BACK DOOR BOT OR TROJAN

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed Oct 31, 2012 5:38 pm

Are all of these items safe and good for my computer?
Yes, that should suffice. How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu Nov 01, 2012 12:33 am

Hi Super Dave:

I have tried five times to run the ESET scan. The firs three times I got an error message: Unexpected Error 2003.

The last two times I tried to run the scan I got the message: Can not get update. Is Proxy configured?

What should I do?

Thanks,

Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu Nov 01, 2012 1:19 am

Ok. Let's try this one.

Scan your computer with [You must be registered and logged in to see this link.]

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Nov 02, 2012 6:57 pm

Hi Super Dave:

I am sorry. I did not see the information about doing the Panda Scan until after I started the ESET scan. The ESET scan has been at 28% for some time now, but I think it might finish properly. I will post those results and then do the Panda scan for you.

Yesterday Comodo did a scan and declared that there were four threats to this computer. Comodo also said that all threats could not be removed. That is discouraging. I had marked the scan previously to scan for root kits. You will recall that you had me get rid of AVG and install Comodo. I will post the Comodo scan results for you now.

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

---------
You asked how my computer is running and it is still odd. One thing that is new and is also odd is that most all internet activity now gets a "Not Responding." Even when signing into your website!

I wanted to ask you about deleting my son as a user on this computer. I am the main user and the administrator. My son has not used the computer for several months. He lives somewhere else most of the time now. Can I delete him as a user on this computer? Will that help the computer? Will that harm the computer? Would it save any space on the comptuer?

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat Nov 03, 2012 1:34 am

Can I delete him as a user on this computer? Will that help the computer? Will that harm the computer? Would it save any space on the comptuer?
If he doesn't use the computer, you can delete his account but I don't think it will make much difference but it could save some space if you uninstall the programs that he had installed, if any. I'll wait for the ESET scan results and we'll take it from there.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat Nov 03, 2012 4:53 pm

Hi Super Dave:

I was able to do the Padna Scan. It took a long, long time. Scan results say nothing was found. Posting this and then trying to do the ESET once again.
---------------
Today you are not infected.


We have detected that the COMODO Antivirus protection on your PC is enabled and up-to-date.

It is advisable to run a complete scan with ActiveScan 2.0 from time to time. This will minimize the chances of infection.
--------

Doing ESET now.

Thanks,
Karen
















karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun Nov 04, 2012 1:07 am

Hi Super Dave:

I didn't get a chance to push anything for the report. Here is what the results said:

No threats found.
Scanned Files: 68,541
Infected Files: 0
Cleaned Files: 0
Total Scanned Time: 4:35:49
Scan Status: Finished

During the scan process Comodo went crazy. Comodo says it found threats that could not be deleted. What is up with this? If Comodo found stuff why didn't ESET? Is Comodo doing false positives?

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun Nov 04, 2012 1:50 am

Ok. Let's do some cleanup and if Comodo keeps acting up, please let me know.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***********************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
**************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue Nov 06, 2012 4:40 am

Hi Super Dave:

Well the computer is running faster. That is good. Today I did the Comodo scan. Once again four threats were found and sadly Comodo reports that it can not clear all four threats. This is disturbing. I am pasting what was found here for your. What can be done to clear these items up? They appear to be root kits.

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------------
Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Tue Nov 06, 2012 8:40 pm

All the scans we ran didn't detect any rootkits. Let's try a few more.


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
**********************************************************************
Download GMER Rootkit Scanner from [You must be registered and logged in to see this link.]

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
*Sections
*IAT/EAT
*Drives/Partition other than Systemdrive (typically C:\)
*Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Wed Nov 07, 2012 3:50 am

Hi Super Dave:

Nothing found here. I know that the Kaspersky is well respected. I don't understand why Comodo keeps saying that it finds things.

19:34:23.0906 4000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:34:25.0171 4000 ============================================================
19:34:25.0171 4000 Current date / time: 2012/11/06 19:34:25.0171
19:34:25.0171 4000 SystemInfo:
19:34:25.0171 4000
19:34:25.0171 4000 OS Version: 5.1.2600 ServicePack: 3.0
19:34:25.0171 4000 Product type: Workstation
19:34:25.0171 4000 ComputerName: KURTCOMPUTER
19:34:25.0171 4000 UserName: Owner
19:34:25.0171 4000 Windows directory: C:\WINDOWS
19:34:25.0171 4000 System windows directory: C:\WINDOWS
19:34:25.0171 4000 Processor architecture: Intel x86
19:34:25.0171 4000 Number of processors: 1
19:34:25.0171 4000 Page size: 0x1000
19:34:25.0171 4000 Boot type: Normal boot
19:34:25.0171 4000 ============================================================
19:34:28.0500 4000 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:34:28.0500 4000 ============================================================
19:34:28.0500 4000 \Device\Harddisk0\DR0:
19:34:28.0500 4000 MBR partitions:
19:34:28.0500 4000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:34:28.0500 4000 ============================================================
19:34:28.0546 4000 C: <-> \Device\Harddisk0\DR0\Partition1
19:34:28.0546 4000 ============================================================
19:34:28.0546 4000 Initialize success
19:34:28.0546 4000 ============================================================
19:35:39.0953 0512 ============================================================
19:35:39.0953 0512 Scan started
19:35:39.0953 0512 Mode: Manual;
19:35:39.0953 0512 ============================================================
19:35:40.0421 0512 ================ Scan system memory ========================
19:35:40.0421 0512 System memory - ok
19:35:40.0437 0512 ================ Scan services =============================
19:35:40.0625 0512 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:35:40.0781 0512 !SASCORE - ok
19:35:40.0953 0512 Abiosdsk - ok
19:35:40.0984 0512 abp480n5 - ok
19:35:41.0062 0512 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:35:41.0078 0512 ACPI - ok
19:35:41.0156 0512 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:35:41.0156 0512 ACPIEC - ok
19:35:41.0187 0512 adpu160m - ok
19:35:41.0265 0512 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:35:41.0265 0512 aeaudio - ok
19:35:41.0328 0512 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:35:41.0343 0512 aec - ok
19:35:41.0406 0512 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:35:41.0406 0512 Afc - ok
19:35:41.0468 0512 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:35:41.0484 0512 AFD - ok
19:35:41.0500 0512 Aha154x - ok
19:35:41.0515 0512 aic78u2 - ok
19:35:41.0531 0512 aic78xx - ok
19:35:41.0593 0512 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:35:41.0625 0512 Alerter - ok
19:35:41.0671 0512 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:35:41.0671 0512 ALG - ok
19:35:41.0703 0512 AliIde - ok
19:35:41.0734 0512 amsint - ok
19:35:41.0750 0512 AppMgmt - ok
19:35:41.0781 0512 asc - ok
19:35:41.0812 0512 asc3350p - ok
19:35:41.0828 0512 asc3550 - ok
19:35:42.0015 0512 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:35:42.0046 0512 aspnet_state - ok
19:35:42.0093 0512 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:35:42.0093 0512 AsyncMac - ok
19:35:42.0156 0512 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:35:42.0171 0512 atapi - ok
19:35:42.0187 0512 Atdisk - ok
19:35:42.0250 0512 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:35:42.0265 0512 Atmarpc - ok
19:35:42.0328 0512 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:35:42.0343 0512 AudioSrv - ok
19:35:42.0406 0512 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:35:42.0406 0512 audstub - ok
19:35:42.0468 0512 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:35:42.0468 0512 BANTExt - ok
19:35:42.0593 0512 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:35:42.0593 0512 bcm4sbxp - ok
19:35:42.0671 0512 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:35:42.0687 0512 BCMModem - ok
19:35:42.0765 0512 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:35:42.0781 0512 Beep - ok
19:35:42.0859 0512 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:35:43.0312 0512 BITS - ok
19:35:43.0390 0512 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:35:43.0500 0512 Browser - ok
19:35:43.0578 0512 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:35:43.0593 0512 cbidf2k - ok
19:35:43.0640 0512 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:35:43.0640 0512 CCDECODE - ok
19:35:43.0671 0512 cd20xrnt - ok
19:35:43.0734 0512 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:35:43.0734 0512 Cdaudio - ok
19:35:43.0828 0512 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:35:43.0828 0512 Cdfs - ok
19:35:43.0859 0512 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:35:43.0859 0512 Cdrom - ok
19:35:43.0937 0512 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:35:44.0046 0512 ch7009 - ok
19:35:44.0062 0512 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:35:44.0171 0512 ch7017 - ok
19:35:44.0203 0512 Changer - ok
19:35:44.0265 0512 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:35:44.0265 0512 CiSvc - ok
19:35:44.0312 0512 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:35:44.0312 0512 ClipSrv - ok
19:35:44.0359 0512 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:44.0500 0512 clr_optimization_v2.0.50727_32 - ok
19:35:44.0750 0512 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:35:44.0781 0512 cmdAgent - ok
19:35:44.0859 0512 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:35:44.0984 0512 cmderd - ok
19:35:45.0046 0512 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:35:45.0234 0512 cmdGuard - ok
19:35:45.0296 0512 [ 3036D1C981573BCA1DE1F9D0AFB7CFD2 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:35:45.0390 0512 cmdHlp - ok
19:35:45.0421 0512 CmdIde - ok
19:35:45.0484 0512 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:35:45.0593 0512 CoachUsb - ok
19:35:45.0609 0512 CoachVc - ok
19:35:45.0640 0512 COMSysApp - ok
19:35:45.0671 0512 Cpqarray - ok
19:35:45.0703 0512 Crypkey License - ok
19:35:45.0750 0512 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:35:45.0750 0512 CryptSvc - ok
19:35:45.0812 0512 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:35:45.0906 0512 d3dUtil - ok
19:35:45.0921 0512 dac2w2k - ok
19:35:45.0953 0512 dac960nt - ok
19:35:46.0046 0512 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:35:46.0140 0512 DcomLaunch - ok
19:35:46.0203 0512 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:35:46.0203 0512 Dhcp - ok
19:35:46.0281 0512 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:35:46.0281 0512 Disk - ok
19:35:46.0312 0512 dmadmin - ok
19:35:46.0406 0512 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:35:46.0437 0512 dmboot - ok
19:35:46.0484 0512 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:35:46.0500 0512 dmio - ok
19:35:46.0562 0512 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:35:46.0562 0512 dmload - ok
19:35:46.0625 0512 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:35:46.0625 0512 dmserver - ok
19:35:46.0687 0512 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:35:46.0703 0512 DMusic - ok
19:35:46.0781 0512 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:35:46.0781 0512 Dnscache - ok
19:35:46.0859 0512 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:35:46.0859 0512 Dot3svc - ok
19:35:46.0890 0512 dpti2o - ok
19:35:46.0953 0512 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:35:46.0953 0512 drmkaud - ok
19:35:46.0984 0512 DwProt - ok
19:35:47.0046 0512 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:35:47.0046 0512 EapHost - ok
19:35:47.0109 0512 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:35:47.0109 0512 ERSvc - ok
19:35:47.0171 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:35:47.0234 0512 Eventlog - ok
19:35:47.0312 0512 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:35:47.0328 0512 EventSystem - ok
19:35:47.0375 0512 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:35:47.0375 0512 Fastfat - ok
19:35:47.0484 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:35:47.0593 0512 FastUserSwitchingCompatibility - ok
19:35:47.0656 0512 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:35:47.0671 0512 Fdc - ok
19:35:47.0718 0512 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:35:47.0718 0512 Fips - ok
19:35:47.0750 0512 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:35:47.0750 0512 Flpydisk - ok
19:35:47.0828 0512 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:35:47.0828 0512 FltMgr - ok
19:35:48.0000 0512 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:48.0000 0512 FontCache3.0.0.0 - ok
19:35:48.0078 0512 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:35:48.0156 0512 fs454 - ok
19:35:48.0234 0512 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:35:48.0343 0512 fssfltr - ok
19:35:48.0500 0512 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:35:48.0687 0512 fsssvc - ok
19:35:48.0765 0512 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:35:48.0765 0512 Fs_Rec - ok
19:35:48.0843 0512 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:35:48.0843 0512 Ftdisk - ok
19:35:48.0921 0512 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:35:48.0937 0512 Gpc - ok
19:35:49.0031 0512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:49.0046 0512 gupdate - ok
19:35:49.0062 0512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:49.0062 0512 gupdatem - ok
19:35:49.0140 0512 helpsvc - ok
19:35:49.0171 0512 HidServ - ok
19:35:49.0265 0512 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:35:49.0265 0512 hkmsvc - ok
19:35:49.0296 0512 hpn - ok
19:35:49.0390 0512 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:35:49.0390 0512 HTTP - ok
19:35:49.0453 0512 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:35:49.0562 0512 HTTPFilter - ok
19:35:49.0593 0512 i2omgmt - ok
19:35:49.0625 0512 i2omp - ok
19:35:49.0671 0512 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:35:49.0671 0512 i8042prt - ok
19:35:49.0781 0512 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:35:49.0828 0512 ialm - ok
19:35:49.0984 0512 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:50.0031 0512 idsvc - ok
19:35:50.0125 0512 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:35:50.0250 0512 igdmini - ok
19:35:50.0328 0512 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:35:50.0328 0512 Imapi - ok
19:35:50.0437 0512 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:35:50.0437 0512 ImapiService - ok
19:35:50.0468 0512 ini910u - ok
19:35:50.0546 0512 [ BB916E9A279D1B35D895405DAF162F35 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:35:50.0656 0512 Inspect - ok
19:35:50.0703 0512 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:35:50.0703 0512 IntelIde - ok
19:35:50.0765 0512 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:35:50.0781 0512 intelppm - ok
19:35:50.0828 0512 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:35:50.0828 0512 ip6fw - ok
19:35:50.0890 0512 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:35:50.0890 0512 IpFilterDriver - ok
19:35:50.0937 0512 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:35:50.0937 0512 IpInIp - ok
19:35:51.0015 0512 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:35:51.0015 0512 IpNat - ok
19:35:51.0062 0512 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:35:51.0062 0512 IPSec - ok
19:35:51.0109 0512 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:35:51.0109 0512 IRENUM - ok
19:35:51.0171 0512 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:35:51.0187 0512 isapnp - ok
19:35:51.0234 0512 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:35:51.0234 0512 Kbdclass - ok
19:35:51.0296 0512 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:35:51.0296 0512 kmixer - ok
19:35:51.0359 0512 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:35:51.0359 0512 KSecDD - ok
19:35:51.0453 0512 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:35:51.0593 0512 lanmanserver - ok
19:35:51.0671 0512 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:35:51.0734 0512 lanmanworkstation - ok
19:35:51.0765 0512 lbrtfdc - ok
19:35:51.0859 0512 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:35:51.0875 0512 LmHosts - ok
19:35:51.0906 0512 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:35:52.0015 0512 lvds - ok
19:35:52.0218 0512 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:35:52.0421 0512 McciCMService - ok
19:35:52.0484 0512 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:35:52.0484 0512 Messenger - ok
19:35:52.0531 0512 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:35:52.0546 0512 mnmdd - ok
19:35:52.0609 0512 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:35:52.0609 0512 mnmsrvc - ok
19:35:52.0671 0512 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:35:52.0671 0512 Modem - ok
19:35:52.0734 0512 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:35:52.0734 0512 MODEMCSA - ok
19:35:52.0765 0512 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:35:52.0765 0512 Mouclass - ok
19:35:52.0812 0512 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:35:52.0812 0512 MountMgr - ok
19:35:52.0859 0512 mraid35x - ok
19:35:52.0921 0512 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:35:53.0031 0512 MREMP50 - ok
19:35:53.0093 0512 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:35:53.0203 0512 MREMPR5 - ok
19:35:53.0218 0512 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:35:53.0328 0512 MRENDIS5 - ok
19:35:53.0359 0512 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:35:53.0468 0512 MRESP50 - ok
19:35:53.0515 0512 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:35:53.0531 0512 MRxDAV - ok
19:35:53.0640 0512 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:35:53.0656 0512 MRxSmb - ok
19:35:53.0718 0512 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:35:53.0734 0512 MSDTC - ok
19:35:53.0765 0512 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:35:53.0781 0512 Msfs - ok
19:35:53.0796 0512 MSIServer - ok
19:35:53.0843 0512 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:35:53.0843 0512 MSKSSRV - ok
19:35:53.0875 0512 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:35:53.0890 0512 MSPCLOCK - ok
19:35:53.0921 0512 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:35:53.0921 0512 MSPQM - ok
19:35:53.0984 0512 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:35:53.0984 0512 mssmbios - ok
19:35:54.0062 0512 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:35:54.0062 0512 MSTEE - ok
19:35:54.0156 0512 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:35:54.0296 0512 Mup - ok
19:35:54.0343 0512 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:35:54.0359 0512 NABTSFEC - ok
19:35:54.0421 0512 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:35:54.0468 0512 napagent - ok
19:35:54.0531 0512 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:35:54.0546 0512 NDIS - ok
19:35:54.0625 0512 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:35:54.0625 0512 NdisIP - ok
19:35:54.0687 0512 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:35:54.0687 0512 NdisTapi - ok
19:35:54.0750 0512 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:35:54.0750 0512 Ndisuio - ok
19:35:54.0812 0512 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:35:54.0812 0512 NdisWan - ok
19:35:54.0890 0512 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:35:55.0000 0512 NDProxy - ok
19:35:55.0031 0512 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:35:55.0031 0512 NetBIOS - ok
19:35:55.0078 0512 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:35:55.0109 0512 NetBT - ok
19:35:55.0171 0512 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:35:55.0171 0512 NetDDE - ok
19:35:55.0203 0512 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:35:55.0218 0512 NetDDEdsdm - ok
19:35:55.0296 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:35:55.0296 0512 Netlogon - ok
19:35:55.0343 0512 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:35:55.0359 0512 Netman - ok
19:35:55.0421 0512 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:55.0421 0512 NetTcpPortSharing - ok
19:35:55.0484 0512 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:35:55.0500 0512 NetworkX - ok
19:35:55.0593 0512 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:35:55.0609 0512 Nla - ok
19:35:55.0671 0512 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:35:55.0671 0512 Npfs - ok
19:35:55.0734 0512 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:35:55.0843 0512 ns2501 - ok
19:35:55.0875 0512 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:35:55.0984 0512 ns387 - ok
19:35:56.0093 0512 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:35:56.0125 0512 Ntfs - ok
19:35:56.0171 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:35:56.0171 0512 NtLmSsp - ok
19:35:56.0281 0512 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:35:56.0359 0512 NtmsSvc - ok
19:35:56.0421 0512 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:35:56.0437 0512 Null - ok
19:35:56.0500 0512 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:35:56.0515 0512 NwlnkFlt - ok
19:35:56.0562 0512 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:35:56.0578 0512 NwlnkFwd - ok
19:35:56.0625 0512 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:35:56.0625 0512 NwlnkIpx - ok
19:35:56.0734 0512 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:35:56.0750 0512 NwlnkNb - ok
19:35:56.0781 0512 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:35:56.0796 0512 NwlnkSpx - ok
19:35:56.0875 0512 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:35:56.0890 0512 NwSapAgent - ok
19:35:56.0937 0512 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:35:57.0062 0512 OMCI - ok
19:35:57.0125 0512 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:35:57.0140 0512 Parport - ok
19:35:57.0187 0512 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:35:57.0187 0512 PartMgr - ok
19:35:57.0250 0512 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:35:57.0265 0512 ParVdm - ok
19:35:57.0359 0512 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{E9D79540-57D5953E-06020200}_0 c:\program files\dell support center\pcdsrvc.pkms
19:35:57.0531 0512 PCDSRVC{E9D79540-57D5953E-06020200}_0 - ok
19:35:57.0562 0512 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:35:57.0562 0512 PCI - ok
19:35:57.0593 0512 PCIDump - ok
19:35:57.0656 0512 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
19:35:57.0671 0512 PCIIde - ok
19:35:57.0734 0512 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:35:57.0750 0512 Pcmcia - ok
19:35:57.0781 0512 PDCOMP - ok
19:35:57.0812 0512 PDFRAME - ok
19:35:57.0828 0512 PDRELI - ok
19:35:57.0859 0512 PDRFRAME - ok
19:35:57.0890 0512 perc2 - ok
19:35:57.0937 0512 perc2hib - ok
19:35:58.0046 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:35:58.0062 0512 PlugPlay - ok
19:35:58.0234 0512 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
19:35:58.0562 0512 PMBDeviceInfoProvider - ok
19:35:58.0625 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:35:58.0625 0512 PolicyAgent - ok
19:35:58.0703 0512 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:35:58.0718 0512 PptpMiniport - ok
19:35:58.0750 0512 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:35:58.0765 0512 Processor - ok
19:35:58.0796 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:35:58.0796 0512 ProtectedStorage - ok
19:35:58.0828 0512 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:35:58.0828 0512 PSched - ok
19:35:58.0906 0512 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:35:58.0906 0512 Ptilink - ok
19:35:59.0000 0512 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:35:59.0000 0512 PxHelp20 - ok
19:35:59.0031 0512 ql1080 - ok
19:35:59.0062 0512 Ql10wnt - ok
19:35:59.0093 0512 ql12160 - ok
19:35:59.0125 0512 ql1240 - ok
19:35:59.0156 0512 ql1280 - ok
19:35:59.0218 0512 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:35:59.0218 0512 RasAcd - ok
19:35:59.0296 0512 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:35:59.0312 0512 RasAuto - ok
19:35:59.0343 0512 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:35:59.0343 0512 Rasl2tp - ok
19:35:59.0437 0512 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:35:59.0453 0512 RasMan - ok
19:35:59.0500 0512 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:35:59.0515 0512 RasPppoe - ok
19:35:59.0562 0512 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:35:59.0562 0512 Raspti - ok
19:35:59.0640 0512 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:35:59.0640 0512 Rdbss - ok
19:35:59.0687 0512 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:35:59.0687 0512 RDPCDD - ok
19:35:59.0812 0512 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:35:59.0921 0512 RDPWD - ok
19:36:00.0000 0512 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:36:00.0015 0512 RDSessMgr - ok
19:36:00.0078 0512 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:00.0078 0512 redbook - ok
19:36:00.0140 0512 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:36:00.0156 0512 RemoteAccess - ok
19:36:00.0234 0512 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:36:00.0250 0512 RpcLocator - ok
19:36:00.0328 0512 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:36:00.0343 0512 RpcSs - ok
19:36:00.0421 0512 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:36:00.0453 0512 RSVP - ok
19:36:00.0531 0512 SABProcEnum - ok
19:36:00.0578 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:36:00.0578 0512 SamSs - ok
19:36:00.0656 0512 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:36:00.0671 0512 SASDIFSV - ok
19:36:00.0718 0512 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:36:00.0718 0512 SASKUTIL - ok
19:36:00.0781 0512 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:36:00.0796 0512 SCardSvr - ok
19:36:00.0890 0512 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:36:00.0906 0512 Schedule - ok
19:36:00.0984 0512 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:01.0000 0512 Secdrv - ok
19:36:01.0046 0512 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:36:01.0062 0512 seclogon - ok
19:36:01.0125 0512 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:36:01.0125 0512 SENS - ok
19:36:01.0203 0512 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:01.0218 0512 serenum - ok
19:36:01.0281 0512 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:01.0281 0512 Serial - ok
19:36:01.0390 0512 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:01.0406 0512 Sfloppy - ok
19:36:01.0500 0512 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:36:01.0531 0512 SharedAccess - ok
19:36:01.0578 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:36:01.0593 0512 ShellHWDetection - ok
19:36:01.0625 0512 [ 2327F5FFA223EC9B415F4A0CDBDF4EE1 ] sii164 C:\WINDOWS\system32\DRIVERS\sii164.sys
19:36:01.0734 0512 sii164 - ok
19:36:01.0765 0512 Simbad - ok
19:36:01.0843 0512 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:36:01.0859 0512 SLIP - ok
19:36:01.0921 0512 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
19:36:02.0046 0512 SmartDefragDriver - ok
19:36:02.0187 0512 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:36:02.0187 0512 smwdm - ok
19:36:02.0234 0512 Sparrow - ok
19:36:02.0296 0512 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:36:02.0296 0512 splitter - ok
19:36:02.0375 0512 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:36:02.0390 0512 Spooler - ok
19:36:02.0453 0512 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:02.0468 0512 sr - ok
19:36:02.0546 0512 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:36:02.0562 0512 srservice - ok
19:36:02.0671 0512 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:02.0687 0512 Srv - ok
19:36:02.0781 0512 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:36:02.0781 0512 SSDPSRV - ok
19:36:02.0875 0512 [ EE74E3B1B521CEF8E8C9D008E4BDB45C ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
19:36:03.0062 0512 STAC97 - ok
19:36:03.0203 0512 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:36:03.0265 0512 stisvc - ok
19:36:03.0328 0512 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:36:03.0328 0512 streamip - ok
19:36:03.0359 0512 SVKP - ok
19:36:03.0421 0512 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:03.0437 0512 swenum - ok
19:36:03.0484 0512 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:36:03.0484 0512 swmidi - ok
19:36:03.0515 0512 SwPrv - ok
19:36:03.0562 0512 symc810 - ok
19:36:03.0593 0512 symc8xx - ok
19:36:03.0625 0512 sym_hi - ok
19:36:03.0656 0512 sym_u3 - ok
19:36:03.0703 0512 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:03.0718 0512 sysaudio - ok
19:36:03.0765 0512 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:36:03.0781 0512 SysmonLog - ok
19:36:04.0015 0512 SysProtDrv.sys - ok
19:36:04.0093 0512 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:36:04.0109 0512 TapiSrv - ok
19:36:04.0218 0512 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:04.0234 0512 Tcpip - ok
19:36:04.0296 0512 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:04.0296 0512 TDPIPE - ok
19:36:04.0375 0512 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:04.0375 0512 TDTCP - ok
19:36:04.0437 0512 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:04.0468 0512 TermDD - ok
19:36:04.0546 0512 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:36:04.0593 0512 TermService - ok
19:36:04.0656 0512 [ 201BE1C73FA333A8872AD738AC49B9B4 ] th164 C:\WINDOWS\system32\DRIVERS\th164.sys
19:36:04.0781 0512 th164 - ok
19:36:04.0828 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:36:04.0843 0512 Themes - ok
19:36:04.0875 0512 [ AB9720ADBE304893516521D2E440BD45 ] ti410 C:\WINDOWS\system32\DRIVERS\ti410.sys
19:36:04.0984 0512 ti410 - ok
19:36:05.0015 0512 TICalc - ok
19:36:05.0109 0512 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
19:36:05.0218 0512 tmcomm - ok
19:36:05.0250 0512 TosIde - ok
19:36:05.0343 0512 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:36:05.0359 0512 TrkWks - ok
19:36:05.0421 0512 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:36:05.0437 0512 Udfs - ok
19:36:05.0515 0512 ultra - ok
19:36:05.0609 0512 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:36:05.0640 0512 Update - ok
19:36:05.0718 0512 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:36:05.0734 0512 upnphost - ok
19:36:05.0796 0512 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:36:05.0796 0512 UPS - ok
19:36:05.0859 0512 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:05.0859 0512 usbehci - ok
19:36:05.0937 0512 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:05.0937 0512 usbhub - ok
19:36:06.0015 0512 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:06.0015 0512 usbscan - ok
19:36:06.0062 0512 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:06.0078 0512 USBSTOR - ok
19:36:06.0109 0512 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:36:06.0125 0512 usbuhci - ok
19:36:06.0156 0512 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:36:06.0187 0512 VgaSave - ok
19:36:06.0234 0512 ViaIde - ok
19:36:06.0296 0512 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:06.0312 0512 VolSnap - ok
19:36:06.0406 0512 [ 699FD04EC634BB3681F11B427F852187 ] vsdatant C:\WINDOWS\System32\vsdatant.sys
19:36:06.0562 0512 vsdatant - ok
19:36:06.0640 0512 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:36:06.0687 0512 VSS - ok
19:36:06.0765 0512 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:36:06.0781 0512 W32Time - ok
19:36:06.0843 0512 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:06.0843 0512 Wanarp - ok
19:36:06.0890 0512 WDICA - ok
19:36:06.0968 0512 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:06.0968 0512 wdmaud - ok
19:36:07.0031 0512 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:36:07.0046 0512 WebClient - ok
19:36:07.0218 0512 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:07.0265 0512 winmgmt - ok
19:36:07.0406 0512 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:36:07.0515 0512 WmdmPmSN - ok
19:36:07.0609 0512 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:36:07.0609 0512 WmiApSrv - ok
19:36:07.0656 0512 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
19:36:07.0781 0512 WpdUsb - ok
19:36:07.0859 0512 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:36:07.0859 0512 WS2IFSL - ok
19:36:07.0953 0512 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:36:08.0015 0512 wscsvc - ok
19:36:08.0046 0512 WSearch - ok
19:36:08.0125 0512 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:36:08.0125 0512 WSTCODEC - ok
19:36:08.0234 0512 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:36:08.0281 0512 wuauserv - ok
19:36:08.0343 0512 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:08.0343 0512 WudfPf - ok
19:36:08.0437 0512 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:08.0437 0512 WudfRd - ok
19:36:08.0515 0512 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:36:08.0531 0512 WudfSvc - ok
19:36:08.0609 0512 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:36:08.0640 0512 xmlprov - ok
19:36:08.0671 0512 zntport - ok
19:36:08.0765 0512 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:36:08.0875 0512 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:36:08.0968 0512 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:36:09.0093 0512 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:36:09.0109 0512 ================ Scan global ===============================
19:36:09.0187 0512 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:36:09.0281 0512 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:36:09.0328 0512 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:36:09.0406 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:36:09.0421 0512 [Global] - ok
19:36:09.0437 0512 ================ Scan MBR ==================================
19:36:09.0453 0512 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:36:09.0687 0512 \Device\Harddisk0\DR0 - ok
19:36:09.0703 0512 ================ Scan VBR ==================================
19:36:09.0718 0512 [ D1DAFF5B33FC746EBC58ADAEC37E6BBC ] \Device\Harddisk0\DR0\Partition1
19:36:09.0718 0512 \Device\Harddisk0\DR0\Partition1 - ok
19:36:09.0718 0512 ============================================================
19:36:09.0718 0512 Scan finished
19:36:09.0718 0512 ============================================================
19:36:09.0750 0752 Detected object count: 0
19:36:09.0765 0752 Actual detected object count: 0
19:36:48.0781 2864 ============================================================
19:36:48.0781 2864 Scan started
19:36:48.0781 2864 Mode: Manual;
19:36:48.0781 2864 ============================================================
19:36:49.0015 2864 ================ Scan system memory ========================
19:36:49.0031 2864 System memory - ok
19:36:49.0031 2864 ================ Scan services =============================
19:36:49.0171 2864 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:36:49.0171 2864 !SASCORE - ok
19:36:49.0390 2864 Abiosdsk - ok
19:36:49.0406 2864 abp480n5 - ok
19:36:49.0484 2864 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:49.0484 2864 ACPI - ok
19:36:49.0578 2864 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:36:49.0578 2864 ACPIEC - ok
19:36:49.0609 2864 adpu160m - ok
19:36:49.0687 2864 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:36:49.0687 2864 aeaudio - ok
19:36:49.0734 2864 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:36:49.0734 2864 aec - ok
19:36:49.0796 2864 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:36:49.0796 2864 Afc - ok
19:36:49.0875 2864 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:36:49.0875 2864 AFD - ok
19:36:49.0906 2864 Aha154x - ok
19:36:49.0921 2864 aic78u2 - ok
19:36:49.0953 2864 aic78xx - ok
19:36:50.0000 2864 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:36:50.0000 2864 Alerter - ok
19:36:50.0078 2864 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:36:50.0078 2864 ALG - ok
19:36:50.0109 2864 AliIde - ok
19:36:50.0125 2864 amsint - ok
19:36:50.0156 2864 AppMgmt - ok
19:36:50.0171 2864 asc - ok
19:36:50.0203 2864 asc3350p - ok
19:36:50.0234 2864 asc3550 - ok
19:36:50.0390 2864 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:50.0390 2864 aspnet_state - ok
19:36:50.0437 2864 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:50.0453 2864 AsyncMac - ok
19:36:50.0484 2864 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:50.0500 2864 atapi - ok
19:36:50.0515 2864 Atdisk - ok
19:36:50.0578 2864 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:50.0578 2864 Atmarpc - ok
19:36:50.0640 2864 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:36:50.0640 2864 AudioSrv - ok
19:36:50.0703 2864 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:50.0703 2864 audstub - ok
19:36:50.0765 2864 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:36:50.0765 2864 BANTExt - ok
19:36:50.0875 2864 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:36:50.0890 2864 bcm4sbxp - ok
19:36:50.0984 2864 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:36:51.0000 2864 BCMModem - ok
19:36:51.0078 2864 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:36:51.0078 2864 Beep - ok
19:36:51.0187 2864 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:36:51.0203 2864 BITS - ok
19:36:51.0265 2864 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:36:51.0281 2864 Browser - ok
19:36:51.0359 2864 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:51.0375 2864 cbidf2k - ok
19:36:51.0421 2864 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:36:51.0421 2864 CCDECODE - ok
19:36:51.0453 2864 cd20xrnt - ok
19:36:51.0515 2864 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:51.0515 2864 Cdaudio - ok
19:36:51.0609 2864 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:51.0609 2864 Cdfs - ok
19:36:51.0640 2864 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:51.0640 2864 Cdrom - ok
19:36:51.0703 2864 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:36:51.0703 2864 ch7009 - ok
19:36:51.0734 2864 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:36:51.0734 2864 ch7017 - ok
19:36:51.0765 2864 Changer - ok
19:36:51.0828 2864 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:36:51.0828 2864 CiSvc - ok
19:36:51.0859 2864 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:36:51.0859 2864 ClipSrv - ok
19:36:51.0906 2864 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:51.0921 2864 clr_optimization_v2.0.50727_32 - ok
19:36:52.0140 2864 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:36:52.0171 2864 cmdAgent - ok
19:36:52.0250 2864 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:36:52.0250 2864 cmderd - ok
19:36:52.0375 2864 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:36:52.0390 2864 cmdGuard - ok
19:36:52.0437 2864 [ 3036D1C981573BCA1DE1F9D0AFB7CFD2 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:36:52.0453 2864 cmdHlp - ok
19:36:52.0468 2864 CmdIde - ok
19:36:52.0531 2864 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:36:52.0546 2864 CoachUsb - ok
19:36:52.0578 2864 CoachVc - ok
19:36:52.0593 2864 COMSysApp - ok
19:36:52.0640 2864 Cpqarray - ok
19:36:52.0671 2864 Crypkey License - ok
19:36:52.0718 2864 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:36:52.0718 2864 CryptSvc - ok
19:36:52.0765 2864 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:36:52.0765 2864 d3dUtil - ok
19:36:52.0796 2864 dac2w2k - ok
19:36:52.0828 2864 dac960nt - ok
19:36:52.0921 2864 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:36:52.0937 2864 DcomLaunch - ok
19:36:53.0000 2864 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:36:53.0000 2864 Dhcp - ok
19:36:53.0062 2864 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:53.0062 2864 Disk - ok
19:36:53.0093 2864 dmadmin - ok
19:36:53.0187 2864 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:36:53.0203 2864 dmboot - ok
19:36:53.0265 2864 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:36:53.0265 2864 dmio - ok
19:36:53.0312 2864 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:36:53.0312 2864 dmload - ok
19:36:53.0375 2864 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:36:53.0375 2864 dmserver - ok
19:36:53.0453 2864 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:36:53.0453 2864 DMusic - ok
19:36:53.0531 2864 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:36:53.0531 2864 Dnscache - ok
19:36:53.0609 2864 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:36:53.0609 2864 Dot3svc - ok
19:36:53.0640 2864 dpti2o - ok
19:36:53.0703 2864 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:53.0703 2864 drmkaud - ok
19:36:53.0734 2864 DwProt - ok
19:36:53.0781 2864 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:36:53.0781 2864 EapHost - ok
19:36:53.0875 2864 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:36:53.0875 2864 ERSvc - ok
19:36:53.0953 2864 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:36:53.0953 2864 Eventlog - ok
19:36:54.0031 2864 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:36:54.0046 2864 EventSystem - ok
19:36:54.0093 2864 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:54.0093 2864 Fastfat - ok
19:36:54.0187 2864 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:36:54.0203 2864 FastUserSwitchingCompatibility - ok
19:36:54.0296 2864 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:36:54.0312 2864 Fdc - ok
19:36:54.0359 2864 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:36:54.0359 2864 Fips - ok
19:36:54.0406 2864 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:36:54.0406 2864 Flpydisk - ok
19:36:54.0468 2864 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:54.0468 2864 FltMgr - ok
19:36:54.0609 2864 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:54.0609 2864 FontCache3.0.0.0 - ok
19:36:54.0687 2864 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:36:54.0687 2864 fs454 - ok
19:36:54.0750 2864 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:36:54.0750 2864 fssfltr - ok
19:36:54.0921 2864 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:36:54.0937 2864 fsssvc - ok
19:36:55.0000 2864 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:55.0000 2864 Fs_Rec - ok
19:36:55.0078 2864 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:55.0078 2864 Ftdisk - ok
19:36:55.0156 2864 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:55.0156 2864 Gpc - ok
19:36:55.0265 2864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:55.0265 2864 gupdate - ok
19:36:55.0281 2864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:55.0296 2864 gupdatem - ok
19:36:55.0359 2864 helpsvc - ok
19:36:55.0390 2864 HidServ - ok
19:36:55.0468 2864 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:36:55.0484 2864 hkmsvc - ok
19:36:55.0500 2864 hpn - ok
19:36:55.0578 2864 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:55.0578 2864 HTTP - ok
19:36:55.0640 2864 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:36:55.0656 2864 HTTPFilter - ok
19:36:55.0687 2864 i2omgmt - ok
19:36:55.0718 2864 i2omp - ok
19:36:55.0765 2864 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:55.0765 2864 i8042prt - ok
19:36:55.0890 2864 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:36:55.0890 2864 ialm - ok
19:36:56.0046 2864 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:56.0062 2864 idsvc - ok
19:36:56.0140 2864 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:36:56.0140 2864 igdmini - ok
19:36:56.0218 2864 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:56.0218 2864 Imapi - ok
19:36:56.0312 2864 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:36:56.0328 2864 ImapiService - ok
19:36:56.0359 2864 ini910u - ok
19:36:56.0453 2864 [ BB916E9A279D1B35D895405DAF162F35 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:36:56.0453 2864 Inspect - ok
19:36:56.0484 2864 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:36:56.0484 2864 IntelIde - ok
19:36:56.0546 2864 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:56.0546 2864 intelppm - ok
19:36:56.0593 2864 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:56.0609 2864 ip6fw - ok
19:36:56.0671 2864 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:56.0671 2864 IpFilterDriver - ok
19:36:56.0718 2864 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:56.0718 2864 IpInIp - ok
19:36:56.0796 2864 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:56.0796 2864 IpNat - ok
19:36:56.0843 2864 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:56.0843 2864 IPSec - ok
19:36:56.0890 2864 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:56.0906 2864 IRENUM - ok
19:36:56.0953 2864 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:56.0953 2864 isapnp - ok
19:36:56.0968 2864 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:56.0984 2864 Kbdclass - ok
19:36:57.0031 2864 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:36:57.0031 2864 kmixer - ok
19:36:57.0078 2864 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:57.0078 2864 KSecDD - ok
19:36:57.0171 2864 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:36:57.0187 2864 lanmanserver - ok
19:36:57.0296 2864 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:36:57.0312 2864 lanmanworkstation - ok
19:36:57.0328 2864 lbrtfdc - ok
19:36:57.0421 2864 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:36:57.0421 2864 LmHosts - ok
19:36:57.0468 2864 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:36:57.0468 2864 lvds - ok
19:36:57.0703 2864 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:36:57.0703 2864 McciCMService - ok
19:36:57.0750 2864 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:36:57.0765 2864 Messenger - ok
19:36:57.0812 2864 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:57.0812 2864 mnmdd - ok
19:36:57.0875 2864 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:36:57.0875 2864 mnmsrvc - ok
19:36:57.0937 2864 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:36:57.0937 2864 Modem - ok
19:36:58.0000 2864 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:36:58.0015 2864 MODEMCSA - ok
19:36:58.0031 2864 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:58.0031 2864 Mouclass - ok
19:36:58.0093 2864 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:58.0093 2864 MountMgr - ok
19:36:58.0125 2864 mraid35x - ok
19:36:58.0203 2864 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:36:58.0203 2864 MREMP50 - ok
19:36:58.0265 2864 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:36:58.0265 2864 MREMPR5 - ok
19:36:58.0312 2864 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:36:58.0312 2864 MRENDIS5 - ok
19:36:58.0343 2864 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:36:58.0343 2864 MRESP50 - ok
19:36:58.0390 2864 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:58.0390 2864 MRxDAV - ok
19:36:58.0500 2864 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:58.0515 2864 MRxSmb - ok
19:36:58.0578 2864 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:36:58.0578 2864 MSDTC - ok
19:36:58.0640 2864 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:36:58.0640 2864 Msfs - ok
19:36:58.0671 2864 MSIServer - ok
19:36:58.0718 2864 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:58.0718 2864 MSKSSRV - ok
19:36:58.0765 2864 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:58.0765 2864 MSPCLOCK - ok
19:36:58.0796 2864 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:58.0796 2864 MSPQM - ok
19:36:58.0875 2864 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:58.0875 2864 mssmbios - ok
19:36:58.0937 2864 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:36:58.0937 2864 MSTEE - ok
19:36:59.0015 2864 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:36:59.0015 2864 Mup - ok
19:36:59.0093 2864 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:36:59.0093 2864 NABTSFEC - ok
19:36:59.0187 2864 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:36:59.0203 2864 napagent - ok
19:36:59.0281 2864 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:36:59.0281 2864 NDIS - ok
19:36:59.0375 2864 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:36:59.0375 2864 NdisIP - ok
19:36:59.0437 2864 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:59.0437 2864 NdisTapi - ok
19:36:59.0468 2864 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:59.0484 2864 Ndisuio - ok
19:36:59.0687 2864 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:59.0703 2864 NdisWan - ok
19:36:59.0875 2864 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:59.0875 2864 NDProxy - ok
19:36:59.0984 2864 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:37:00.0000 2864 NetBIOS - ok
19:37:00.0062 2864 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:37:00.0078 2864 NetBT - ok
19:37:00.0140 2864 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:37:00.0171 2864 NetDDE - ok
19:37:00.0187 2864 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:37:00.0203 2864 NetDDEdsdm - ok
19:37:00.0281 2864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:37:00.0281 2864 Netlogon - ok
19:37:00.0328 2864 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:37:00.0328 2864 Netman - ok
19:37:00.0390 2864 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:00.0390 2864 NetTcpPortSharing - ok
19:37:00.0453 2864 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:37:00.0453 2864 NetworkX - ok
19:37:00.0593 2864 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:37:00.0687 2864 Nla - ok
19:37:01.0000 2864 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:37:01.0000 2864 Npfs - ok
19:37:01.0062 2864 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:37:01.0062 2864 ns2501 - ok
19:37:01.0093 2864 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:37:01.0093 2864 ns387 - ok
19:37:01.0187 2864 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:37:01.0187 2864 Ntfs - ok
19:37:01.0250 2864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:37:01.0265 2864 NtLmSsp - ok
19:37:01.0359 2864 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:37:01.0375 2864 NtmsSvc - ok
19:37:01.0421 2864 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:37:01.0421 2864 Null - ok
19:37:01.0484 2864 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:37:01.0484 2864 NwlnkFlt - ok
19:37:01.0531 2864 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:37:01.0531 2864 NwlnkFwd - ok
19:37:01.0578 2864 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:37:01.0578 2864 NwlnkIpx - ok
19:37:01.0671 2864 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:37:01.0687 2864 NwlnkNb - ok
19:37:01.0718 2864 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:37:01.0718 2864 NwlnkSpx - ok
19:37:01.0796 2864 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:37:01.0812 2864 NwSapAgent - ok
19:37:01.0843 2864 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed Nov 07, 2012 8:08 pm

What did the GMER Rootkit scanner find?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Wed Nov 07, 2012 8:38 pm

Hi Dave:

It took all night to do the scan. Here are the results.

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2012-11-07 12:03:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400EB-75CPF0 rev.06.04G06
Running: izp4gifk.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxdyypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB173D7E4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB173CD90]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB173D44A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB173E040]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB173FC20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB173FF9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB173C77C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB173D9D0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB173DBE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB173C582]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB173E82A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB173EA80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB173F652]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB173D058]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB173D626]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB173E030]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB173C1B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB173D2F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB173C3B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB173EC8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB173F0E2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB173EEA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB173E5B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB173DE54]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB173F93E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB173E30A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB173CFC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB173D1DE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB173CB92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB173C980]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\temp\aulauncher.exe 1

---- Files - GMER 1.0.15 ----

File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\19AFEFF1-1141-4C9E-95DA-857FD675F4F7.data 3355933 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\19AFEFF1-1141-4C9E-95DA-857FD675F4F7.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1D2A5CCB-361A-41AC-AC2A-1D827D1C811C.data 1294 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1D2A5CCB-361A-41AC-AC2A-1D827D1C811C.data.info 276 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D73C69D-6F90-4D4D-9E56-0D40DB872FB5.data 624784 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D73C69D-6F90-4D4D-9E56-0D40DB872FB5.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\431CFA03-8191-419B-80DB-B6614769FA3E.data 1294 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\431CFA03-8191-419B-80DB-B6614769FA3E.data.info 276 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A883479-C55C-41EE-8D02-EE9CDEC9BD49.data 624784 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A883479-C55C-41EE-8D02-EE9CDEC9BD49.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\76EA4343-6C05-4DAA-B14B-356CDADBE4BF.data 1584640 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\76EA4343-6C05-4DAA-B14B-356CDADBE4BF.data.info 280 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\83F64329-2EAA-4F17-8EE5-35060D81B672.data 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\83F64329-2EAA-4F17-8EE5-35060D81B672.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----


Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed Nov 07, 2012 11:26 pm

I don't know what's happening with Comodo. Those HKEY codes that Comodo is coming up with are for your monitor. Is everything ok there?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu Nov 08, 2012 2:39 am

Hi Super Dave:

Computer seems afaster since we did the restore set point. Just worried about Comodo. Are those false positives? I am now using Comodo for my firewall and my antivirus as you suggesetd. AVG is totally gone now. Just wonder about Comodo if I do a scan and get a garbage/false positive result. As Comodo indicated in the last two scans there were four things that Comodo considered to be threats. Then Comodo says not all of the threats were removed. Should I plan on using GMER now and then to check for root kits? I just don't know what to think.

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu Nov 08, 2012 7:56 pm

Please clear your quarantine folder in Comodo and then run another scan and see what pops up.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Nov 09, 2012 4:49 am

Hi Super DAve:

I ran the Comodo Scan again as you suggested. I have two reports. The first report is before I attempted to clean everything up. The second report is what was left after I cleaned. It seems like the same four things are left after cleaning just like before. There is a place to mark these four items to be ignored in the future. Will that be OK for these four items? Might we assume that the four items are showing up because I am new to Comodo and once we place the four items in the ignore area Comodo will be OK for me to use in the future? Or will I get stuff like these four items from time to time and think that I am infected?


Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

Malware@#14w915lim8fze C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540998.data

Malware@#14w915lim8fze C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541000.data

Suspicious@#36bgpdtcj4ifg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540997.data

Suspicious@#8uzof4osf8tg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540999.data

Suspicious@#2auv3lb2ibtyx C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541003.data

Suspicious@#8uzof4osf8tg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541001.data

------
Not cleaned:

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------
Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Nov 09, 2012 8:14 pm

I'm going to check with my colleagues about this one. I have no idea why Comodo is showing those items while all the other scans are coming up clean.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Nov 09, 2012 8:31 pm

Hi Super Dave:

I did another scan with Comodo. Just those four items came up again. I will post for you to show to your colleagues. Is Comodo trying to sell me something? When the four items are found a screen shows up that says:

Warning: Four infections found. We recommend you work with a Geek Buddy Certified Microsoft Expert to make sure your computer is completely cleaned and optimized. Let a Geek Buddy assist you now.

------

I am then given two options: Yes, I want an expert to clean it. No, I will clean it myself.

------

Today instead of checking the "No, I will clean it myself" option I clicked on the "yes, I want an expert to clean it."

Guess what Dave? I have to give money to have the items cleaned! Do you know what these four items are? Are they legitmate threats? There is an option to place these items into the IGNORE for future scans area. I am tempted to do that. What do you think?

I am glad you are checking with your colleagues. If the Comodo is just trying to scare people such as myself and sell us things that is not right. I have never had a something like this happen before. My opinion would be that if Comodo is creating these results in order to sell something they should not be highly recommended any more.

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Nov 09, 2012 8:35 pm

Hi Super Dave:

I am sorry I forgot to post the results of the four items that can not be quarantened or cleaned by me alone and need Comodo Geek Buddy assistance. These appear to be the same four items that we have seen in the last few Comodo scans.

------

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Nov 09, 2012 11:19 pm

I am glad you are checking with your colleagues. If the Comodo is just trying to scare people such as myself and sell us things that is not right. I have never had a something like this happen before. My opinion would be that if Comodo is creating these results in order to sell something they should not be highly recommended any more.

Hi Karen, as I suspected those are false-positives from Comodo on your display drivers which is crazy. I would suggest that you dump Comodo and put something like [You must be registered and logged in to see this link.] on your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat Nov 10, 2012 5:03 am

Hi Super Dave:

Well I tried five times to download Zone Alarm AV and Firewall. It would start to go through the process of downloading and then I would get a message telling me to try later. The message said the download was corrupted or something. I am discouraged about this. I had removed Comodo prior to trying to download the Zone Alarm. I have no choice right now but to reload the Comodo. I can not be without protection. What do you think about putting those four items into the IGNORE area of Comodo?
For future scans those items would be ignored. You indicate the items are false positives so would that cause me any harm or risk?

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat Nov 10, 2012 7:28 pm

I can not be without protection. What do you think about putting those four items into the IGNORE area of Comodo?
For future scans those items would be ignored. You indicate the items are false positives so would that cause me any harm or risk?
You could always use the Windows Firewall of just ignore those four items. The choice is yours.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun Nov 11, 2012 12:43 am

Hi Super Dave:

As stated before I could not load Zone Alarm. I did redo Comodo for the firewall and antivirus. I have run two scans. The first scan picked up two things. The second scan picked up five things. In both cases all items were cleaned/quaranteened (sic). It appears that the four items are not back.

I am assuming I am clean and clear now. I think if those four items ever pop up again I will ask for the IGNORE in Comodo. What do you think?

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun Nov 11, 2012 1:59 am

I am assuming I am clean and clear now. I think if those four items ever pop up again I will ask for the IGNORE in Comodo. What do you think?
I would say that the computer is clean. I've been using Comodo for over two years with no such problems. If it did start acting up, I would dump it in a heartbeat. You could always download ZoneAlarm on another computer and transfer it to your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun Nov 11, 2012 11:03 pm

Hi Super Dave:

OK. Thanks for everything. My husband has an appointment this coming Wednesday for his heart. Once we have that behind us I am going to take some time to go over that final list of things you had regarding suggestions for staying safe and keeping my computer at its best.

I appreciate everything you have done for me.

Take care,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Mon Nov 12, 2012 3:07 am

You're welcome. I hope everything turns out ok for your husband.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Wed Nov 14, 2012 6:51 pm

Hi Super Dave:

I hope you are still there. Yesterday and today I have tried to install new Microsoft updates. The KB2698023 item will not install. I keep getting an error message about it.

Here are some of hte items I am getting:

Failed Updates
For help installing an update successfully, see the solution under each problem description.
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023)


Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
How to Uninstall
This software update can be removed via Add/Remove Programs in Control Panel.
Get help and support
[You must be registered and logged in to see this link.]
-----------

Did we do something to my computer that prevents me from downloading this update? I have never had this happen before. I tried to repeatedly download the item after rebooting. Are other people complaining about this? Is it a Microsoft problem?

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed Nov 14, 2012 8:16 pm

Did we do something to my computer that prevents me from downloading this update?
That happens sometimes when cleaning a computer. Please try this.

•Please download Dial-A-Fix from one of the following mirrors:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
to continue.

•Press the green double checkmark box (Looks like this:


UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu Nov 15, 2012 7:39 am

Hi Super DAve:

Well I did the Dial A Fix, actually twice. Tried to install the KB2698023 andn had no luck. The Microsoft Update seems to move along nicely and then finishes giving me an error that the install has failed. I ahve tried to use my Baseline Analayzer to give me help. No luck there. BA scans my computer and lets me know that KB2698023 is missing. Trying to download the update from BA does not work either. Is this a Microsoft thing? Are others complaining about this on the internet? I see some postings when I Google that I can not download KB2698023. The postings say things about framework 1.1 or something. The positings have elaborate and complicated work arounds to download this update.

Any ideas?

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28612
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu Nov 15, 2012 8:29 pm

Please take a look at some of [You must be registered and logged in to see this link.] to see if it will help.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum