BACK DOOR BOT OR TROJAN

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

BACK DOOR BOT OR TROJAN

Post by karenor on Sun 28 Oct 2012, 3:34 pm

First topic message reminder :

I have been infected before by the Back Door Bot and Trojan Agent. My computer all of a sudden has gotten very slow. The computer was also acting like someone else was in command of it. This is usually what happens right before I get infected. I am running Windows XP with Service Pack 3. All items are up to date on my computer. I also have the following items on my computer: Spy Bot, CCleaner, AVG, Super Anti Spyware, Baseline Security Analyzer, Commodo and Advanced System Care.

I had recently run a ESET scan when the computer began to get slow and it found and removed three items. Computer is still slow and is acting like it is infected. Also today before things got very, very bad I got a message from Commodo that said something had happened. Before I could react to the message I got another message indicating that I must download a driver for the computer. I thought it was from Commodo. But now I think it was a fake.

Now I have no sound on the computer. This lack of sound along with the computer being slow tells me that there must be some sort of infection. I could not do another ESET scan because ESET now only allows one scan per computer.

I am posting logs now.

Thanks in advance for helping me,
Karen
------------------
OTL logfile created on: 10/27/2012 6:48:34 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.00% Memory free
2.79 Gb Paging File | 2.15 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.11 Gb Free Space | 37.87% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/27 18:45:26 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2012/10/27 18:20:33 | 000,038,984 | ---- | M] (Dell Computer Corporation) -- C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TNAGSOU0\DellPCDiagnostics[1].exe
PRC - [2012/10/11 09:15:26 | 001,853,584 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2012/09/08 14:40:56 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 14:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/11 09:15:26 | 001,853,584 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
MOD - [2012/06/12 13:14:12 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/12 12:59:32 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/08 23:07:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/08 23:07:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/08 23:06:37 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/08 23:05:50 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/11 09:15:26 | 001,853,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/09/08 14:40:56 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\zntport.sys -- (zntport)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- -- (TICalc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\dwprot.sys -- (DwProt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/03 22:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/11 14:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 14:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 14:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/26 19:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/15 19:57:16 | 000,004,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti410.sys -- (ti410)
DRV - [2010/03/15 19:57:14 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ns2501.sys -- (ns2501)
DRV - [2010/03/15 19:57:14 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvds.sys -- (lvds)
DRV - [2010/03/15 19:57:14 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ns387.sys -- (ns387)
DRV - [2010/03/15 19:57:14 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sii164.sys -- (sii164)
DRV - [2010/03/15 19:57:14 | 000,004,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\th164.sys -- (th164)
DRV - [2009/12/16 12:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 12:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 21:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 09:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 14:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 14:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/06/04 21:42:56 | 000,256,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igdmini.sys -- (igdmini)
DRV - [2006/06/04 21:42:56 | 000,026,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ch7017.sys -- (ch7017)
DRV - [2006/06/04 21:42:56 | 000,020,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ch7009.sys -- (ch7009)
DRV - [2006/06/04 21:42:56 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fs454.sys -- (fs454)
DRV - [2006/06/04 21:42:56 | 000,002,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\d3dutil.sys -- (d3dUtil)
DRV - [2005/04/14 22:00:00 | 000,273,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 16:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 13:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 13:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {138CECA7-7232-4042-B714-FAE9103C16CD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{138CECA7-7232-4042-B714-FAE9103C16CD}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{16893532-B94A-4FE6-A974-410D82712695}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{355A080C-63DA-451C-8DEC-9C3DCC3AB5A0}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{5C52AD00-997C-4A1A-90B6-608B30DFD380}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6B96F3F7-2F5E-4E37-B9A8-FC0958A166E2}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9C976DE2-14F4-44C1-9413-E2935D28CA79}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/09 21:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\


O1 HOSTS File: ([2012/10/25 13:33:14 | 000,443,910 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15273 more lines...
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [You must be registered and logged in to see this link.] (BitDefender QuickScan Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} [You must be registered and logged in to see this link.] (AxisMediaControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Unable to open value key)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found


karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down


Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu 01 Nov 2012, 4:38 am

Are all of these items safe and good for my computer?
Yes, that should suffice. How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu 01 Nov 2012, 11:33 am

Hi Super Dave:

I have tried five times to run the ESET scan. The firs three times I got an error message: Unexpected Error 2003.

The last two times I tried to run the scan I got the message: Can not get update. Is Proxy configured?

What should I do?

Thanks,

Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu 01 Nov 2012, 12:19 pm

Ok. Let's try this one.

Scan your computer with Panda ActiveScan

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 03 Nov 2012, 5:57 am

Hi Super Dave:

I am sorry. I did not see the information about doing the Panda Scan until after I started the ESET scan. The ESET scan has been at 28% for some time now, but I think it might finish properly. I will post those results and then do the Panda scan for you.

Yesterday Comodo did a scan and declared that there were four threats to this computer. Comodo also said that all threats could not be removed. That is discouraging. I had marked the scan previously to scan for root kits. You will recall that you had me get rid of AVG and install Comodo. I will post the Comodo scan results for you now.

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

---------
You asked how my computer is running and it is still odd. One thing that is new and is also odd is that most all internet activity now gets a "Not Responding." Even when signing into your website!

I wanted to ask you about deleting my son as a user on this computer. I am the main user and the administrator. My son has not used the computer for several months. He lives somewhere else most of the time now. Can I delete him as a user on this computer? Will that help the computer? Will that harm the computer? Would it save any space on the comptuer?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 03 Nov 2012, 12:34 pm

Can I delete him as a user on this computer? Will that help the computer? Will that harm the computer? Would it save any space on the comptuer?
If he doesn't use the computer, you can delete his account but I don't think it will make much difference but it could save some space if you uninstall the programs that he had installed, if any. I'll wait for the ESET scan results and we'll take it from there.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 04 Nov 2012, 3:53 am

Hi Super Dave:

I was able to do the Padna Scan. It took a long, long time. Scan results say nothing was found. Posting this and then trying to do the ESET once again.
---------------
Today you are not infected.


We have detected that the COMODO Antivirus protection on your PC is enabled and up-to-date.

It is advisable to run a complete scan with ActiveScan 2.0 from time to time. This will minimize the chances of infection.
--------

Doing ESET now.

Thanks,
Karen
















karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 04 Nov 2012, 12:07 pm

Hi Super Dave:

I didn't get a chance to push anything for the report. Here is what the results said:

No threats found.
Scanned Files: 68,541
Infected Files: 0
Cleaned Files: 0
Total Scanned Time: 4:35:49
Scan Status: Finished

During the scan process Comodo went crazy. Comodo says it found threats that could not be deleted. What is up with this? If Comodo found stuff why didn't ESET? Is Comodo doing false positives?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun 04 Nov 2012, 12:50 pm

Ok. Let's do some cleanup and if Comodo keeps acting up, please let me know.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***********************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
**************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 06 Nov 2012, 3:40 pm

Hi Super Dave:

Well the computer is running faster. That is good. Today I did the Comodo scan. Once again four threats were found and sadly Comodo reports that it can not clear all four threats. This is disturbing. I am pasting what was found here for your. What can be done to clear these items up? They appear to be root kits.

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------------
Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed 07 Nov 2012, 7:40 am

All the scans we ran didn't detect any rootkits. Let's try a few more.


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
**********************************************************************
Download GMER Rootkit Scanner from here.

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
*Sections
*IAT/EAT
*Drives/Partition other than Systemdrive (typically C:\)
*Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Wed 07 Nov 2012, 2:50 pm

Hi Super Dave:

Nothing found here. I know that the Kaspersky is well respected. I don't understand why Comodo keeps saying that it finds things.

19:34:23.0906 4000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:34:25.0171 4000 ============================================================
19:34:25.0171 4000 Current date / time: 2012/11/06 19:34:25.0171
19:34:25.0171 4000 SystemInfo:
19:34:25.0171 4000
19:34:25.0171 4000 OS Version: 5.1.2600 ServicePack: 3.0
19:34:25.0171 4000 Product type: Workstation
19:34:25.0171 4000 ComputerName: KURTCOMPUTER
19:34:25.0171 4000 UserName: Owner
19:34:25.0171 4000 Windows directory: C:\WINDOWS
19:34:25.0171 4000 System windows directory: C:\WINDOWS
19:34:25.0171 4000 Processor architecture: Intel x86
19:34:25.0171 4000 Number of processors: 1
19:34:25.0171 4000 Page size: 0x1000
19:34:25.0171 4000 Boot type: Normal boot
19:34:25.0171 4000 ============================================================
19:34:28.0500 4000 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:34:28.0500 4000 ============================================================
19:34:28.0500 4000 \Device\Harddisk0\DR0:
19:34:28.0500 4000 MBR partitions:
19:34:28.0500 4000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:34:28.0500 4000 ============================================================
19:34:28.0546 4000 C: <-> \Device\Harddisk0\DR0\Partition1
19:34:28.0546 4000 ============================================================
19:34:28.0546 4000 Initialize success
19:34:28.0546 4000 ============================================================
19:35:39.0953 0512 ============================================================
19:35:39.0953 0512 Scan started
19:35:39.0953 0512 Mode: Manual;
19:35:39.0953 0512 ============================================================
19:35:40.0421 0512 ================ Scan system memory ========================
19:35:40.0421 0512 System memory - ok
19:35:40.0437 0512 ================ Scan services =============================
19:35:40.0625 0512 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:35:40.0781 0512 !SASCORE - ok
19:35:40.0953 0512 Abiosdsk - ok
19:35:40.0984 0512 abp480n5 - ok
19:35:41.0062 0512 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:35:41.0078 0512 ACPI - ok
19:35:41.0156 0512 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:35:41.0156 0512 ACPIEC - ok
19:35:41.0187 0512 adpu160m - ok
19:35:41.0265 0512 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:35:41.0265 0512 aeaudio - ok
19:35:41.0328 0512 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:35:41.0343 0512 aec - ok
19:35:41.0406 0512 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:35:41.0406 0512 Afc - ok
19:35:41.0468 0512 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:35:41.0484 0512 AFD - ok
19:35:41.0500 0512 Aha154x - ok
19:35:41.0515 0512 aic78u2 - ok
19:35:41.0531 0512 aic78xx - ok
19:35:41.0593 0512 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:35:41.0625 0512 Alerter - ok
19:35:41.0671 0512 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:35:41.0671 0512 ALG - ok
19:35:41.0703 0512 AliIde - ok
19:35:41.0734 0512 amsint - ok
19:35:41.0750 0512 AppMgmt - ok
19:35:41.0781 0512 asc - ok
19:35:41.0812 0512 asc3350p - ok
19:35:41.0828 0512 asc3550 - ok
19:35:42.0015 0512 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:35:42.0046 0512 aspnet_state - ok
19:35:42.0093 0512 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:35:42.0093 0512 AsyncMac - ok
19:35:42.0156 0512 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:35:42.0171 0512 atapi - ok
19:35:42.0187 0512 Atdisk - ok
19:35:42.0250 0512 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:35:42.0265 0512 Atmarpc - ok
19:35:42.0328 0512 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:35:42.0343 0512 AudioSrv - ok
19:35:42.0406 0512 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:35:42.0406 0512 audstub - ok
19:35:42.0468 0512 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:35:42.0468 0512 BANTExt - ok
19:35:42.0593 0512 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:35:42.0593 0512 bcm4sbxp - ok
19:35:42.0671 0512 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:35:42.0687 0512 BCMModem - ok
19:35:42.0765 0512 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:35:42.0781 0512 Beep - ok
19:35:42.0859 0512 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:35:43.0312 0512 BITS - ok
19:35:43.0390 0512 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:35:43.0500 0512 Browser - ok
19:35:43.0578 0512 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:35:43.0593 0512 cbidf2k - ok
19:35:43.0640 0512 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:35:43.0640 0512 CCDECODE - ok
19:35:43.0671 0512 cd20xrnt - ok
19:35:43.0734 0512 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:35:43.0734 0512 Cdaudio - ok
19:35:43.0828 0512 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:35:43.0828 0512 Cdfs - ok
19:35:43.0859 0512 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:35:43.0859 0512 Cdrom - ok
19:35:43.0937 0512 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:35:44.0046 0512 ch7009 - ok
19:35:44.0062 0512 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:35:44.0171 0512 ch7017 - ok
19:35:44.0203 0512 Changer - ok
19:35:44.0265 0512 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:35:44.0265 0512 CiSvc - ok
19:35:44.0312 0512 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:35:44.0312 0512 ClipSrv - ok
19:35:44.0359 0512 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:44.0500 0512 clr_optimization_v2.0.50727_32 - ok
19:35:44.0750 0512 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:35:44.0781 0512 cmdAgent - ok
19:35:44.0859 0512 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:35:44.0984 0512 cmderd - ok
19:35:45.0046 0512 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:35:45.0234 0512 cmdGuard - ok
19:35:45.0296 0512 [ 3036D1C981573BCA1DE1F9D0AFB7CFD2 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:35:45.0390 0512 cmdHlp - ok
19:35:45.0421 0512 CmdIde - ok
19:35:45.0484 0512 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:35:45.0593 0512 CoachUsb - ok
19:35:45.0609 0512 CoachVc - ok
19:35:45.0640 0512 COMSysApp - ok
19:35:45.0671 0512 Cpqarray - ok
19:35:45.0703 0512 Crypkey License - ok
19:35:45.0750 0512 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:35:45.0750 0512 CryptSvc - ok
19:35:45.0812 0512 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:35:45.0906 0512 d3dUtil - ok
19:35:45.0921 0512 dac2w2k - ok
19:35:45.0953 0512 dac960nt - ok
19:35:46.0046 0512 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:35:46.0140 0512 DcomLaunch - ok
19:35:46.0203 0512 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:35:46.0203 0512 Dhcp - ok
19:35:46.0281 0512 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:35:46.0281 0512 Disk - ok
19:35:46.0312 0512 dmadmin - ok
19:35:46.0406 0512 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:35:46.0437 0512 dmboot - ok
19:35:46.0484 0512 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:35:46.0500 0512 dmio - ok
19:35:46.0562 0512 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:35:46.0562 0512 dmload - ok
19:35:46.0625 0512 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:35:46.0625 0512 dmserver - ok
19:35:46.0687 0512 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:35:46.0703 0512 DMusic - ok
19:35:46.0781 0512 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:35:46.0781 0512 Dnscache - ok
19:35:46.0859 0512 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:35:46.0859 0512 Dot3svc - ok
19:35:46.0890 0512 dpti2o - ok
19:35:46.0953 0512 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:35:46.0953 0512 drmkaud - ok
19:35:46.0984 0512 DwProt - ok
19:35:47.0046 0512 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:35:47.0046 0512 EapHost - ok
19:35:47.0109 0512 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:35:47.0109 0512 ERSvc - ok
19:35:47.0171 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:35:47.0234 0512 Eventlog - ok
19:35:47.0312 0512 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:35:47.0328 0512 EventSystem - ok
19:35:47.0375 0512 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:35:47.0375 0512 Fastfat - ok
19:35:47.0484 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:35:47.0593 0512 FastUserSwitchingCompatibility - ok
19:35:47.0656 0512 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:35:47.0671 0512 Fdc - ok
19:35:47.0718 0512 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:35:47.0718 0512 Fips - ok
19:35:47.0750 0512 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:35:47.0750 0512 Flpydisk - ok
19:35:47.0828 0512 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:35:47.0828 0512 FltMgr - ok
19:35:48.0000 0512 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:48.0000 0512 FontCache3.0.0.0 - ok
19:35:48.0078 0512 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:35:48.0156 0512 fs454 - ok
19:35:48.0234 0512 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:35:48.0343 0512 fssfltr - ok
19:35:48.0500 0512 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:35:48.0687 0512 fsssvc - ok
19:35:48.0765 0512 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:35:48.0765 0512 Fs_Rec - ok
19:35:48.0843 0512 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:35:48.0843 0512 Ftdisk - ok
19:35:48.0921 0512 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:35:48.0937 0512 Gpc - ok
19:35:49.0031 0512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:49.0046 0512 gupdate - ok
19:35:49.0062 0512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:49.0062 0512 gupdatem - ok
19:35:49.0140 0512 helpsvc - ok
19:35:49.0171 0512 HidServ - ok
19:35:49.0265 0512 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:35:49.0265 0512 hkmsvc - ok
19:35:49.0296 0512 hpn - ok
19:35:49.0390 0512 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:35:49.0390 0512 HTTP - ok
19:35:49.0453 0512 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:35:49.0562 0512 HTTPFilter - ok
19:35:49.0593 0512 i2omgmt - ok
19:35:49.0625 0512 i2omp - ok
19:35:49.0671 0512 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:35:49.0671 0512 i8042prt - ok
19:35:49.0781 0512 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:35:49.0828 0512 ialm - ok
19:35:49.0984 0512 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:50.0031 0512 idsvc - ok
19:35:50.0125 0512 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:35:50.0250 0512 igdmini - ok
19:35:50.0328 0512 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:35:50.0328 0512 Imapi - ok
19:35:50.0437 0512 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:35:50.0437 0512 ImapiService - ok
19:35:50.0468 0512 ini910u - ok
19:35:50.0546 0512 [ BB916E9A279D1B35D895405DAF162F35 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:35:50.0656 0512 Inspect - ok
19:35:50.0703 0512 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:35:50.0703 0512 IntelIde - ok
19:35:50.0765 0512 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:35:50.0781 0512 intelppm - ok
19:35:50.0828 0512 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:35:50.0828 0512 ip6fw - ok
19:35:50.0890 0512 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:35:50.0890 0512 IpFilterDriver - ok
19:35:50.0937 0512 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:35:50.0937 0512 IpInIp - ok
19:35:51.0015 0512 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:35:51.0015 0512 IpNat - ok
19:35:51.0062 0512 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:35:51.0062 0512 IPSec - ok
19:35:51.0109 0512 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:35:51.0109 0512 IRENUM - ok
19:35:51.0171 0512 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:35:51.0187 0512 isapnp - ok
19:35:51.0234 0512 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:35:51.0234 0512 Kbdclass - ok
19:35:51.0296 0512 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:35:51.0296 0512 kmixer - ok
19:35:51.0359 0512 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:35:51.0359 0512 KSecDD - ok
19:35:51.0453 0512 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:35:51.0593 0512 lanmanserver - ok
19:35:51.0671 0512 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:35:51.0734 0512 lanmanworkstation - ok
19:35:51.0765 0512 lbrtfdc - ok
19:35:51.0859 0512 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:35:51.0875 0512 LmHosts - ok
19:35:51.0906 0512 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:35:52.0015 0512 lvds - ok
19:35:52.0218 0512 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:35:52.0421 0512 McciCMService - ok
19:35:52.0484 0512 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:35:52.0484 0512 Messenger - ok
19:35:52.0531 0512 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:35:52.0546 0512 mnmdd - ok
19:35:52.0609 0512 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:35:52.0609 0512 mnmsrvc - ok
19:35:52.0671 0512 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:35:52.0671 0512 Modem - ok
19:35:52.0734 0512 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:35:52.0734 0512 MODEMCSA - ok
19:35:52.0765 0512 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:35:52.0765 0512 Mouclass - ok
19:35:52.0812 0512 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:35:52.0812 0512 MountMgr - ok
19:35:52.0859 0512 mraid35x - ok
19:35:52.0921 0512 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:35:53.0031 0512 MREMP50 - ok
19:35:53.0093 0512 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:35:53.0203 0512 MREMPR5 - ok
19:35:53.0218 0512 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:35:53.0328 0512 MRENDIS5 - ok
19:35:53.0359 0512 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:35:53.0468 0512 MRESP50 - ok
19:35:53.0515 0512 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:35:53.0531 0512 MRxDAV - ok
19:35:53.0640 0512 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:35:53.0656 0512 MRxSmb - ok
19:35:53.0718 0512 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:35:53.0734 0512 MSDTC - ok
19:35:53.0765 0512 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:35:53.0781 0512 Msfs - ok
19:35:53.0796 0512 MSIServer - ok
19:35:53.0843 0512 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:35:53.0843 0512 MSKSSRV - ok
19:35:53.0875 0512 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:35:53.0890 0512 MSPCLOCK - ok
19:35:53.0921 0512 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:35:53.0921 0512 MSPQM - ok
19:35:53.0984 0512 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:35:53.0984 0512 mssmbios - ok
19:35:54.0062 0512 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:35:54.0062 0512 MSTEE - ok
19:35:54.0156 0512 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:35:54.0296 0512 Mup - ok
19:35:54.0343 0512 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:35:54.0359 0512 NABTSFEC - ok
19:35:54.0421 0512 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:35:54.0468 0512 napagent - ok
19:35:54.0531 0512 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:35:54.0546 0512 NDIS - ok
19:35:54.0625 0512 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:35:54.0625 0512 NdisIP - ok
19:35:54.0687 0512 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:35:54.0687 0512 NdisTapi - ok
19:35:54.0750 0512 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:35:54.0750 0512 Ndisuio - ok
19:35:54.0812 0512 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:35:54.0812 0512 NdisWan - ok
19:35:54.0890 0512 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:35:55.0000 0512 NDProxy - ok
19:35:55.0031 0512 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:35:55.0031 0512 NetBIOS - ok
19:35:55.0078 0512 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:35:55.0109 0512 NetBT - ok
19:35:55.0171 0512 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:35:55.0171 0512 NetDDE - ok
19:35:55.0203 0512 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:35:55.0218 0512 NetDDEdsdm - ok
19:35:55.0296 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:35:55.0296 0512 Netlogon - ok
19:35:55.0343 0512 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:35:55.0359 0512 Netman - ok
19:35:55.0421 0512 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:55.0421 0512 NetTcpPortSharing - ok
19:35:55.0484 0512 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:35:55.0500 0512 NetworkX - ok
19:35:55.0593 0512 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:35:55.0609 0512 Nla - ok
19:35:55.0671 0512 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:35:55.0671 0512 Npfs - ok
19:35:55.0734 0512 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:35:55.0843 0512 ns2501 - ok
19:35:55.0875 0512 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:35:55.0984 0512 ns387 - ok
19:35:56.0093 0512 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:35:56.0125 0512 Ntfs - ok
19:35:56.0171 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:35:56.0171 0512 NtLmSsp - ok
19:35:56.0281 0512 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:35:56.0359 0512 NtmsSvc - ok
19:35:56.0421 0512 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:35:56.0437 0512 Null - ok
19:35:56.0500 0512 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:35:56.0515 0512 NwlnkFlt - ok
19:35:56.0562 0512 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:35:56.0578 0512 NwlnkFwd - ok
19:35:56.0625 0512 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:35:56.0625 0512 NwlnkIpx - ok
19:35:56.0734 0512 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:35:56.0750 0512 NwlnkNb - ok
19:35:56.0781 0512 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:35:56.0796 0512 NwlnkSpx - ok
19:35:56.0875 0512 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:35:56.0890 0512 NwSapAgent - ok
19:35:56.0937 0512 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:35:57.0062 0512 OMCI - ok
19:35:57.0125 0512 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:35:57.0140 0512 Parport - ok
19:35:57.0187 0512 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:35:57.0187 0512 PartMgr - ok
19:35:57.0250 0512 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:35:57.0265 0512 ParVdm - ok
19:35:57.0359 0512 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{E9D79540-57D5953E-06020200}_0 c:\program files\dell support center\pcdsrvc.pkms
19:35:57.0531 0512 PCDSRVC{E9D79540-57D5953E-06020200}_0 - ok
19:35:57.0562 0512 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:35:57.0562 0512 PCI - ok
19:35:57.0593 0512 PCIDump - ok
19:35:57.0656 0512 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
19:35:57.0671 0512 PCIIde - ok
19:35:57.0734 0512 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:35:57.0750 0512 Pcmcia - ok
19:35:57.0781 0512 PDCOMP - ok
19:35:57.0812 0512 PDFRAME - ok
19:35:57.0828 0512 PDRELI - ok
19:35:57.0859 0512 PDRFRAME - ok
19:35:57.0890 0512 perc2 - ok
19:35:57.0937 0512 perc2hib - ok
19:35:58.0046 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:35:58.0062 0512 PlugPlay - ok
19:35:58.0234 0512 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
19:35:58.0562 0512 PMBDeviceInfoProvider - ok
19:35:58.0625 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:35:58.0625 0512 PolicyAgent - ok
19:35:58.0703 0512 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:35:58.0718 0512 PptpMiniport - ok
19:35:58.0750 0512 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:35:58.0765 0512 Processor - ok
19:35:58.0796 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:35:58.0796 0512 ProtectedStorage - ok
19:35:58.0828 0512 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:35:58.0828 0512 PSched - ok
19:35:58.0906 0512 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:35:58.0906 0512 Ptilink - ok
19:35:59.0000 0512 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:35:59.0000 0512 PxHelp20 - ok
19:35:59.0031 0512 ql1080 - ok
19:35:59.0062 0512 Ql10wnt - ok
19:35:59.0093 0512 ql12160 - ok
19:35:59.0125 0512 ql1240 - ok
19:35:59.0156 0512 ql1280 - ok
19:35:59.0218 0512 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:35:59.0218 0512 RasAcd - ok
19:35:59.0296 0512 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:35:59.0312 0512 RasAuto - ok
19:35:59.0343 0512 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:35:59.0343 0512 Rasl2tp - ok
19:35:59.0437 0512 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:35:59.0453 0512 RasMan - ok
19:35:59.0500 0512 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:35:59.0515 0512 RasPppoe - ok
19:35:59.0562 0512 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:35:59.0562 0512 Raspti - ok
19:35:59.0640 0512 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:35:59.0640 0512 Rdbss - ok
19:35:59.0687 0512 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:35:59.0687 0512 RDPCDD - ok
19:35:59.0812 0512 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:35:59.0921 0512 RDPWD - ok
19:36:00.0000 0512 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:36:00.0015 0512 RDSessMgr - ok
19:36:00.0078 0512 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:00.0078 0512 redbook - ok
19:36:00.0140 0512 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:36:00.0156 0512 RemoteAccess - ok
19:36:00.0234 0512 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:36:00.0250 0512 RpcLocator - ok
19:36:00.0328 0512 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:36:00.0343 0512 RpcSs - ok
19:36:00.0421 0512 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:36:00.0453 0512 RSVP - ok
19:36:00.0531 0512 SABProcEnum - ok
19:36:00.0578 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:36:00.0578 0512 SamSs - ok
19:36:00.0656 0512 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:36:00.0671 0512 SASDIFSV - ok
19:36:00.0718 0512 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:36:00.0718 0512 SASKUTIL - ok
19:36:00.0781 0512 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:36:00.0796 0512 SCardSvr - ok
19:36:00.0890 0512 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:36:00.0906 0512 Schedule - ok
19:36:00.0984 0512 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:01.0000 0512 Secdrv - ok
19:36:01.0046 0512 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:36:01.0062 0512 seclogon - ok
19:36:01.0125 0512 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:36:01.0125 0512 SENS - ok
19:36:01.0203 0512 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:01.0218 0512 serenum - ok
19:36:01.0281 0512 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:01.0281 0512 Serial - ok
19:36:01.0390 0512 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:01.0406 0512 Sfloppy - ok
19:36:01.0500 0512 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:36:01.0531 0512 SharedAccess - ok
19:36:01.0578 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:36:01.0593 0512 ShellHWDetection - ok
19:36:01.0625 0512 [ 2327F5FFA223EC9B415F4A0CDBDF4EE1 ] sii164 C:\WINDOWS\system32\DRIVERS\sii164.sys
19:36:01.0734 0512 sii164 - ok
19:36:01.0765 0512 Simbad - ok
19:36:01.0843 0512 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:36:01.0859 0512 SLIP - ok
19:36:01.0921 0512 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
19:36:02.0046 0512 SmartDefragDriver - ok
19:36:02.0187 0512 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:36:02.0187 0512 smwdm - ok
19:36:02.0234 0512 Sparrow - ok
19:36:02.0296 0512 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:36:02.0296 0512 splitter - ok
19:36:02.0375 0512 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:36:02.0390 0512 Spooler - ok
19:36:02.0453 0512 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:02.0468 0512 sr - ok
19:36:02.0546 0512 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:36:02.0562 0512 srservice - ok
19:36:02.0671 0512 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:02.0687 0512 Srv - ok
19:36:02.0781 0512 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:36:02.0781 0512 SSDPSRV - ok
19:36:02.0875 0512 [ EE74E3B1B521CEF8E8C9D008E4BDB45C ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
19:36:03.0062 0512 STAC97 - ok
19:36:03.0203 0512 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:36:03.0265 0512 stisvc - ok
19:36:03.0328 0512 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:36:03.0328 0512 streamip - ok
19:36:03.0359 0512 SVKP - ok
19:36:03.0421 0512 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:03.0437 0512 swenum - ok
19:36:03.0484 0512 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:36:03.0484 0512 swmidi - ok
19:36:03.0515 0512 SwPrv - ok
19:36:03.0562 0512 symc810 - ok
19:36:03.0593 0512 symc8xx - ok
19:36:03.0625 0512 sym_hi - ok
19:36:03.0656 0512 sym_u3 - ok
19:36:03.0703 0512 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:03.0718 0512 sysaudio - ok
19:36:03.0765 0512 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:36:03.0781 0512 SysmonLog - ok
19:36:04.0015 0512 SysProtDrv.sys - ok
19:36:04.0093 0512 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:36:04.0109 0512 TapiSrv - ok
19:36:04.0218 0512 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:04.0234 0512 Tcpip - ok
19:36:04.0296 0512 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:04.0296 0512 TDPIPE - ok
19:36:04.0375 0512 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:04.0375 0512 TDTCP - ok
19:36:04.0437 0512 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:04.0468 0512 TermDD - ok
19:36:04.0546 0512 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:36:04.0593 0512 TermService - ok
19:36:04.0656 0512 [ 201BE1C73FA333A8872AD738AC49B9B4 ] th164 C:\WINDOWS\system32\DRIVERS\th164.sys
19:36:04.0781 0512 th164 - ok
19:36:04.0828 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:36:04.0843 0512 Themes - ok
19:36:04.0875 0512 [ AB9720ADBE304893516521D2E440BD45 ] ti410 C:\WINDOWS\system32\DRIVERS\ti410.sys
19:36:04.0984 0512 ti410 - ok
19:36:05.0015 0512 TICalc - ok
19:36:05.0109 0512 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
19:36:05.0218 0512 tmcomm - ok
19:36:05.0250 0512 TosIde - ok
19:36:05.0343 0512 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:36:05.0359 0512 TrkWks - ok
19:36:05.0421 0512 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:36:05.0437 0512 Udfs - ok
19:36:05.0515 0512 ultra - ok
19:36:05.0609 0512 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:36:05.0640 0512 Update - ok
19:36:05.0718 0512 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:36:05.0734 0512 upnphost - ok
19:36:05.0796 0512 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:36:05.0796 0512 UPS - ok
19:36:05.0859 0512 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:05.0859 0512 usbehci - ok
19:36:05.0937 0512 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:05.0937 0512 usbhub - ok
19:36:06.0015 0512 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:06.0015 0512 usbscan - ok
19:36:06.0062 0512 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:06.0078 0512 USBSTOR - ok
19:36:06.0109 0512 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:36:06.0125 0512 usbuhci - ok
19:36:06.0156 0512 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:36:06.0187 0512 VgaSave - ok
19:36:06.0234 0512 ViaIde - ok
19:36:06.0296 0512 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:06.0312 0512 VolSnap - ok
19:36:06.0406 0512 [ 699FD04EC634BB3681F11B427F852187 ] vsdatant C:\WINDOWS\System32\vsdatant.sys
19:36:06.0562 0512 vsdatant - ok
19:36:06.0640 0512 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:36:06.0687 0512 VSS - ok
19:36:06.0765 0512 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:36:06.0781 0512 W32Time - ok
19:36:06.0843 0512 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:06.0843 0512 Wanarp - ok
19:36:06.0890 0512 WDICA - ok
19:36:06.0968 0512 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:06.0968 0512 wdmaud - ok
19:36:07.0031 0512 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:36:07.0046 0512 WebClient - ok
19:36:07.0218 0512 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:07.0265 0512 winmgmt - ok
19:36:07.0406 0512 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:36:07.0515 0512 WmdmPmSN - ok
19:36:07.0609 0512 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:36:07.0609 0512 WmiApSrv - ok
19:36:07.0656 0512 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
19:36:07.0781 0512 WpdUsb - ok
19:36:07.0859 0512 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:36:07.0859 0512 WS2IFSL - ok
19:36:07.0953 0512 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:36:08.0015 0512 wscsvc - ok
19:36:08.0046 0512 WSearch - ok
19:36:08.0125 0512 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:36:08.0125 0512 WSTCODEC - ok
19:36:08.0234 0512 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:36:08.0281 0512 wuauserv - ok
19:36:08.0343 0512 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:08.0343 0512 WudfPf - ok
19:36:08.0437 0512 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:08.0437 0512 WudfRd - ok
19:36:08.0515 0512 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:36:08.0531 0512 WudfSvc - ok
19:36:08.0609 0512 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:36:08.0640 0512 xmlprov - ok
19:36:08.0671 0512 zntport - ok
19:36:08.0765 0512 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:36:08.0875 0512 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:36:08.0968 0512 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:36:09.0093 0512 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:36:09.0109 0512 ================ Scan global ===============================
19:36:09.0187 0512 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:36:09.0281 0512 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:36:09.0328 0512 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:36:09.0406 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:36:09.0421 0512 [Global] - ok
19:36:09.0437 0512 ================ Scan MBR ==================================
19:36:09.0453 0512 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:36:09.0687 0512 \Device\Harddisk0\DR0 - ok
19:36:09.0703 0512 ================ Scan VBR ==================================
19:36:09.0718 0512 [ D1DAFF5B33FC746EBC58ADAEC37E6BBC ] \Device\Harddisk0\DR0\Partition1
19:36:09.0718 0512 \Device\Harddisk0\DR0\Partition1 - ok
19:36:09.0718 0512 ============================================================
19:36:09.0718 0512 Scan finished
19:36:09.0718 0512 ============================================================
19:36:09.0750 0752 Detected object count: 0
19:36:09.0765 0752 Actual detected object count: 0
19:36:48.0781 2864 ============================================================
19:36:48.0781 2864 Scan started
19:36:48.0781 2864 Mode: Manual;
19:36:48.0781 2864 ============================================================
19:36:49.0015 2864 ================ Scan system memory ========================
19:36:49.0031 2864 System memory - ok
19:36:49.0031 2864 ================ Scan services =============================
19:36:49.0171 2864 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:36:49.0171 2864 !SASCORE - ok
19:36:49.0390 2864 Abiosdsk - ok
19:36:49.0406 2864 abp480n5 - ok
19:36:49.0484 2864 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:49.0484 2864 ACPI - ok
19:36:49.0578 2864 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:36:49.0578 2864 ACPIEC - ok
19:36:49.0609 2864 adpu160m - ok
19:36:49.0687 2864 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:36:49.0687 2864 aeaudio - ok
19:36:49.0734 2864 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:36:49.0734 2864 aec - ok
19:36:49.0796 2864 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:36:49.0796 2864 Afc - ok
19:36:49.0875 2864 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:36:49.0875 2864 AFD - ok
19:36:49.0906 2864 Aha154x - ok
19:36:49.0921 2864 aic78u2 - ok
19:36:49.0953 2864 aic78xx - ok
19:36:50.0000 2864 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:36:50.0000 2864 Alerter - ok
19:36:50.0078 2864 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:36:50.0078 2864 ALG - ok
19:36:50.0109 2864 AliIde - ok
19:36:50.0125 2864 amsint - ok
19:36:50.0156 2864 AppMgmt - ok
19:36:50.0171 2864 asc - ok
19:36:50.0203 2864 asc3350p - ok
19:36:50.0234 2864 asc3550 - ok
19:36:50.0390 2864 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:50.0390 2864 aspnet_state - ok
19:36:50.0437 2864 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:50.0453 2864 AsyncMac - ok
19:36:50.0484 2864 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:50.0500 2864 atapi - ok
19:36:50.0515 2864 Atdisk - ok
19:36:50.0578 2864 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:50.0578 2864 Atmarpc - ok
19:36:50.0640 2864 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:36:50.0640 2864 AudioSrv - ok
19:36:50.0703 2864 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:50.0703 2864 audstub - ok
19:36:50.0765 2864 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:36:50.0765 2864 BANTExt - ok
19:36:50.0875 2864 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:36:50.0890 2864 bcm4sbxp - ok
19:36:50.0984 2864 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:36:51.0000 2864 BCMModem - ok
19:36:51.0078 2864 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:36:51.0078 2864 Beep - ok
19:36:51.0187 2864 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:36:51.0203 2864 BITS - ok
19:36:51.0265 2864 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:36:51.0281 2864 Browser - ok
19:36:51.0359 2864 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:51.0375 2864 cbidf2k - ok
19:36:51.0421 2864 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:36:51.0421 2864 CCDECODE - ok
19:36:51.0453 2864 cd20xrnt - ok
19:36:51.0515 2864 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:51.0515 2864 Cdaudio - ok
19:36:51.0609 2864 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:51.0609 2864 Cdfs - ok
19:36:51.0640 2864 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:51.0640 2864 Cdrom - ok
19:36:51.0703 2864 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:36:51.0703 2864 ch7009 - ok
19:36:51.0734 2864 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:36:51.0734 2864 ch7017 - ok
19:36:51.0765 2864 Changer - ok
19:36:51.0828 2864 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:36:51.0828 2864 CiSvc - ok
19:36:51.0859 2864 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:36:51.0859 2864 ClipSrv - ok
19:36:51.0906 2864 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:51.0921 2864 clr_optimization_v2.0.50727_32 - ok
19:36:52.0140 2864 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:36:52.0171 2864 cmdAgent - ok
19:36:52.0250 2864 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:36:52.0250 2864 cmderd - ok
19:36:52.0375 2864 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:36:52.0390 2864 cmdGuard - ok
19:36:52.0437 2864 [ 3036D1C981573BCA1DE1F9D0AFB7CFD2 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:36:52.0453 2864 cmdHlp - ok
19:36:52.0468 2864 CmdIde - ok
19:36:52.0531 2864 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:36:52.0546 2864 CoachUsb - ok
19:36:52.0578 2864 CoachVc - ok
19:36:52.0593 2864 COMSysApp - ok
19:36:52.0640 2864 Cpqarray - ok
19:36:52.0671 2864 Crypkey License - ok
19:36:52.0718 2864 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:36:52.0718 2864 CryptSvc - ok
19:36:52.0765 2864 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:36:52.0765 2864 d3dUtil - ok
19:36:52.0796 2864 dac2w2k - ok
19:36:52.0828 2864 dac960nt - ok
19:36:52.0921 2864 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:36:52.0937 2864 DcomLaunch - ok
19:36:53.0000 2864 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:36:53.0000 2864 Dhcp - ok
19:36:53.0062 2864 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:53.0062 2864 Disk - ok
19:36:53.0093 2864 dmadmin - ok
19:36:53.0187 2864 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:36:53.0203 2864 dmboot - ok
19:36:53.0265 2864 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:36:53.0265 2864 dmio - ok
19:36:53.0312 2864 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:36:53.0312 2864 dmload - ok
19:36:53.0375 2864 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:36:53.0375 2864 dmserver - ok
19:36:53.0453 2864 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:36:53.0453 2864 DMusic - ok
19:36:53.0531 2864 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:36:53.0531 2864 Dnscache - ok
19:36:53.0609 2864 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:36:53.0609 2864 Dot3svc - ok
19:36:53.0640 2864 dpti2o - ok
19:36:53.0703 2864 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:53.0703 2864 drmkaud - ok
19:36:53.0734 2864 DwProt - ok
19:36:53.0781 2864 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:36:53.0781 2864 EapHost - ok
19:36:53.0875 2864 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:36:53.0875 2864 ERSvc - ok
19:36:53.0953 2864 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:36:53.0953 2864 Eventlog - ok
19:36:54.0031 2864 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:36:54.0046 2864 EventSystem - ok
19:36:54.0093 2864 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:54.0093 2864 Fastfat - ok
19:36:54.0187 2864 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:36:54.0203 2864 FastUserSwitchingCompatibility - ok
19:36:54.0296 2864 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:36:54.0312 2864 Fdc - ok
19:36:54.0359 2864 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:36:54.0359 2864 Fips - ok
19:36:54.0406 2864 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:36:54.0406 2864 Flpydisk - ok
19:36:54.0468 2864 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:54.0468 2864 FltMgr - ok
19:36:54.0609 2864 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:54.0609 2864 FontCache3.0.0.0 - ok
19:36:54.0687 2864 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:36:54.0687 2864 fs454 - ok
19:36:54.0750 2864 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:36:54.0750 2864 fssfltr - ok
19:36:54.0921 2864 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:36:54.0937 2864 fsssvc - ok
19:36:55.0000 2864 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:55.0000 2864 Fs_Rec - ok
19:36:55.0078 2864 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:55.0078 2864 Ftdisk - ok
19:36:55.0156 2864 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:55.0156 2864 Gpc - ok
19:36:55.0265 2864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:55.0265 2864 gupdate - ok
19:36:55.0281 2864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:55.0296 2864 gupdatem - ok
19:36:55.0359 2864 helpsvc - ok
19:36:55.0390 2864 HidServ - ok
19:36:55.0468 2864 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:36:55.0484 2864 hkmsvc - ok
19:36:55.0500 2864 hpn - ok
19:36:55.0578 2864 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:55.0578 2864 HTTP - ok
19:36:55.0640 2864 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:36:55.0656 2864 HTTPFilter - ok
19:36:55.0687 2864 i2omgmt - ok
19:36:55.0718 2864 i2omp - ok
19:36:55.0765 2864 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:55.0765 2864 i8042prt - ok
19:36:55.0890 2864 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:36:55.0890 2864 ialm - ok
19:36:56.0046 2864 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:56.0062 2864 idsvc - ok
19:36:56.0140 2864 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:36:56.0140 2864 igdmini - ok
19:36:56.0218 2864 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:56.0218 2864 Imapi - ok
19:36:56.0312 2864 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:36:56.0328 2864 ImapiService - ok
19:36:56.0359 2864 ini910u - ok
19:36:56.0453 2864 [ BB916E9A279D1B35D895405DAF162F35 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:36:56.0453 2864 Inspect - ok
19:36:56.0484 2864 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:36:56.0484 2864 IntelIde - ok
19:36:56.0546 2864 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:56.0546 2864 intelppm - ok
19:36:56.0593 2864 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:56.0609 2864 ip6fw - ok
19:36:56.0671 2864 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:56.0671 2864 IpFilterDriver - ok
19:36:56.0718 2864 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:56.0718 2864 IpInIp - ok
19:36:56.0796 2864 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:56.0796 2864 IpNat - ok
19:36:56.0843 2864 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:56.0843 2864 IPSec - ok
19:36:56.0890 2864 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:56.0906 2864 IRENUM - ok
19:36:56.0953 2864 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:56.0953 2864 isapnp - ok
19:36:56.0968 2864 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:56.0984 2864 Kbdclass - ok
19:36:57.0031 2864 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:36:57.0031 2864 kmixer - ok
19:36:57.0078 2864 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:57.0078 2864 KSecDD - ok
19:36:57.0171 2864 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:36:57.0187 2864 lanmanserver - ok
19:36:57.0296 2864 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:36:57.0312 2864 lanmanworkstation - ok
19:36:57.0328 2864 lbrtfdc - ok
19:36:57.0421 2864 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:36:57.0421 2864 LmHosts - ok
19:36:57.0468 2864 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:36:57.0468 2864 lvds - ok
19:36:57.0703 2864 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:36:57.0703 2864 McciCMService - ok
19:36:57.0750 2864 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:36:57.0765 2864 Messenger - ok
19:36:57.0812 2864 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:57.0812 2864 mnmdd - ok
19:36:57.0875 2864 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:36:57.0875 2864 mnmsrvc - ok
19:36:57.0937 2864 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:36:57.0937 2864 Modem - ok
19:36:58.0000 2864 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:36:58.0015 2864 MODEMCSA - ok
19:36:58.0031 2864 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:58.0031 2864 Mouclass - ok
19:36:58.0093 2864 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:58.0093 2864 MountMgr - ok
19:36:58.0125 2864 mraid35x - ok
19:36:58.0203 2864 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:36:58.0203 2864 MREMP50 - ok
19:36:58.0265 2864 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:36:58.0265 2864 MREMPR5 - ok
19:36:58.0312 2864 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:36:58.0312 2864 MRENDIS5 - ok
19:36:58.0343 2864 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:36:58.0343 2864 MRESP50 - ok
19:36:58.0390 2864 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:58.0390 2864 MRxDAV - ok
19:36:58.0500 2864 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:58.0515 2864 MRxSmb - ok
19:36:58.0578 2864 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:36:58.0578 2864 MSDTC - ok
19:36:58.0640 2864 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:36:58.0640 2864 Msfs - ok
19:36:58.0671 2864 MSIServer - ok
19:36:58.0718 2864 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:58.0718 2864 MSKSSRV - ok
19:36:58.0765 2864 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:58.0765 2864 MSPCLOCK - ok
19:36:58.0796 2864 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:58.0796 2864 MSPQM - ok
19:36:58.0875 2864 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:58.0875 2864 mssmbios - ok
19:36:58.0937 2864 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:36:58.0937 2864 MSTEE - ok
19:36:59.0015 2864 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:36:59.0015 2864 Mup - ok
19:36:59.0093 2864 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:36:59.0093 2864 NABTSFEC - ok
19:36:59.0187 2864 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:36:59.0203 2864 napagent - ok
19:36:59.0281 2864 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:36:59.0281 2864 NDIS - ok
19:36:59.0375 2864 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:36:59.0375 2864 NdisIP - ok
19:36:59.0437 2864 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:59.0437 2864 NdisTapi - ok
19:36:59.0468 2864 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:59.0484 2864 Ndisuio - ok
19:36:59.0687 2864 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:59.0703 2864 NdisWan - ok
19:36:59.0875 2864 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:59.0875 2864 NDProxy - ok
19:36:59.0984 2864 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:37:00.0000 2864 NetBIOS - ok
19:37:00.0062 2864 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:37:00.0078 2864 NetBT - ok
19:37:00.0140 2864 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:37:00.0171 2864 NetDDE - ok
19:37:00.0187 2864 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:37:00.0203 2864 NetDDEdsdm - ok
19:37:00.0281 2864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:37:00.0281 2864 Netlogon - ok
19:37:00.0328 2864 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:37:00.0328 2864 Netman - ok
19:37:00.0390 2864 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:00.0390 2864 NetTcpPortSharing - ok
19:37:00.0453 2864 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:37:00.0453 2864 NetworkX - ok
19:37:00.0593 2864 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:37:00.0687 2864 Nla - ok
19:37:01.0000 2864 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:37:01.0000 2864 Npfs - ok
19:37:01.0062 2864 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:37:01.0062 2864 ns2501 - ok
19:37:01.0093 2864 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:37:01.0093 2864 ns387 - ok
19:37:01.0187 2864 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:37:01.0187 2864 Ntfs - ok
19:37:01.0250 2864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:37:01.0265 2864 NtLmSsp - ok
19:37:01.0359 2864 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:37:01.0375 2864 NtmsSvc - ok
19:37:01.0421 2864 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:37:01.0421 2864 Null - ok
19:37:01.0484 2864 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:37:01.0484 2864 NwlnkFlt - ok
19:37:01.0531 2864 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:37:01.0531 2864 NwlnkFwd - ok
19:37:01.0578 2864 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:37:01.0578 2864 NwlnkIpx - ok
19:37:01.0671 2864 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:37:01.0687 2864 NwlnkNb - ok
19:37:01.0718 2864 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:37:01.0718 2864 NwlnkSpx - ok
19:37:01.0796 2864 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:37:01.0812 2864 NwSapAgent - ok
19:37:01.0843 2864 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu 08 Nov 2012, 7:08 am

What did the GMER Rootkit scanner find?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu 08 Nov 2012, 7:38 am

Hi Dave:

It took all night to do the scan. Here are the results.

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2012-11-07 12:03:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400EB-75CPF0 rev.06.04G06
Running: izp4gifk.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxdyypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB173D7E4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB173CD90]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB173D44A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB173E040]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB173FC20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB173FF9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB173C77C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB173D9D0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB173DBE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB173C582]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB173E82A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB173EA80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB173F652]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB173D058]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB173D626]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB173E030]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB173C1B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB173D2F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB173C3B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB173EC8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB173F0E2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB173EEA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB173E5B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB173DE54]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB173F93E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB173E30A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB173CFC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB173D1DE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB173CB92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB173C980]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\temp\aulauncher.exe 1

---- Files - GMER 1.0.15 ----

File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\19AFEFF1-1141-4C9E-95DA-857FD675F4F7.data 3355933 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\19AFEFF1-1141-4C9E-95DA-857FD675F4F7.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1D2A5CCB-361A-41AC-AC2A-1D827D1C811C.data 1294 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1D2A5CCB-361A-41AC-AC2A-1D827D1C811C.data.info 276 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D73C69D-6F90-4D4D-9E56-0D40DB872FB5.data 624784 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D73C69D-6F90-4D4D-9E56-0D40DB872FB5.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\431CFA03-8191-419B-80DB-B6614769FA3E.data 1294 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\431CFA03-8191-419B-80DB-B6614769FA3E.data.info 276 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A883479-C55C-41EE-8D02-EE9CDEC9BD49.data 624784 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A883479-C55C-41EE-8D02-EE9CDEC9BD49.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\76EA4343-6C05-4DAA-B14B-356CDADBE4BF.data 1584640 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\76EA4343-6C05-4DAA-B14B-356CDADBE4BF.data.info 280 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\83F64329-2EAA-4F17-8EE5-35060D81B672.data 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\83F64329-2EAA-4F17-8EE5-35060D81B672.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----


Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu 08 Nov 2012, 10:26 am

I don't know what's happening with Comodo. Those HKEY codes that Comodo is coming up with are for your monitor. Is everything ok there?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu 08 Nov 2012, 1:39 pm

Hi Super Dave:

Computer seems afaster since we did the restore set point. Just worried about Comodo. Are those false positives? I am now using Comodo for my firewall and my antivirus as you suggesetd. AVG is totally gone now. Just wonder about Comodo if I do a scan and get a garbage/false positive result. As Comodo indicated in the last two scans there were four things that Comodo considered to be threats. Then Comodo says not all of the threats were removed. Should I plan on using GMER now and then to check for root kits? I just don't know what to think.

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri 09 Nov 2012, 6:56 am

Please clear your quarantine folder in Comodo and then run another scan and see what pops up.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri 09 Nov 2012, 3:49 pm

Hi Super DAve:

I ran the Comodo Scan again as you suggested. I have two reports. The first report is before I attempted to clean everything up. The second report is what was left after I cleaned. It seems like the same four things are left after cleaning just like before. There is a place to mark these four items to be ignored in the future. Will that be OK for these four items? Might we assume that the four items are showing up because I am new to Comodo and once we place the four items in the ignore area Comodo will be OK for me to use in the future? Or will I get stuff like these four items from time to time and think that I am infected?


Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

Malware@#14w915lim8fze C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540998.data

Malware@#14w915lim8fze C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541000.data

Suspicious@#36bgpdtcj4ifg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540997.data

Suspicious@#8uzof4osf8tg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540999.data

Suspicious@#2auv3lb2ibtyx C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541003.data

Suspicious@#8uzof4osf8tg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541001.data

------
Not cleaned:

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------
Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 10 Nov 2012, 7:14 am

I'm going to check with my colleagues about this one. I have no idea why Comodo is showing those items while all the other scans are coming up clean.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 10 Nov 2012, 7:31 am

Hi Super Dave:

I did another scan with Comodo. Just those four items came up again. I will post for you to show to your colleagues. Is Comodo trying to sell me something? When the four items are found a screen shows up that says:

Warning: Four infections found. We recommend you work with a Geek Buddy Certified Microsoft Expert to make sure your computer is completely cleaned and optimized. Let a Geek Buddy assist you now.

------

I am then given two options: Yes, I want an expert to clean it. No, I will clean it myself.

------

Today instead of checking the "No, I will clean it myself" option I clicked on the "yes, I want an expert to clean it."

Guess what Dave? I have to give money to have the items cleaned! Do you know what these four items are? Are they legitmate threats? There is an option to place these items into the IGNORE for future scans area. I am tempted to do that. What do you think?

I am glad you are checking with your colleagues. If the Comodo is just trying to scare people such as myself and sell us things that is not right. I have never had a something like this happen before. My opinion would be that if Comodo is creating these results in order to sell something they should not be highly recommended any more.

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 10 Nov 2012, 7:35 am

Hi Super Dave:

I am sorry I forgot to post the results of the four items that can not be quarantened or cleaned by me alone and need Comodo Geek Buddy assistance. These appear to be the same four items that we have seen in the last few Comodo scans.

------

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 10 Nov 2012, 10:19 am

I am glad you are checking with your colleagues. If the Comodo is just trying to scare people such as myself and sell us things that is not right. I have never had a something like this happen before. My opinion would be that if Comodo is creating these results in order to sell something they should not be highly recommended any more.

Hi Karen, as I suspected those are false-positives from Comodo on your display drivers which is crazy. I would suggest that you dump Comodo and put something like ZoneAlarm free AV and Firewall on your computer.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 10 Nov 2012, 4:03 pm

Hi Super Dave:

Well I tried five times to download Zone Alarm AV and Firewall. It would start to go through the process of downloading and then I would get a message telling me to try later. The message said the download was corrupted or something. I am discouraged about this. I had removed Comodo prior to trying to download the Zone Alarm. I have no choice right now but to reload the Comodo. I can not be without protection. What do you think about putting those four items into the IGNORE area of Comodo?
For future scans those items would be ignored. You indicate the items are false positives so would that cause me any harm or risk?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun 11 Nov 2012, 6:28 am

I can not be without protection. What do you think about putting those four items into the IGNORE area of Comodo?
For future scans those items would be ignored. You indicate the items are false positives so would that cause me any harm or risk?
You could always use the Windows Firewall of just ignore those four items. The choice is yours.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 11 Nov 2012, 11:43 am

Hi Super Dave:

As stated before I could not load Zone Alarm. I did redo Comodo for the firewall and antivirus. I have run two scans. The first scan picked up two things. The second scan picked up five things. In both cases all items were cleaned/quaranteened (sic). It appears that the four items are not back.

I am assuming I am clean and clear now. I think if those four items ever pop up again I will ask for the IGNORE in Comodo. What do you think?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun 11 Nov 2012, 12:59 pm

I am assuming I am clean and clear now. I think if those four items ever pop up again I will ask for the IGNORE in Comodo. What do you think?
I would say that the computer is clean. I've been using Comodo for over two years with no such problems. If it did start acting up, I would dump it in a heartbeat. You could always download ZoneAlarm on another computer and transfer it to your computer.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Sponsored content Today at 6:09 am


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum