Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

eBay, PayPal accts hacked - avast found Win32-Spyware, Malwarebytes found Codec-C.exe (Affiliate.Downloader)


  • This topic is locked This topic is locked
6 replies to this topic

#1 nachtkitten

nachtkitten

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 11 November 2012 - 04:02 AM

I'm not sure when my computer was infected, but on Wednesday morning I logged into my email and saw that my eBay selling account had been hacked, and the hacker(s) made 55 transactions through my PayPal account (draining my existing PayPal funds, then my bank account, then my credit card...the latter two were attached to my PayPal account and those transactions were still pending). I made all the necessary phone calls, then changed my eBay and PayPal emails using a friend's computer (which had just been reformatted the day before and hadn't been online before I used it that day). I neglected to change the password for the email I had associated with my eBay account, and the next day, my eBay account had been hacked again, but eBay had unlinked my PayPal account due to the suspicious activity the day before so no transactions went through. I then changed all passwords again, including my email password. That seemed to do the trick. I got home today and got back on my computer, then ran a scan on avast, which found Win32-Spyware (I clicked "Move to Chest"). I also ran Malwarebytes and it found Codec-C.exe (Affiliate.Downloader), I quarantined this. And I'm not sure what else may be lurking on my computer, so I would be very grateful for any help.


DDS.txt log:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Dad at 21:47:29 on 2012-11-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.136 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dad\Desktop\OTL.exe
C:\Program Files\JGsoft\EditPadLite\EditPad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: GoGoData AdBuster : {3EB9C349-7473-48AC-A59B-42F31751974B} - c:\program files\gogodata.com\gogodata toolbar\TomahawkBar.dll
BHO: McAfee AntiPhishing Filter: {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\McApfBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {BA52B914-B692-46c4-B683-905236F6F655} - c:\program files\mcafee.com\vso\mcvsshl.dll
TB: GoGoData AdBuster : {3EB9C349-7473-48AC-A59B-42F31751974B} - c:\program files\gogodata.com\gogodata toolbar\TomahawkBar.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [GoGoTray.exe] c:\program files\gogodata.com\gogodata toolbar\GoGoTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Aim6] <no file>
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\McApfBHO.dll
IE: {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - {3EB9C349-7473-48AC-A59B-42F31751974B}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238557909203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{CFF4C0F9-2A04-4E44-9018-88573E537B9F} : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\oqmr0fv7.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\dad\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-09-30 12:08; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-30 12:35; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQpIyCjJ4&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 78879e37000000000000000c416d74b4
FF - user.js: extensions.incredibar_i.hardId - 78879e37000000000000000c416d74b4
FF - user.js: extensions.incredibar_i.instlDay - 15397
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2714:09:17
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQpIyCjJ4
FF - user.js: extensions.incredibar_i.upn2n - 92542449449195750
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 48
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-22 165584]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2005-12-1 80640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-8-27 566616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-17 40384]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-2-7 245760]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-10 40776]
S3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [2005-12-7 54784]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-12-1 114464]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\jgsoft\editpadlite\EditPad.exe" "%1"
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-11-11 03:19:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-02 06:09:03 -------- d-----w- c:\documents and settings\all users\application data\Graboid Inc
2012-11-02 06:09:01 -------- d-----w- c:\documents and settings\dad\local settings\application data\Geckofx
2012-11-02 06:03:52 -------- d-----w- c:\program files\VideoLAN
2012-11-02 06:03:32 -------- d-----w- c:\program files\Graboid
2012-11-02 06:02:39 -------- d-----w- c:\documents and settings\all users\application data\Package Cache
.
==================== Find3M ====================
.
2012-10-09 02:05:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 02:05:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 22:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 22:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 20:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 21:50:02.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:45 PM

Posted 11 November 2012 - 09:24 AM

Hi nachtkitten and welcome to BC. :)

Can you please post the resulting log of MBAM and Avast if they are still available.


Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 nachtkitten

nachtkitten
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 11 November 2012 - 06:00 PM

Thank you for your prompt response. I don't know how to access the MBAM and the avast logs again, do you know how I can locate them? All I know is that MBAM found 1 infected file, only the Codec-C (Affiliate.Downloader).

Here is the log for the TDSSKiller, which found nothing infected:
14:56:34.0000 3104 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:56:34.0468 3104 ============================================================
14:56:34.0468 3104 Current date / time: 2012/11/11 14:56:34.0468
14:56:34.0468 3104 SystemInfo:
14:56:34.0468 3104
14:56:34.0468 3104 OS Version: 5.1.2600 ServicePack: 3.0
14:56:34.0468 3104 Product type: Workstation
14:56:34.0468 3104 ComputerName: LIU
14:56:34.0468 3104 UserName: Dad
14:56:34.0468 3104 Windows directory: C:\WINDOWS
14:56:34.0468 3104 System windows directory: C:\WINDOWS
14:56:34.0468 3104 Processor architecture: Intel x86
14:56:34.0468 3104 Number of processors: 2
14:56:34.0468 3104 Page size: 0x1000
14:56:34.0468 3104 Boot type: Normal boot
14:56:34.0468 3104 ============================================================
14:56:34.0843 3104 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:56:34.0859 3104 ============================================================
14:56:34.0859 3104 \Device\Harddisk0\DR0:
14:56:34.0859 3104 MBR partitions:
14:56:34.0859 3104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8B9A598
14:56:34.0859 3104 ============================================================
14:56:34.0890 3104 C: <-> \Device\Harddisk0\DR0\Partition1
14:56:34.0906 3104 ============================================================
14:56:34.0906 3104 Initialize success
14:56:34.0906 3104 ============================================================
14:56:36.0671 3224 ============================================================
14:56:36.0671 3224 Scan started
14:56:36.0671 3224 Mode: Manual;
14:56:36.0671 3224 ============================================================
14:56:36.0890 3224 ================ Scan system memory ========================
14:56:36.0890 3224 System memory - ok
14:56:36.0890 3224 ================ Scan services =============================
14:56:36.0890 3224 .afd - ok
14:56:36.0906 3224 .cdrom - ok
14:56:36.0906 3224 .mrxsmb - ok
14:56:36.0921 3224 .netbt - ok
14:56:37.0453 3224 [ 8D488938E2F7048906F1FBD3AF394887 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:56:37.0468 3224 Aavmker4 - ok
14:56:37.0578 3224 [ C7572C802FEC8F539253C2D52BC2972C ] aawservice C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
14:56:37.0593 3224 aawservice - ok
14:56:37.0593 3224 Abiosdsk - ok
14:56:37.0625 3224 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:56:37.0625 3224 abp480n5 - ok
14:56:37.0656 3224 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:56:37.0656 3224 ACPI - ok
14:56:37.0687 3224 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:56:37.0687 3224 ACPIEC - ok
14:56:37.0765 3224 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:56:37.0765 3224 AdobeFlashPlayerUpdateSvc - ok
14:56:37.0796 3224 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:56:37.0796 3224 adpu160m - ok
14:56:37.0828 3224 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:56:37.0828 3224 aec - ok
14:56:37.0859 3224 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:56:37.0859 3224 AegisP - ok
14:56:37.0890 3224 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:56:37.0890 3224 AFD - ok
14:56:37.0921 3224 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
14:56:37.0921 3224 AFS2K - ok
14:56:37.0953 3224 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:56:37.0953 3224 agp440 - ok
14:56:38.0000 3224 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:56:38.0000 3224 agpCPQ - ok
14:56:38.0015 3224 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:56:38.0015 3224 Aha154x - ok
14:56:38.0046 3224 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:56:38.0046 3224 aic78u2 - ok
14:56:38.0046 3224 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:56:38.0046 3224 aic78xx - ok
14:56:38.0093 3224 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:56:38.0093 3224 Alerter - ok
14:56:38.0109 3224 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:56:38.0109 3224 ALG - ok
14:56:38.0140 3224 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:56:38.0140 3224 AliIde - ok
14:56:38.0156 3224 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:56:38.0156 3224 alim1541 - ok
14:56:38.0187 3224 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:56:38.0187 3224 amdagp - ok
14:56:38.0203 3224 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:56:38.0203 3224 amsint - ok
14:56:38.0296 3224 [ 3A4982DF893F198A2DFBCCD4CE10F93A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:56:38.0296 3224 Apple Mobile Device - ok
14:56:38.0328 3224 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:56:38.0328 3224 AppMgmt - ok
14:56:38.0359 3224 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:56:38.0359 3224 asc - ok
14:56:38.0390 3224 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:56:38.0390 3224 asc3350p - ok
14:56:38.0406 3224 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:56:38.0406 3224 asc3550 - ok
14:56:38.0671 3224 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:56:38.0687 3224 aspnet_state - ok
14:56:38.0703 3224 [ A0D86B8AC93EF95620420C7A24AC5344 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:56:38.0703 3224 aswFsBlk - ok
14:56:38.0750 3224 [ 7D880C76A285A41284D862E2D798EC0D ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:56:38.0750 3224 aswMon2 - ok
14:56:38.0765 3224 [ 69823954BBD461A73D69774928C9737E ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
14:56:38.0765 3224 aswRdr - ok
14:56:38.0796 3224 [ 7ECC2776638B04553F9A85BD684C3ABF ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:56:38.0796 3224 aswSP - ok
14:56:38.0812 3224 [ 095ED820A926AA8189180B305E1BCFC9 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:56:38.0812 3224 aswTdi - ok
14:56:38.0859 3224 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:56:38.0859 3224 AsyncMac - ok
14:56:38.0890 3224 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:56:38.0890 3224 atapi - ok
14:56:38.0890 3224 Atdisk - ok
14:56:38.0937 3224 [ 465874CA7CE49A2154104509A5A42936 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:56:38.0937 3224 Ati HotKey Poller - ok
14:56:39.0000 3224 [ 3483E6D18B811229A337FF1D105270D9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
14:56:39.0000 3224 ATI Smart - ok
14:56:39.0109 3224 [ 7790F8D1000FCE5CFD33CCF4F861928F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:56:39.0125 3224 ati2mtag - ok
14:56:39.0156 3224 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:56:39.0156 3224 Atmarpc - ok
14:56:39.0187 3224 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:56:39.0187 3224 AudioSrv - ok
14:56:39.0218 3224 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:56:39.0218 3224 audstub - ok
14:56:39.0328 3224 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:56:39.0328 3224 avast! Antivirus - ok
14:56:39.0328 3224 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:56:39.0328 3224 avast! Mail Scanner - ok
14:56:39.0328 3224 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:56:39.0343 3224 avast! Web Scanner - ok
14:56:39.0375 3224 [ 438179ABE9B7A922A21B8D6369FF52FF ] BCM42RLY C:\WINDOWS\System32\BCM42RLY.SYS
14:56:39.0375 3224 BCM42RLY - ok
14:56:39.0406 3224 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:56:39.0406 3224 Beep - ok
14:56:39.0453 3224 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:56:39.0453 3224 BITS - ok
14:56:39.0484 3224 [ 04E84C8049EE93614A2FF6D676D1E247 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
14:56:39.0484 3224 BlueletAudio - ok
14:56:39.0515 3224 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
14:56:39.0515 3224 Browser - ok
14:56:39.0593 3224 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
14:56:39.0593 3224 BrYNSvc - ok
14:56:39.0625 3224 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
14:56:39.0625 3224 BT - ok
14:56:39.0656 3224 [ 7304ACC25455746912DE37D7DED387ED ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
14:56:39.0656 3224 Btcsrusb - ok
14:56:39.0687 3224 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:56:39.0687 3224 BthEnum - ok
14:56:39.0718 3224 [ 161969D2DD1D39CD2F1EDBC60C61FA99 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
14:56:39.0718 3224 BTHidEnum - ok
14:56:39.0734 3224 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
14:56:39.0734 3224 BTHidMgr - ok
14:56:39.0765 3224 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:56:39.0765 3224 BthPan - ok
14:56:39.0812 3224 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
14:56:39.0812 3224 BTHPORT - ok
14:56:39.0828 3224 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
14:56:39.0828 3224 BthServ - ok
14:56:39.0859 3224 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:56:39.0859 3224 BTHUSB - ok
14:56:39.0875 3224 bvrp_pci - ok
14:56:39.0906 3224 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:56:39.0906 3224 cbidf - ok
14:56:39.0921 3224 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:56:39.0921 3224 cbidf2k - ok
14:56:39.0953 3224 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:56:39.0953 3224 CCDECODE - ok
14:56:39.0968 3224 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:56:39.0968 3224 cd20xrnt - ok
14:56:39.0984 3224 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:56:40.0000 3224 Cdaudio - ok
14:56:40.0015 3224 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:56:40.0015 3224 Cdfs - ok
14:56:40.0031 3224 Changer - ok
14:56:40.0046 3224 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:56:40.0062 3224 CiSvc - ok
14:56:40.0078 3224 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:56:40.0078 3224 ClipSrv - ok
14:56:40.0125 3224 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:56:40.0125 3224 clr_optimization_v2.0.50727_32 - ok
14:56:40.0171 3224 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:56:40.0171 3224 CmdIde - ok
14:56:40.0171 3224 COMSysApp - ok
14:56:40.0218 3224 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:56:40.0218 3224 Cpqarray - ok
14:56:40.0250 3224 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:56:40.0250 3224 CryptSvc - ok
14:56:40.0281 3224 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:56:40.0281 3224 dac2w2k - ok
14:56:40.0312 3224 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:56:40.0312 3224 dac960nt - ok
14:56:40.0343 3224 [ B1AD007F9A7DD8CFC981958D5C167D2D ] DcCam C:\WINDOWS\system32\DRIVERS\DcCam.sys
14:56:40.0359 3224 DcCam - ok
14:56:40.0390 3224 [ 5FD20284CAAF112201311619FF89FA44 ] DcFpoint C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
14:56:40.0390 3224 DcFpoint - ok
14:56:40.0406 3224 [ 867F7E6841B15D32481C3F1B83364E3A ] DCFS2K C:\WINDOWS\system32\drivers\dcfs2k.sys
14:56:40.0406 3224 DCFS2K - ok
14:56:40.0437 3224 [ 1B889AC45FAF088FF2AF690779368956 ] DcLps C:\WINDOWS\system32\DRIVERS\DcLps.sys
14:56:40.0437 3224 DcLps - ok
14:56:40.0500 3224 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:56:40.0500 3224 DcomLaunch - ok
14:56:40.0531 3224 [ 4AFAEA300A82F0470DC8B8ABD619ABA8 ] DcPTP C:\WINDOWS\system32\DRIVERS\DcPTP.sys
14:56:40.0531 3224 DcPTP - ok
14:56:40.0562 3224 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:56:40.0562 3224 Dhcp - ok
14:56:40.0609 3224 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:56:40.0609 3224 Disk - ok
14:56:40.0625 3224 dmadmin - ok
14:56:40.0687 3224 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:56:40.0687 3224 dmboot - ok
14:56:40.0718 3224 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:56:40.0718 3224 dmio - ok
14:56:40.0765 3224 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:56:40.0765 3224 dmload - ok
14:56:40.0796 3224 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:56:40.0796 3224 dmserver - ok
14:56:40.0828 3224 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:56:40.0828 3224 DMusic - ok
14:56:40.0843 3224 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:56:40.0843 3224 Dnscache - ok
14:56:40.0890 3224 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:56:40.0890 3224 Dot3svc - ok
14:56:40.0921 3224 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:56:40.0921 3224 dpti2o - ok
14:56:40.0937 3224 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:56:40.0937 3224 drmkaud - ok
14:56:40.0953 3224 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
14:56:40.0968 3224 drvmcdb - ok
14:56:40.0968 3224 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
14:56:40.0984 3224 drvnddm - ok
14:56:41.0031 3224 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
14:56:41.0031 3224 DSBrokerService - ok
14:56:41.0109 3224 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:56:41.0109 3224 DSproct - ok
14:56:41.0125 3224 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
14:56:41.0125 3224 dsunidrv - ok
14:56:41.0156 3224 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:56:41.0156 3224 E100B - ok
14:56:41.0203 3224 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:56:41.0203 3224 e1express - ok
14:56:41.0234 3224 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:56:41.0234 3224 EapHost - ok
14:56:41.0281 3224 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
14:56:41.0281 3224 ehRecvr - ok
14:56:41.0296 3224 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
14:56:41.0296 3224 ehSched - ok
14:56:41.0343 3224 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:56:41.0343 3224 ERSvc - ok
14:56:41.0375 3224 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:56:41.0375 3224 Eventlog - ok
14:56:41.0421 3224 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:56:41.0421 3224 EventSystem - ok
14:56:41.0453 3224 [ 7AE55F93DA22F0732993BCE6093105DD ] Exportit C:\WINDOWS\system32\DRIVERS\exportit.sys
14:56:41.0453 3224 Exportit - ok
14:56:41.0500 3224 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:56:41.0500 3224 Fastfat - ok
14:56:41.0531 3224 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:56:41.0531 3224 FastUserSwitchingCompatibility - ok
14:56:41.0578 3224 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
14:56:41.0578 3224 Fax - ok
14:56:41.0593 3224 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:56:41.0593 3224 Fdc - ok
14:56:41.0625 3224 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:56:41.0625 3224 Fips - ok
14:56:41.0640 3224 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:56:41.0640 3224 Flpydisk - ok
14:56:41.0671 3224 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:56:41.0671 3224 FltMgr - ok
14:56:41.0750 3224 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:56:41.0750 3224 FontCache3.0.0.0 - ok
14:56:41.0765 3224 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:56:41.0765 3224 Fs_Rec - ok
14:56:41.0812 3224 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:56:41.0812 3224 Ftdisk - ok
14:56:41.0828 3224 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:56:41.0843 3224 GEARAspiWDM - ok
14:56:41.0859 3224 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:56:41.0859 3224 Gpc - ok
14:56:41.0890 3224 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
14:56:41.0890 3224 GTNDIS5 - ok
14:56:41.0968 3224 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:41.0968 3224 gupdate - ok
14:56:41.0968 3224 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:41.0968 3224 gupdatem - ok
14:56:42.0000 3224 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:56:42.0000 3224 HDAudBus - ok
14:56:42.0062 3224 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:56:42.0062 3224 helpsvc - ok
14:56:42.0093 3224 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:56:42.0093 3224 HidServ - ok
14:56:42.0125 3224 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:56:42.0125 3224 HidUsb - ok
14:56:42.0156 3224 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:56:42.0156 3224 hkmsvc - ok
14:56:42.0187 3224 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:56:42.0187 3224 hpn - ok
14:56:42.0265 3224 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
14:56:42.0281 3224 hpqcxs08 - ok
14:56:42.0328 3224 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
14:56:42.0328 3224 hpqddsvc - ok
14:56:42.0375 3224 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:56:42.0375 3224 HPZid412 - ok
14:56:42.0390 3224 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:56:42.0390 3224 HPZipr12 - ok
14:56:42.0421 3224 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:56:42.0421 3224 HPZius12 - ok
14:56:42.0453 3224 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:56:42.0453 3224 HSFHWBS2 - ok
14:56:42.0484 3224 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:56:42.0500 3224 HSF_DP - ok
14:56:42.0546 3224 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:56:42.0546 3224 HTTP - ok
14:56:42.0578 3224 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:56:42.0578 3224 HTTPFilter - ok
14:56:42.0609 3224 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:56:42.0609 3224 i2omgmt - ok
14:56:42.0640 3224 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:56:42.0640 3224 i2omp - ok
14:56:42.0656 3224 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:56:42.0656 3224 i8042prt - ok
14:56:42.0718 3224 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
14:56:42.0718 3224 IAANTMon - ok
14:56:42.0781 3224 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
14:56:42.0781 3224 iastor - ok
14:56:42.0890 3224 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:56:42.0890 3224 IDriverT - ok
14:56:43.0031 3224 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:56:43.0031 3224 idsvc - ok
14:56:43.0078 3224 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:56:43.0078 3224 Imapi - ok
14:56:43.0109 3224 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:56:43.0109 3224 ImapiService - ok
14:56:43.0140 3224 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:56:43.0140 3224 ini910u - ok
14:56:43.0171 3224 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:56:43.0171 3224 IntelIde - ok
14:56:43.0218 3224 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:56:43.0218 3224 intelppm - ok
14:56:43.0234 3224 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:56:43.0234 3224 Ip6Fw - ok
14:56:43.0265 3224 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:56:43.0265 3224 IpFilterDriver - ok
14:56:43.0296 3224 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:56:43.0296 3224 IpInIp - ok
14:56:43.0328 3224 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:56:43.0328 3224 IpNat - ok
14:56:43.0375 3224 [ 97BAD81620E9F115F86D79952C625916 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:56:43.0375 3224 iPod Service - ok
14:56:43.0421 3224 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:56:43.0421 3224 IPSec - ok
14:56:43.0453 3224 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:56:43.0453 3224 IRENUM - ok
14:56:43.0468 3224 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:56:43.0468 3224 isapnp - ok
14:56:43.0640 3224 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
14:56:43.0640 3224 JavaQuickStarterService - ok
14:56:43.0656 3224 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:56:43.0656 3224 Kbdclass - ok
14:56:43.0671 3224 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:56:43.0671 3224 kbdhid - ok
14:56:43.0703 3224 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:56:43.0703 3224 kmixer - ok
14:56:43.0718 3224 [ 4E1060D2F3B745931CF83B3649BE8A57 ] KodakCCS C:\WINDOWS\system32\drivers\KodakCCS.exe
14:56:43.0734 3224 KodakCCS - ok
14:56:43.0765 3224 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:56:43.0765 3224 KSecDD - ok
14:56:43.0796 3224 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:56:43.0796 3224 lanmanserver - ok
14:56:43.0843 3224 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:56:43.0843 3224 lanmanworkstation - ok
14:56:43.0859 3224 lbrtfdc - ok
14:56:43.0875 3224 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:56:43.0890 3224 LmHosts - ok
14:56:43.0906 3224 [ 1424D699DC7E5C9672E4B93152B68B12 ] MA311 C:\WINDOWS\system32\DRIVERS\ma311n51.sys
14:56:43.0906 3224 MA311 - ok
14:56:44.0031 3224 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
14:56:44.0031 3224 McComponentHostService - ok
14:56:44.0109 3224 [ F73B0F3EBD90B1C87A3B93BE94E831C7 ] McDetect.exe c:\program files\mcafee.com\agent\mcdetect.exe
14:56:44.0109 3224 McDetect.exe - ok
14:56:44.0156 3224 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
14:56:44.0156 3224 McrdSvc - ok
14:56:44.0171 3224 [ A214E217784D1002411DCA8E9793D4A4 ] McTskshd.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
14:56:44.0171 3224 McTskshd.exe - ok
14:56:44.0171 3224 mcupdmgr.exe - ok
14:56:44.0218 3224 [ BEE76AC58BB524523A84000BA8EFE55A ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
14:56:44.0218 3224 MDC8021X - ok
14:56:44.0234 3224 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:56:44.0234 3224 mdmxsdk - ok
14:56:44.0265 3224 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:56:44.0265 3224 Messenger - ok
14:56:44.0296 3224 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
14:56:44.0296 3224 MHN - ok
14:56:44.0312 3224 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:56:44.0312 3224 MHNDRV - ok
14:56:44.0343 3224 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:56:44.0343 3224 mnmdd - ok
14:56:44.0375 3224 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:56:44.0375 3224 mnmsrvc - ok
14:56:44.0390 3224 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:56:44.0390 3224 Modem - ok
14:56:44.0421 3224 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:56:44.0421 3224 MODEMCSA - ok
14:56:44.0437 3224 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:56:44.0437 3224 Mouclass - ok
14:56:44.0468 3224 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:56:44.0468 3224 mouhid - ok
14:56:44.0484 3224 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:56:44.0484 3224 MountMgr - ok
14:56:44.0515 3224 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:56:44.0515 3224 MozillaMaintenance - ok
14:56:44.0562 3224 [ 537B049DBABA4FEBCDAAE711C0F2805B ] MPFIREWL C:\WINDOWS\system32\Drivers\MpFirewall.sys
14:56:44.0562 3224 MPFIREWL - ok
14:56:44.0625 3224 [ 316535E69181703D4CE4623DEA29FECB ] MpfService C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
14:56:44.0625 3224 MpfService - ok
14:56:44.0656 3224 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:56:44.0656 3224 mraid35x - ok
14:56:44.0703 3224 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:56:44.0703 3224 MRxDAV - ok
14:56:44.0734 3224 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:56:44.0734 3224 MSDTC - ok
14:56:44.0750 3224 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:56:44.0750 3224 Msfs - ok
14:56:44.0765 3224 MSIServer - ok
14:56:44.0843 3224 [ 4DB8F824F17B8D9CC5826FBDF0205870 ] MskService C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
14:56:44.0843 3224 MskService - ok
14:56:44.0875 3224 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:56:44.0875 3224 MSKSSRV - ok
14:56:44.0890 3224 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:56:44.0890 3224 MSPCLOCK - ok
14:56:44.0921 3224 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:56:44.0921 3224 MSPQM - ok
14:56:44.0937 3224 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:56:44.0937 3224 mssmbios - ok
14:56:44.0968 3224 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:56:44.0968 3224 MSTEE - ok
14:56:45.0000 3224 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:56:45.0000 3224 Mup - ok
14:56:45.0046 3224 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:56:45.0046 3224 NABTSFEC - ok
14:56:45.0093 3224 [ AFFD46144D763D9046673DD2D012CFF9 ] NaiAvFilter1 C:\WINDOWS\system32\drivers\naiavf5x.sys
14:56:45.0093 3224 NaiAvFilter1 - ok
14:56:45.0140 3224 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:56:45.0140 3224 napagent - ok
14:56:45.0187 3224 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:56:45.0187 3224 NDIS - ok
14:56:45.0203 3224 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:56:45.0203 3224 NdisIP - ok
14:56:45.0234 3224 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:56:45.0234 3224 NdisTapi - ok
14:56:45.0250 3224 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:56:45.0250 3224 Ndisuio - ok
14:56:45.0265 3224 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:56:45.0265 3224 NdisWan - ok
14:56:45.0312 3224 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:56:45.0312 3224 NDProxy - ok
14:56:45.0343 3224 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:56:45.0359 3224 Net Driver HPZ12 - ok
14:56:45.0375 3224 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:56:45.0375 3224 NetBIOS - ok
14:56:45.0390 3224 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:56:45.0390 3224 NetBT - ok
14:56:45.0421 3224 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:56:45.0421 3224 NetDDE - ok
14:56:45.0421 3224 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:56:45.0437 3224 NetDDEdsdm - ok
14:56:45.0453 3224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:56:45.0453 3224 Netlogon - ok
14:56:45.0484 3224 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:56:45.0484 3224 Netman - ok
14:56:45.0593 3224 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
14:56:45.0593 3224 NetSvc - ok
14:56:45.0640 3224 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:56:45.0640 3224 NetTcpPortSharing - ok
14:56:45.0687 3224 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:56:45.0687 3224 Nla - ok
14:56:45.0734 3224 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:56:45.0734 3224 Npfs - ok
14:56:45.0765 3224 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:56:45.0765 3224 Ntfs - ok
14:56:45.0812 3224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:56:45.0812 3224 NtLmSsp - ok
14:56:45.0859 3224 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:56:45.0875 3224 NtmsSvc - ok
14:56:45.0890 3224 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:56:45.0890 3224 Null - ok
14:56:45.0953 3224 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:56:45.0968 3224 nv - ok
14:56:46.0000 3224 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:56:46.0000 3224 NwlnkFlt - ok
14:56:46.0046 3224 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:56:46.0046 3224 NwlnkFwd - ok
14:56:46.0078 3224 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:56:46.0078 3224 Parport - ok
14:56:46.0093 3224 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:56:46.0093 3224 PartMgr - ok
14:56:46.0140 3224 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:56:46.0140 3224 ParVdm - ok
14:56:46.0171 3224 PCANDIS5 - ok
14:56:46.0203 3224 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:56:46.0203 3224 PCI - ok
14:56:46.0218 3224 PCIDump - ok
14:56:46.0250 3224 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:56:46.0250 3224 PCIIde - ok
14:56:46.0265 3224 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:56:46.0265 3224 Pcmcia - ok
14:56:46.0281 3224 PDCOMP - ok
14:56:46.0281 3224 PDFRAME - ok
14:56:46.0296 3224 PDRELI - ok
14:56:46.0312 3224 PDRFRAME - ok
14:56:46.0343 3224 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:56:46.0343 3224 perc2 - ok
14:56:46.0359 3224 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:56:46.0359 3224 perc2hib - ok
14:56:46.0390 3224 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:56:46.0390 3224 PlugPlay - ok
14:56:46.0421 3224 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:56:46.0437 3224 Pml Driver HPZ12 - ok
14:56:46.0468 3224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:56:46.0468 3224 PolicyAgent - ok
14:56:46.0500 3224 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:56:46.0500 3224 PptpMiniport - ok
14:56:46.0500 3224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:56:46.0500 3224 ProtectedStorage - ok
14:56:46.0531 3224 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:56:46.0531 3224 PSched - ok
14:56:46.0562 3224 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:56:46.0562 3224 Ptilink - ok
14:56:46.0593 3224 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:56:46.0593 3224 PxHelp20 - ok
14:56:46.0625 3224 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:56:46.0625 3224 ql1080 - ok
14:56:46.0640 3224 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:56:46.0640 3224 Ql10wnt - ok
14:56:46.0656 3224 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:56:46.0656 3224 ql12160 - ok
14:56:46.0671 3224 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:56:46.0671 3224 ql1240 - ok
14:56:46.0687 3224 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:56:46.0687 3224 ql1280 - ok
14:56:46.0703 3224 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:56:46.0703 3224 RasAcd - ok
14:56:46.0750 3224 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:56:46.0750 3224 RasAuto - ok
14:56:46.0781 3224 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:56:46.0781 3224 Rasl2tp - ok
14:56:46.0828 3224 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:56:46.0828 3224 RasMan - ok
14:56:46.0859 3224 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:56:46.0859 3224 RasPppoe - ok
14:56:46.0875 3224 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:56:46.0875 3224 Raspti - ok
14:56:46.0890 3224 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:56:46.0906 3224 Rdbss - ok
14:56:46.0921 3224 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:56:46.0921 3224 RDPCDD - ok
14:56:46.0953 3224 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:56:46.0953 3224 rdpdr - ok
14:56:46.0984 3224 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:56:46.0984 3224 RDPWD - ok
14:56:47.0031 3224 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:56:47.0031 3224 RDSessMgr - ok
14:56:47.0062 3224 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:56:47.0062 3224 redbook - ok
14:56:47.0093 3224 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:56:47.0093 3224 RemoteAccess - ok
14:56:47.0140 3224 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:56:47.0140 3224 RemoteRegistry - ok
14:56:47.0171 3224 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:56:47.0171 3224 RFCOMM - ok
14:56:47.0218 3224 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
14:56:47.0218 3224 RimUsb - ok
14:56:47.0234 3224 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:56:47.0234 3224 RimVSerPort - ok
14:56:47.0281 3224 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
14:56:47.0281 3224 ROOTMODEM - ok
14:56:47.0359 3224 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
14:56:47.0359 3224 Roxio UPnP Renderer 9 - ok
14:56:47.0437 3224 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
14:56:47.0437 3224 Roxio Upnp Server 9 - ok
14:56:47.0640 3224 [ 78E680A105F47B6AA0003BD23ED9FA51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
14:56:47.0640 3224 RoxLiveShare9 - ok
14:56:47.0796 3224 [ 9D5C024170C376D7CC66ED853FDA9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:56:47.0796 3224 RoxMediaDB9 - ok
14:56:47.0875 3224 [ 87F175539DBBA297018AA7FCDD563FF7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
14:56:47.0875 3224 RoxWatch9 - ok
14:56:47.0906 3224 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:56:47.0906 3224 RpcLocator - ok
14:56:47.0953 3224 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:56:47.0953 3224 RpcSs - ok
14:56:47.0984 3224 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:56:48.0000 3224 RSVP - ok
14:56:48.0046 3224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:56:48.0046 3224 SamSs - ok
14:56:48.0093 3224 [ C5D996556C9DF4716A09E7F8C3DDD2CF ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:56:48.0093 3224 SASDIFSV - ok
14:56:48.0125 3224 [ 7F1085895E499907F68DF7731924122B ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:56:48.0125 3224 SASENUM - ok
14:56:48.0156 3224 [ 1380AB4AC393B5D3E21521FCED3CD834 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:56:48.0156 3224 SASKUTIL - ok
14:56:48.0187 3224 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:56:48.0187 3224 SCardSvr - ok
14:56:48.0218 3224 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:56:48.0218 3224 Schedule - ok
14:56:48.0265 3224 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:56:48.0265 3224 Secdrv - ok
14:56:48.0281 3224 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:56:48.0296 3224 seclogon - ok
14:56:48.0312 3224 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:56:48.0312 3224 SENS - ok
14:56:48.0343 3224 [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:56:48.0359 3224 Ser2pl - ok
14:56:48.0390 3224 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:56:48.0390 3224 serenum - ok
14:56:48.0421 3224 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:56:48.0421 3224 Serial - ok
14:56:48.0453 3224 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:56:48.0453 3224 Sfloppy - ok
14:56:48.0484 3224 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:56:48.0500 3224 SharedAccess - ok
14:56:48.0515 3224 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:56:48.0515 3224 ShellHWDetection - ok
14:56:48.0515 3224 Simbad - ok
14:56:48.0562 3224 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:56:48.0562 3224 sisagp - ok
14:56:48.0593 3224 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:56:48.0593 3224 SLIP - ok
14:56:48.0609 3224 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:56:48.0625 3224 SONYPVU1 - ok
14:56:48.0640 3224 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:56:48.0640 3224 Sparrow - ok
14:56:48.0671 3224 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:56:48.0671 3224 splitter - ok
14:56:48.0703 3224 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:56:48.0703 3224 Spooler - ok
14:56:48.0734 3224 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:56:48.0734 3224 sr - ok
14:56:48.0765 3224 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:56:48.0765 3224 srservice - ok
14:56:48.0812 3224 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:56:48.0812 3224 Srv - ok
14:56:48.0843 3224 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:56:48.0843 3224 sscdbhk5 - ok
14:56:48.0875 3224 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:56:48.0875 3224 SSDPSRV - ok
14:56:48.0890 3224 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
14:56:48.0890 3224 ssrtln - ok
14:56:48.0937 3224 [ 352B663A81402BE7CD7BD4EA27C9998C ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
14:56:48.0937 3224 STHDA - ok
14:56:48.0984 3224 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:56:48.0984 3224 stisvc - ok
14:56:49.0015 3224 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:56:49.0015 3224 streamip - ok
14:56:49.0031 3224 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:56:49.0031 3224 swenum - ok
14:56:49.0046 3224 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:56:49.0046 3224 swmidi - ok
14:56:49.0062 3224 SwPrv - ok
14:56:49.0078 3224 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:56:49.0078 3224 symc810 - ok
14:56:49.0093 3224 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:56:49.0109 3224 symc8xx - ok
14:56:49.0109 3224 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:56:49.0125 3224 sym_hi - ok
14:56:49.0140 3224 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:56:49.0140 3224 sym_u3 - ok
14:56:49.0156 3224 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:56:49.0156 3224 sysaudio - ok
14:56:49.0203 3224 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:56:49.0203 3224 SysmonLog - ok
14:56:49.0234 3224 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:56:49.0234 3224 TapiSrv - ok
14:56:49.0265 3224 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:56:49.0265 3224 Tcpip - ok
14:56:49.0281 3224 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:56:49.0281 3224 TDPIPE - ok
14:56:49.0296 3224 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:56:49.0312 3224 TDTCP - ok
14:56:49.0328 3224 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:56:49.0328 3224 TermDD - ok
14:56:49.0359 3224 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:56:49.0359 3224 TermService - ok
14:56:49.0437 3224 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
14:56:49.0437 3224 tfsnboio - ok
14:56:49.0437 3224 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
14:56:49.0437 3224 tfsncofs - ok
14:56:49.0453 3224 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
14:56:49.0453 3224 tfsndrct - ok
14:56:49.0484 3224 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
14:56:49.0484 3224 tfsndres - ok
14:56:49.0500 3224 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
14:56:49.0500 3224 tfsnifs - ok
14:56:49.0515 3224 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
14:56:49.0515 3224 tfsnopio - ok
14:56:49.0531 3224 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
14:56:49.0531 3224 tfsnpool - ok
14:56:49.0546 3224 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
14:56:49.0546 3224 tfsnudf - ok
14:56:49.0562 3224 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
14:56:49.0562 3224 tfsnudfa - ok
14:56:49.0593 3224 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:56:49.0593 3224 Themes - ok
14:56:49.0640 3224 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:56:49.0640 3224 TlntSvr - ok
14:56:49.0687 3224 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:56:49.0687 3224 TosIde - ok
14:56:49.0718 3224 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:56:49.0718 3224 TrkWks - ok
14:56:49.0734 3224 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:56:49.0750 3224 Udfs - ok
14:56:49.0781 3224 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:56:49.0781 3224 ultra - ok
14:56:49.0828 3224 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:56:49.0828 3224 Update - ok
14:56:49.0875 3224 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:56:49.0890 3224 upnphost - ok
14:56:49.0921 3224 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:56:49.0921 3224 UPS - ok
14:56:49.0953 3224 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:56:49.0953 3224 usbccgp - ok
14:56:49.0968 3224 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:56:49.0968 3224 usbehci - ok
14:56:50.0000 3224 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:56:50.0000 3224 usbhub - ok
14:56:50.0015 3224 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:56:50.0015 3224 usbprint - ok
14:56:50.0031 3224 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:56:50.0031 3224 usbscan - ok
14:56:50.0046 3224 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:56:50.0046 3224 USBSTOR - ok
14:56:50.0078 3224 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:56:50.0078 3224 usbuhci - ok
14:56:50.0093 3224 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
14:56:50.0093 3224 USB_RNDIS - ok
14:56:50.0109 3224 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
14:56:50.0109 3224 VComm - ok
14:56:50.0156 3224 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
14:56:50.0156 3224 VcommMgr - ok
14:56:50.0171 3224 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:56:50.0171 3224 VgaSave - ok
14:56:50.0218 3224 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:56:50.0218 3224 viaagp - ok
14:56:50.0234 3224 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:56:50.0234 3224 ViaIde - ok
14:56:50.0265 3224 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
14:56:50.0265 3224 Viewpoint Manager Service - ok
14:56:50.0281 3224 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:56:50.0281 3224 VolSnap - ok
14:56:50.0328 3224 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:56:50.0328 3224 VSS - ok
14:56:50.0343 3224 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
14:56:50.0359 3224 w32time - ok
14:56:50.0375 3224 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:56:50.0390 3224 Wanarp - ok
14:56:50.0390 3224 wanatw - ok
14:56:50.0406 3224 WDICA - ok
14:56:50.0421 3224 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:56:50.0421 3224 wdmaud - ok
14:56:50.0453 3224 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:56:50.0453 3224 WebClient - ok
14:56:50.0515 3224 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:56:50.0515 3224 winachsf - ok
14:56:50.0562 3224 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:56:50.0562 3224 winmgmt - ok
14:56:50.0609 3224 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:56:50.0625 3224 WmdmPmSN - ok
14:56:50.0656 3224 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:56:50.0656 3224 Wmi - ok
14:56:50.0687 3224 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:56:50.0703 3224 WmiApSrv - ok
14:56:50.0796 3224 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:56:50.0812 3224 WMPNetworkSvc - ok
14:56:50.0828 3224 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:56:50.0828 3224 WS2IFSL - ok
14:56:50.0859 3224 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:56:50.0859 3224 WSTCODEC - ok
14:56:50.0906 3224 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:56:50.0906 3224 WudfPf - ok
14:56:50.0953 3224 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:56:50.0953 3224 WudfRd - ok
14:56:50.0984 3224 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:56:50.0984 3224 WudfSvc - ok
14:56:51.0046 3224 [ E8C30EF9BBC6DDB71F0F77FA3A96515F ] WUSB54GSv2SVC C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
14:56:51.0046 3224 WUSB54GSv2SVC - ok
14:56:51.0078 3224 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:56:51.0093 3224 WZCSVC - ok
14:56:51.0125 3224 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:56:51.0140 3224 xmlprov - ok
14:56:51.0156 3224 ================ Scan global ===============================
14:56:51.0171 3224 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:56:51.0218 3224 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
14:56:51.0234 3224 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
14:56:51.0265 3224 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:56:51.0265 3224 [Global] - ok
14:56:51.0265 3224 ================ Scan MBR ==================================
14:56:51.0281 3224 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
14:56:51.0515 3224 \Device\Harddisk0\DR0 - ok
14:56:51.0515 3224 ================ Scan VBR ==================================
14:56:51.0515 3224 [ 6673119A2FFB216A836088D3B948C06D ] \Device\Harddisk0\DR0\Partition1
14:56:51.0515 3224 \Device\Harddisk0\DR0\Partition1 - ok
14:56:51.0515 3224 ============================================================
14:56:51.0515 3224 Scan finished
14:56:51.0515 3224 ============================================================
14:56:51.0531 3916 Detected object count: 0
14:56:51.0531 3916 Actual detected object count: 0

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:45 PM

Posted 12 November 2012 - 08:02 AM

Hi,

You can find the MBAM log here: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

You can find the Avast log here: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd


==========================================


One or more of the identified infections is a backdoor trojan/rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 nachtkitten

nachtkitten
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 14 November 2012 - 02:20 AM

Thank you for the info. I would love to reformat this computer, but the difficult part is that I am really inexperienced in this kind of stuff and have no idea how to back up my (very) numerous programs/files? This computer is quite old as well and I lost the original Windows CD long ago. I actually ran ComboFix earlier and you were absolutely right; my computer is infected with Rootkit.ZeroAccess--I have no idea what this is but I know it's bad. What would you recommend?

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:45 PM

Posted 14 November 2012 - 05:59 AM

Hi,

Reformat is really recommended in this case but doing that is impossible without the XP CD. Can you barrow a CD to a friend or family member? If not then I guess our only choice at the moment is to clean this PC, do you concur with me?

Can you please post the resulting log of Combofix for my review. It is located in C:\combofix.txt.

Edited by sempai, 14 November 2012 - 06:00 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:45 PM

Posted 20 November 2012 - 04:28 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users