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:47:07.0062 2492 mssmbios - ok
14:47:07.0078 2492 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:47:07.0078 2492 Mup - ok
14:47:07.0109 2492 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:47:07.0109 2492 napagent - ok
14:47:07.0140 2492 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:47:07.0140 2492 NDIS - ok
14:47:07.0171 2492 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:47:07.0171 2492 NdisTapi - ok
14:47:07.0203 2492 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:47:07.0203 2492 Ndisuio - ok
14:47:07.0218 2492 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:47:07.0218 2492 NdisWan - ok
14:47:07.0250 2492 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:47:07.0250 2492 NDProxy - ok
14:47:07.0250 2492 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:47:07.0250 2492 NetBIOS - ok
14:47:07.0281 2492 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:47:07.0281 2492 NetBT - ok
14:47:07.0312 2492 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:47:07.0312 2492 NetDDE - ok
14:47:07.0328 2492 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:47:07.0328 2492 NetDDEdsdm - ok
14:47:07.0359 2492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:47:07.0359 2492 Netlogon - ok
14:47:07.0375 2492 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:47:07.0375 2492 Netman - ok
14:47:07.0437 2492 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:47:07.0437 2492 NetTcpPortSharing - ok
14:47:07.0453 2492 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:47:07.0453 2492 NIC1394 - ok
14:47:07.0468 2492 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:47:07.0468 2492 Nla - ok
14:47:07.0484 2492 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:47:07.0484 2492 Npfs - ok
14:47:07.0531 2492 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:47:07.0531 2492 Ntfs - ok
14:47:07.0546 2492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:47:07.0546 2492 NtLmSsp - ok
14:47:07.0593 2492 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:47:07.0609 2492 NtmsSvc - ok
14:47:07.0625 2492 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:47:07.0625 2492 Null - ok
14:47:07.0687 2492 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:47:07.0703 2492 nv - ok
14:47:07.0718 2492 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:47:07.0718 2492 NwlnkFlt - ok
14:47:07.0734 2492 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:47:07.0734 2492 NwlnkFwd - ok
14:47:07.0750 2492 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:47:07.0750 2492 ohci1394 - ok
14:47:07.0765 2492 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
14:47:07.0765 2492 omci - ok
14:47:07.0796 2492 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:47:07.0796 2492 ose - ok
14:47:07.0828 2492 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:47:07.0828 2492 Parport - ok
14:47:07.0843 2492 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:47:07.0843 2492 PartMgr - ok
14:47:07.0875 2492 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:47:07.0875 2492 ParVdm - ok
14:47:07.0890 2492 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:47:07.0890 2492 PCI - ok
14:47:07.0890 2492 PCIDump - ok
14:47:07.0906 2492 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:47:07.0906 2492 PCIIde - ok
14:47:07.0937 2492 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:47:07.0937 2492 Pcmcia - ok
14:47:07.0937 2492 PDCOMP - ok
14:47:07.0953 2492 PDFRAME - ok
14:47:07.0953 2492 PDRELI - ok
14:47:07.0968 2492 PDRFRAME - ok
14:47:07.0968 2492 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:47:07.0968 2492 perc2 - ok
14:47:07.0984 2492 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:47:07.0984 2492 perc2hib - ok
14:47:08.0015 2492 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:47:08.0015 2492 PlugPlay - ok
14:47:08.0031 2492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:47:08.0031 2492 PolicyAgent - ok
14:47:08.0046 2492 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:47:08.0046 2492 PptpMiniport - ok
14:47:08.0062 2492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:47:08.0062 2492 ProtectedStorage - ok
14:47:08.0062 2492 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:47:08.0062 2492 PSched - ok
14:47:08.0078 2492 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:47:08.0078 2492 Ptilink - ok
14:47:08.0093 2492 [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:47:08.0093 2492 PxHelp20 - ok
14:47:08.0109 2492 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:47:08.0109 2492 ql1080 - ok
14:47:08.0125 2492 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:47:08.0125 2492 Ql10wnt - ok
14:47:08.0125 2492 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:47:08.0140 2492 ql12160 - ok
14:47:08.0140 2492 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:47:08.0140 2492 ql1240 - ok
14:47:08.0156 2492 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:47:08.0156 2492 ql1280 - ok
14:47:08.0171 2492 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:47:08.0171 2492 RasAcd - ok
14:47:08.0203 2492 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:47:08.0218 2492 RasAuto - ok
14:47:08.0234 2492 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:47:08.0234 2492 Rasl2tp - ok
14:47:08.0265 2492 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:47:08.0281 2492 RasMan - ok
14:47:08.0281 2492 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:47:08.0281 2492 RasPppoe - ok
14:47:08.0296 2492 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:47:08.0296 2492 Raspti - ok
14:47:08.0312 2492 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:47:08.0328 2492 Rdbss - ok
14:47:08.0328 2492 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:47:08.0328 2492 RDPCDD - ok
14:47:08.0375 2492 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:47:08.0375 2492 rdpdr - ok
14:47:08.0421 2492 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:47:08.0421 2492 RDPWD - ok
14:47:08.0453 2492 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:47:08.0468 2492 RDSessMgr - ok
14:47:08.0484 2492 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:47:08.0484 2492 redbook - ok
14:47:08.0515 2492 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:47:08.0515 2492 RemoteAccess - ok
14:47:08.0531 2492 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:47:08.0531 2492 RpcLocator - ok
14:47:08.0562 2492 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:47:08.0562 2492 RpcSs - ok
14:47:08.0609 2492 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:47:08.0609 2492 RSVP - ok
14:47:08.0640 2492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:47:08.0640 2492 SamSs - ok
14:47:08.0656 2492 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:47:08.0656 2492 SASDIFSV - ok
14:47:08.0671 2492 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:47:08.0671 2492 SASKUTIL - ok
14:47:08.0687 2492 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:47:08.0687 2492 SCardSvr - ok
14:47:08.0734 2492 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:47:08.0734 2492 Schedule - ok
14:47:08.0765 2492 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:47:08.0765 2492 Secdrv - ok
14:47:08.0796 2492 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:47:08.0796 2492 seclogon - ok
14:47:08.0843 2492 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
14:47:08.0843 2492 senfilt - ok
14:47:08.0859 2492 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:47:08.0859 2492 SENS - ok
14:47:08.0875 2492 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:47:08.0875 2492 serenum - ok
14:47:08.0875 2492 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:47:08.0890 2492 Serial - ok
14:47:08.0921 2492 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:47:08.0921 2492 Sfloppy - ok
14:47:08.0953 2492 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:47:08.0968 2492 SharedAccess - ok
14:47:08.0984 2492 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:47:08.0984 2492 ShellHWDetection - ok
14:47:09.0000 2492 Simbad - ok
14:47:09.0015 2492 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:47:09.0031 2492 sisagp - ok
14:47:09.0046 2492 [ 86C4D93B7B7818D066C52FDB03C6C921 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:47:09.0046 2492 smwdm - ok
14:47:09.0078 2492 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:47:09.0078 2492 Sparrow - ok
14:47:09.0093 2492 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:47:09.0093 2492 splitter - ok
14:47:09.0125 2492 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:47:09.0140 2492 Spooler - ok
14:47:09.0156 2492 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:47:09.0156 2492 sr - ok
14:47:09.0203 2492 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:47:09.0203 2492 srservice - ok
14:47:09.0234 2492 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:47:09.0234 2492 Srv - ok
14:47:09.0250 2492 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:47:09.0265 2492 SSDPSRV - ok
14:47:09.0281 2492 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:47:09.0296 2492 stisvc - ok
14:47:09.0312 2492 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:47:09.0312 2492 swenum - ok
14:47:09.0328 2492 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:47:09.0328 2492 swmidi - ok
14:47:09.0343 2492 SwPrv - ok
14:47:09.0359 2492 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:47:09.0359 2492 symc810 - ok
14:47:09.0359 2492 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:47:09.0359 2492 symc8xx - ok
14:47:09.0375 2492 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:47:09.0375 2492 sym_hi - ok
14:47:09.0390 2492 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:47:09.0390 2492 sym_u3 - ok
14:47:09.0406 2492 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:47:09.0406 2492 sysaudio - ok
14:47:09.0421 2492 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:47:09.0437 2492 SysmonLog - ok
14:47:09.0453 2492 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:47:09.0453 2492 TapiSrv - ok
14:47:09.0500 2492 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:47:09.0500 2492 Tcpip - ok
14:47:09.0531 2492 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:47:09.0531 2492 TDPIPE - ok
14:47:09.0531 2492 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:47:09.0531 2492 TDTCP - ok
14:47:09.0562 2492 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:47:09.0562 2492 TermDD - ok
14:47:09.0578 2492 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:47:09.0593 2492 TermService - ok
14:47:09.0609 2492 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:47:09.0609 2492 Themes - ok
14:47:09.0625 2492 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:47:09.0625 2492 TosIde - ok
14:47:09.0656 2492 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:47:09.0656 2492 TrkWks - ok
14:47:09.0687 2492 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:47:09.0687 2492 Udfs - ok
14:47:09.0687 2492 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:47:09.0687 2492 ultra - ok
14:47:09.0734 2492 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:47:09.0734 2492 Update - ok
14:47:09.0765 2492 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:47:09.0765 2492 upnphost - ok
14:47:09.0781 2492 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:47:09.0781 2492 UPS - ok
14:47:09.0812 2492 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:47:09.0812 2492 usbccgp - ok
14:47:09.0828 2492 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:47:09.0843 2492 usbehci - ok
14:47:09.0843 2492 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:47:09.0843 2492 usbhub - ok
14:47:09.0875 2492 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:47:09.0875 2492 USBSTOR - ok
14:47:09.0906 2492 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:47:09.0906 2492 usbuhci - ok
14:47:09.0921 2492 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:47:09.0921 2492 VgaSave - ok
14:47:09.0937 2492 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:47:09.0937 2492 viaagp - ok
14:47:09.0953 2492 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:47:09.0953 2492 ViaIde - ok
14:47:09.0953 2492 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:47:09.0953 2492 VolSnap - ok
14:47:10.0000 2492 [ 9D889B338356B1BD1242B8841E0744A4 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
14:47:10.0015 2492 Vsdatant - ok
14:47:10.0031 2492 vsmon - ok
14:47:10.0062 2492 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:47:10.0062 2492 VSS - ok
14:47:10.0093 2492 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
14:47:10.0093 2492 w32time - ok
14:47:10.0109 2492 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:47:10.0109 2492 Wanarp - ok
14:47:10.0109 2492 wanatw - ok
14:47:10.0125 2492 WDICA - ok
14:47:10.0140 2492 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:47:10.0140 2492 wdmaud - ok
14:47:10.0171 2492 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:47:10.0171 2492 WebClient - ok
14:47:10.0250 2492 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:47:10.0250 2492 winmgmt - ok
14:47:10.0296 2492 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:47:10.0296 2492 WmdmPmSN - ok
14:47:10.0312 2492 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:47:10.0312 2492 WmiApSrv - ok
14:47:10.0390 2492 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:47:10.0406 2492 WMPNetworkSvc - ok
14:47:10.0500 2492 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:47:10.0515 2492 WPFFontCache_v0400 - ok
14:47:10.0562 2492 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:47:10.0562 2492 wscsvc - ok
14:47:10.0593 2492 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:47:10.0593 2492 wuauserv - ok
14:47:10.0625 2492 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:47:10.0625 2492 WudfPf - ok
14:47:10.0640 2492 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:47:10.0656 2492 WudfRd - ok
14:47:10.0671 2492 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:47:10.0671 2492 WudfSvc - ok
14:47:10.0718 2492 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:47:10.0718 2492 WZCSVC - ok
14:47:10.0750 2492 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:47:10.0750 2492 xmlprov - ok
14:47:10.0765 2492 ================ Scan global ===============================
14:47:10.0796 2492 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:47:10.0843 2492 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:47:10.0843 2492 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:47:10.0859 2492 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:47:10.0859 2492 [Global] - ok
14:47:10.0859 2492 ================ Scan MBR ==================================
14:47:10.0875 2492 [ A03E065717CB65F3034AD33AD58B6BBA ] \Device\Harddisk0\DR0
14:47:11.0062 2492 \Device\Harddisk0\DR0 - ok
14:47:11.0062 2492 ================ Scan VBR ==================================
14:47:11.0062 2492 [ 4F8C5FF9A0131716D0CA613C4059D962 ] \Device\Harddisk0\DR0\Partition1
14:47:11.0062 2492 \Device\Harddisk0\DR0\Partition1 - ok
14:47:11.0062 2492 ============================================================
14:47:11.0062 2492 Scan finished
14:47:11.0062 2492 ============================================================
14:47:11.0078 2280 Detected object count: 0
14:47:11.0078 2280 Actual detected object count: 0
14:48:22.0593 2332 Deinitialize success

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:17 AM

Posted 02 September 2012 - 07:38 PM

Can you run aswMBR now

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 mrthon

mrthon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 02 September 2012 - 09:13 PM

Hi m0le-

I had some difficulty downloading the file. A few times after hitting the link, the download box would disappear after a few hundred kb. I would go to the desktop and that's all that would be downloaded. After the fourth try it worked, but very slowly (about 3 minutes on a 1.5MB DSL connection). The total file size is now apparently 4.51MB, did avast change the file? Ran the application, here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 18:48:39
-----------------------------
18:48:39.531 OS Version: Windows 5.1.2600 Service Pack 3
18:48:39.531 Number of processors: 2 586 0x403
18:48:39.531 ComputerName: COMPUTER2 UserName: Robert
18:48:46.328 Initialize success
18:50:32.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:50:32.859 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
18:50:32.875 Disk 0 MBR read successfully
18:50:32.875 Disk 0 MBR scan
18:50:32.875 Disk 0 unknown MBR code
18:50:32.875 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
18:50:32.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148891 MB offset 96390
18:50:32.906 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3647 MB offset 305026155
18:50:32.906 Disk 0 scanning sectors +312496380
18:50:32.968 Disk 0 scanning C:\WINDOWS\system32\drivers
18:50:40.734 Service scanning
18:50:48.109 Modules scanning
18:51:06.546 Disk 0 trace - called modules:
18:51:06.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:51:07.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afc92c0]
18:51:07.062 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8afc7030]
18:51:07.062 Scan finished successfully
18:53:12.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robert\Desktop\MBR.dat"
18:53:12.468 The log file has been saved successfully to "C:\Documents and Settings\Robert\Desktop\aswMBR.txt"

Again, thanks!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:17 AM

Posted 03 September 2012 - 05:49 PM

3 minutes is average and Avast uploads updates so the file size would change.

Please run FSS

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#9 mrthon

mrthon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 04 September 2012 - 02:45 PM

OK -

Here is the FSS log:

Farbar Service Scanner Version: 06-08-2012
Ran by Robert (administrator) on 04-09-2012 at 12:36:42
Running from "C:\Documents and Settings\Robert\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) kl2(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000800000004000000010000000200000003000000050000000600000007000000


**** End of log ****

Again, thanks for your continued help!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:17 AM

Posted 04 September 2012 - 05:21 PM

Can you now run an online scan with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#11 mrthon

mrthon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 05 September 2012 - 12:22 AM

Hi again-

I did as you requested and scanned with ESET online, checking the settings you listed above. The scan results were clean, no infected files listed so ESET didn't make a log.

Is there anything else I should check? Or can I breathe easier now?

Thanks for your perseverance in helping me!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:17 AM

Posted 05 September 2012 - 06:14 PM

Yes, you are clear. The two entries with embedded nulls are actually legitimate.

Just a clear up and you're ready to go

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it mrthon, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 mrthon

mrthon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 September 2012 - 08:39 PM

Hi m0le-

Thanks so much for your help and advice. I have followed your recommendations on the clean up (OTC) and the other items and can finally breathe a HUGE sigh of relief!

Best Regards,

mrthon

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:17 AM

Posted 07 September 2012 - 08:44 PM

Thank you for the donation, Robert :)
Posted Image
m0le is a proud member of UNITE

#15 mrthon

mrthon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 08 September 2012 - 05:58 PM

You are very welcome, and again, thanks. You guys on this site are awesome. Keep up the great work!

Have a good day.

Best regards,

mrthon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users