Redirect in Google and intermitent slowness

Thank you in advance.

I was originally working with narenxp in the am in the am I infected forum under the topic: Google redirect slowness and svchost overload. I was getting the svchost overload. His process seems to have overcome that issue, but after all of the steps I still get google redirects and I was referred to this topic. I end up at happili, 63.209.69.107, reply.com and several other sites, but most often happili or 63.209.69.107.

Below is the dds log and attached are the other two requested.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by David at 20:10:45 on 2012-03-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.466 [GMT -5:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: CA Personal Firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - c:\program files\road_runner\prxtbRoa0.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - c:\program files\road_runner\prxtbRoa0.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File
{85e0b171-04fa-11d1-b7da-00a0c90348d6}
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Linked&In Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: liveops.com\agents
Trusted Zone: liveops.com\callcenter
Trusted Zone: liveops.com\forums
Trusted Zone: liveops.com\schedule
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: twitter.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.opinionguru.com/CopyGuardIE.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{13EB80E9-A2D4-4CBD-BBE1-8ACD0611CA08} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-5 64512]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-4-8 6097]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-2 95200]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 gupdate1c996a4747a1c94;Google Update Service (gupdate1c996a4747a1c94);c:\program files\google\update\GoogleUpdate.exe [2009-2-24 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 6285;6285;c:\windows\system32\drivers\6285 [2012-1-2 9072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-24 133104]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-3-14 24064]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-2 40552]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-4-8 299923]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
.
=============== Created Last 30 ================
.
2012-03-15 04:14:04 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-10 23:58:24 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{84c863c4-c69e-4352-be2b-cf4baf898c2a}\offreg.dll
2012-03-10 23:52:28 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-03-10 23:52:15 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{84c863c4-c69e-4352-be2b-cf4baf898c2a}\mpengine.dll
2012-03-10 23:52:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-10 17:43:10 -------- d-----w- c:\program files\ESET
2012-03-09 05:53:20 -------- d-sha-r- C:\cmdcons
2012-03-09 05:46:53 98816 ----a-w- c:\windows\sed.exe
2012-03-09 05:46:53 518144 ----a-w- c:\windows\SWREG.exe
2012-03-09 05:46:53 256000 ----a-w- c:\windows\PEV.exe
2012-03-09 05:46:53 208896 ----a-w- c:\windows\MBR.exe
2012-03-09 04:38:18 -------- d-----w- C:\ERDNT
2012-03-09 04:37:33 107473 ----a-w- c:\documents and settings\david\Undo D7PLPP81 20120308 223733.Reg
2012-03-09 01:28:41 108768 ----a-w- c:\documents and settings\david\Undo D7PLPP81 20120308 192841.Reg
2012-03-09 01:14:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-09 00:28:25 236248 ----a-w- c:\documents and settings\david\Undo D7PLPP81 20120308 182825.Reg
2012-03-08 02:30:07 -------- d-----w- C:\found.000
2012-03-07 02:02:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-07 02:02:56 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-25 19:50:45 -------- d-----w- c:\windows\system32\InstallShield Installation Information
2012-02-19 05:00:46 -------- d-----w- c:\documents and settings\david\local settings\application data\Babylon
2012-02-19 05:00:45 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-02-19 05:00:44 -------- d-----w- c:\documents and settings\david\application data\Babylon
2012-02-19 05:00:42 -------- d-----w- c:\program files\FoxTabMusicConverter
2012-02-16 00:56:20 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 00:56:20 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
==================== Find3M ====================
.
2012-03-02 02:44:17 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-02-26 17:05:32 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-02-26 16:52:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-03 01:16:17 1744912 ----a-w- c:\windows\system32\winsflt.dl1
2012-01-03 01:13:25 9072 ----a-w- c:\windows\system32\drivers\6285
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2007-09-07 22:22:14 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 20:14:25.75 ===============

Also, it shows the CA firewall enabled, but I uninstalled CA and am unsure how to fix that.

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

I uninstalled CA a couple of months ago and I do not know why it shows in the list. I cannot find anywhere that I can access anything to be uninstalled.

I have removed AdAware.

I am confused on the backup process. I want to backup my entire system. The only drive I have is the C: drive and it has a little over a 100gb on it and it has a capacity of 144gb. Do I just create a folder on the desktop to save the backup image to? Since I do not have another computer or external hard drive and do not plan to get one, would I be able to put it all on a DVD?

I am trying to use DriveImage XML and keep getting the error that vssvc is not running, but it is running in task manager. It says something about registering some dll's in the help link, but I have no idea how to do that.

Hello


I have not tried either of those programs but I would at a bare minimum would be to put any pictures or documents music anything you do not want to lose on CD/DVD or a pen drive



gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

This topic has been re-opened at the request of the person who originally posted.

I am working on the backup now......seem to have a few other issues now. AVG messages on windows items that I think are another virus affecting AVG. Also on opening firefox additional tabs popup that have warnings from wot.

I will be here when you are ready to send me the report


gringo

I have had more issues as well. I can only go on-line now with seamonkey. Firefox and internet explorer will not open, however when I shutdown I get a message that it is run and not responding and I have to end process.

did you run combofix and what happens when you try to run firefox?


gringo

When I try to run combofix I get a warning that CA Anti-virus Plus is running and that the above real-time scanner is still active. I do not have CA. I did at one time but deleted it and I can not find any parts of it with REVO uninstaller. \Combofix says continuing may cause machine damage. How do I get it to stop showing CA Anti-virus and firewall?

I said ok and it ran for about 30 minutes. Firefox loads and runs, but I still get redirects in Google.

Here is the ComboFix log:

ComboFix 12-04-01.03 - David 04/02/2012 22:34:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.502 [GMT -5:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: CA Personal Firewall *Enabled* {C3E7091E-E650-4951-B8A4-1F00252D52C3}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-01 21:37 . 2012-04-01 21:37 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com
2012-04-01 21:36 . 2012-04-02 23:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-01 21:36 . 2012-04-01 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-01 21:17 . 2012-04-01 21:17 -------- d-----w- c:\documents and settings\David\Application Data\WinPatrol
2012-04-01 21:17 . 2012-04-01 21:17 -------- d-----w- c:\program files\BillP Studios
2012-04-01 21:17 . 2012-04-01 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-04-01 18:40 . 2012-04-01 18:40 -------- d-----w- c:\documents and settings\David\Application Data\CyberLink
2012-04-01 18:40 . 2012-04-01 18:40 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\PowerDVD
2012-04-01 05:01 . 2012-04-01 05:01 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-01 03:52 . 2012-04-01 05:10 -------- d-----w- c:\program files\PC Tools
2012-04-01 03:49 . 2012-04-01 05:10 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-01 03:49 . 2012-02-24 15:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-01 03:49 . 2012-04-01 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-01 03:49 . 2012-04-01 03:49 -------- d-----w- c:\documents and settings\David\Application Data\TestApp
2012-03-31 23:49 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-03-31 23:49 . 2012-03-31 23:49 -------- d-----w- c:\program files\VS Revo Group
2012-03-31 09:32 . 2012-03-31 09:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-31 05:00 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 02:50 . 2012-03-31 02:50 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-31 02:19 . 2012-03-31 02:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 23:34 . 2011-12-23 20:24 277504 ----a-w- c:\windows\SERecat.exe
2012-03-30 23:34 . 2011-12-23 20:24 275968 ----a-w- c:\windows\sediag.exe
2012-03-30 23:34 . 2011-12-23 20:24 331264 ----a-w- c:\windows\system32\ICF.dll
2012-03-30 23:34 . 2011-12-23 20:24 318464 ----a-w- c:\windows\system32\seinst.dll
2012-03-30 23:34 . 2012-03-30 23:52 -------- d-----w- c:\program files\Internet Content Filter
2012-03-30 23:29 . 2011-12-06 22:22 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-03-30 23:29 . 2011-10-15 17:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-03-30 23:29 . 2011-10-15 17:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-03-30 23:29 . 2011-10-15 17:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-30 23:29 . 2011-10-15 17:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-03-30 23:29 . 2011-10-15 17:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-30 23:29 . 2011-10-15 17:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-03-30 23:29 . 2011-10-15 17:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-03-30 23:29 . 2011-10-15 17:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-30 23:29 . 2012-03-30 23:29 -------- d-----w- c:\program files\McAfee.com
2012-03-30 23:24 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-28 00:31 . 2012-03-28 00:31 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\WinZip
2012-03-17 02:06 . 2012-04-01 18:42 -------- d-----w- c:\windows\system32\NtmsData
2012-03-16 23:46 . 2012-03-16 23:46 -------- d-----w- c:\program files\Runtime Software
2012-03-12 23:29 . 2012-03-12 23:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-12 23:27 . 2012-03-12 23:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-10 23:52 . 2012-02-23 15:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-10 17:43 . 2012-03-10 17:43 -------- d-----w- c:\program files\ESET
2012-03-09 04:38 . 2012-03-31 22:13 -------- d-----w- C:\ERDNT
2012-03-09 04:37 . 2012-03-09 04:37 107473 ----a-w- c:\documents and settings\David\Undo D7PLPP81 20120308 223733.Reg
2012-03-09 01:28 . 2012-03-09 01:28 108768 ----a-w- c:\documents and settings\David\Undo D7PLPP81 20120308 192841.Reg
2012-03-09 01:14 . 2012-03-09 01:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-09 00:28 . 2012-03-09 00:28 236248 ----a-w- c:\documents and settings\David\Undo D7PLPP81 20120308 182825.Reg
2012-03-08 02:39 . 2012-03-08 02:39 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-03-08 02:39 . 2012-03-08 02:39 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-03-08 02:39 . 2012-03-08 02:39 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-03-08 02:39 . 2012-03-08 02:39 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-03-08 02:30 . 2012-03-08 02:30 -------- d-----w- C:\found.000
2012-03-08 00:17 . 2012-03-08 00:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2012-03-07 02:47 . 2012-03-07 02:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-07 02:02 . 2012-03-07 02:02 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 05:20 . 2004-08-19 20:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-31 03:17 . 2004-08-19 20:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-31 02:50 . 2011-05-15 12:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-02 02:44 . 2009-02-14 21:32 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-02-03 09:22 . 2004-08-19 20:49 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 00:56 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-19 21:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2007-09-07 22:22 . 2007-09-07 22:22 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-03-13 04:39 . 2012-04-01 23:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4878b45-e2c0-4307-b6e8-734922f92f5b}"= "c:\program files\Road_Runner\prxtbRoa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Road_Runner\prxtbRoa0.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E4878B45-E2C0-4307-B6E8-734922F92F5B}"= "c:\program files\Road_Runner\prxtbRoa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"ICF"="c:\program files\Internet Content Filter\mfp.exe" [2011-12-23 1728512]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-03-25 329312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 23:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2004-03-11 20:50 28672 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 11:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 00:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-23 17:43 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [4/8/2006 1:43 PM 6097]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/30/2012 6:29 PM 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [3/30/2012 6:34 PM 236032]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/30/2012 6:29 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/30/2012 6:29 PM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/30/2012 6:24 PM 150856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/30/2012 6:29 PM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/30/2012 6:29 PM 83856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c996a4747a1c94;Google Update Service (gupdate1c996a4747a1c94);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 12:22 PM 133104]
S3 6285;6285;c:\windows\system32\drivers\6285 [1/2/2012 8:13 PM 9072]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 9:19 PM 253600]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/30/2012 6:29 PM 57600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 12:22 PM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/30/2012 6:29 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/30/2012 6:29 PM 87656]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [3/31/2012 6:49 PM 27064]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [4/8/2006 1:43 PM 299923]
S3 TrufosAlt;TrufosAlt;c:\windows\system32\drivers\TrufosAlt.sys [4/1/2012 12:01 AM 335504]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 5:51 PM 24652]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AtiPcie
procexp111
RTHDMIAzAudService
symfw
ATIBTCAP
dlaopiom
artdhcp
PSI_SVC_2
OneCareMP
upsmonservice
pca
nhcDriverDevice
Sntnlusb
aamqdispatcher
amdppm
netmdsb
stcagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:50]
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce5fdf0b852c0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 17:22]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 17:22]
.
2010-07-01 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-06-27 22:20]
.
2012-02-12 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-06-27 22:20]
.
2010-08-20 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-06-27 22:19]
.
2010-08-15 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-06-27 22:19]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Linked&In Search
LSP: ICF.dll
Trusted Zone: liveops.com\agents
Trusted Zone: liveops.com\callcenter
Trusted Zone: liveops.com\forums
Trusted Zone: liveops.com\schedule
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: twitter.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.opinionguru.com/CopyGuardIE.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\1kctik05.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.timewarnercable.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 10cf5f0500000000000000123f786464
FF - user.js: extensions.BabylonToolbar_i.hardId - 10cf5f0500000000000000123f786464
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15389
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NecUsb3Sevices - USB3Sw32.dll
SafeBoot-13830618.sys
SafeBoot-71710081.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\6285]
"ImagePath"="System32\DRIVERS\6285"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sy@"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2147524885-2867873197-536631381-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1100)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1156)
c:\windows\system32\ICF.dll
.
- - - - - - - > 'explorer.exe'(480)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msdtc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-02 23:02:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 04:02
ComboFix2.txt 2012-03-09 06:37
.
Pre-Run: 58,384,076,800 bytes free
Post-Run: 58,516,340,736 bytes free
.
- - End Of File - - ED458B113A2F30CD68FC65E28D57A734

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Both ran without any issues, but I still get the redirects and I am concerned that it shows active firewall and AV that are not installed.

Thanks,

Here are the logs:

18:06:00.0359 1044 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:06:01.0125 1044 ============================================================
18:06:01.0125 1044 Current date / time: 2012/04/03 18:06:01.0125
18:06:01.0125 1044 SystemInfo:
18:06:01.0125 1044
18:06:01.0125 1044 OS Version: 5.1.2600 ServicePack: 3.0
18:06:01.0125 1044 Product type: Workstation
18:06:01.0125 1044 ComputerName: D7PLPP81
18:06:01.0125 1044 UserName: David
18:06:01.0125 1044 Windows directory: C:\WINDOWS
18:06:01.0125 1044 System windows directory: C:\WINDOWS
18:06:01.0125 1044 Processor architecture: Intel x86
18:06:01.0125 1044 Number of processors: 2
18:06:01.0125 1044 Page size: 0x1000
18:06:01.0125 1044 Boot type: Normal boot
18:06:01.0125 1044 ============================================================
18:06:01.0500 1044 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:06:01.0546 1044 \Device\Harddisk0\DR0:
18:06:01.0546 1044 MBR used
18:06:01.0546 1044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1209CE16
18:06:01.0578 1044 Initialize success
18:06:01.0578 1044 ============================================================
18:06:02.0921 3396 ============================================================
18:06:02.0921 3396 Scan started
18:06:02.0921 3396 Mode: Manual;
18:06:02.0921 3396 ============================================================
18:06:03.0406 3396 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:06:03.0406 3396 !SASCORE - ok
18:06:03.0531 3396 6285 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\6285
18:06:03.0531 3396 6285 - ok
18:06:03.0546 3396 aamqdispatcher - ok
18:06:03.0578 3396 Abiosdsk - ok
18:06:03.0640 3396 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:06:03.0640 3396 abp480n5 - ok
18:06:03.0687 3396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:06:03.0687 3396 ACPI - ok
18:06:03.0734 3396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:06:03.0734 3396 ACPIEC - ok
18:06:03.0843 3396 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:06:03.0843 3396 AdobeFlashPlayerUpdateSvc - ok
18:06:03.0859 3396 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:06:03.0859 3396 adpu160m - ok
18:06:03.0890 3396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:06:03.0890 3396 aec - ok
18:06:03.0937 3396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:06:03.0937 3396 AFD - ok
18:06:03.0984 3396 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:06:03.0984 3396 agp440 - ok
18:06:04.0000 3396 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:06:04.0000 3396 agpCPQ - ok
18:06:04.0046 3396 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:06:04.0046 3396 Aha154x - ok
18:06:04.0062 3396 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:06:04.0062 3396 aic78u2 - ok
18:06:04.0078 3396 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:06:04.0078 3396 aic78xx - ok
18:06:04.0125 3396 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:06:04.0125 3396 Alerter - ok
18:06:04.0156 3396 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:06:04.0156 3396 ALG - ok
18:06:04.0171 3396 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:06:04.0171 3396 AliIde - ok
18:06:04.0218 3396 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:06:04.0218 3396 alim1541 - ok
18:06:04.0234 3396 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:06:04.0234 3396 amdagp - ok
18:06:04.0250 3396 amdppm - ok
18:06:04.0265 3396 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:06:04.0265 3396 amsint - ok
18:06:04.0375 3396 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:06:04.0375 3396 Apple Mobile Device - ok
18:06:04.0421 3396 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:06:04.0421 3396 AppMgmt - ok
18:06:04.0453 3396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:06:04.0453 3396 Arp1394 - ok
18:06:04.0484 3396 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:06:04.0484 3396 asc - ok
18:06:04.0500 3396 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:06:04.0500 3396 asc3350p - ok
18:06:04.0515 3396 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:06:04.0515 3396 asc3550 - ok
18:06:04.0625 3396 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
18:06:04.0625 3396 aspnet_state - ok
18:06:04.0656 3396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:06:04.0656 3396 AsyncMac - ok
18:06:04.0687 3396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:06:04.0687 3396 atapi - ok
18:06:04.0718 3396 Atdisk - ok
18:06:04.0781 3396 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
18:06:04.0781 3396 Ati HotKey Poller - ok
18:06:04.0859 3396 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:06:04.0875 3396 ati2mtag - ok
18:06:04.0890 3396 AtiPcie - ok
18:06:04.0921 3396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:06:04.0921 3396 Atmarpc - ok
18:06:04.0968 3396 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:06:04.0968 3396 AudioSrv - ok
18:06:05.0000 3396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:06:05.0000 3396 audstub - ok
18:06:05.0015 3396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:06:05.0015 3396 Beep - ok
18:06:05.0062 3396 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:06:05.0078 3396 BITS - ok
18:06:05.0156 3396 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:06:05.0156 3396 Bonjour Service - ok
18:06:05.0187 3396 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:06:05.0187 3396 Browser - ok
18:06:05.0203 3396 bvrp_pci - ok
18:06:05.0203 3396 catchme - ok
18:06:05.0234 3396 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:06:05.0234 3396 cbidf - ok
18:06:05.0250 3396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:06:05.0250 3396 cbidf2k - ok
18:06:05.0265 3396 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:06:05.0265 3396 CCDECODE - ok
18:06:05.0296 3396 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:06:05.0296 3396 cd20xrnt - ok
18:06:05.0312 3396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:06:05.0312 3396 Cdaudio - ok
18:06:05.0328 3396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:06:05.0328 3396 Cdfs - ok
18:06:05.0359 3396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:06:05.0359 3396 Cdrom - ok
18:06:05.0390 3396 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
18:06:05.0390 3396 cfwids - ok
18:06:05.0406 3396 Changer - ok
18:06:05.0437 3396 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:06:05.0437 3396 CiSvc - ok
18:06:05.0468 3396 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:06:05.0468 3396 ClipSrv - ok
18:06:05.0515 3396 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:06:05.0515 3396 CmdIde - ok
18:06:05.0515 3396 COMSysApp - ok
18:06:05.0546 3396 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:06:05.0546 3396 Cpqarray - ok
18:06:05.0593 3396 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
18:06:05.0593 3396 Creative Service for CDROM Access - ok
18:06:05.0609 3396 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:06:05.0609 3396 CryptSvc - ok
18:06:05.0640 3396 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
18:06:05.0656 3396 ctac32k - ok
18:06:05.0703 3396 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:06:05.0718 3396 ctaud2k - ok
18:06:05.0750 3396 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
18:06:05.0750 3396 ctdvda2k - ok
18:06:05.0765 3396 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:06:05.0765 3396 ctprxy2k - ok
18:06:05.0796 3396 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:06:05.0796 3396 ctsfm2k - ok
18:06:05.0828 3396 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:06:05.0843 3396 dac2w2k - ok
18:06:05.0859 3396 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:06:05.0859 3396 dac960nt - ok
18:06:05.0906 3396 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:06:05.0906 3396 DcomLaunch - ok
18:06:05.0953 3396 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:06:05.0953 3396 Dhcp - ok
18:06:06.0015 3396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:06:06.0015 3396 Disk - ok
18:06:06.0015 3396 dlaopiom - ok
18:06:06.0031 3396 dmadmin - ok
18:06:06.0078 3396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:06:06.0093 3396 dmboot - ok
18:06:06.0093 3396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:06:06.0109 3396 dmio - ok
18:06:06.0125 3396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:06:06.0125 3396 dmload - ok
18:06:06.0156 3396 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:06:06.0171 3396 dmserver - ok
18:06:06.0187 3396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:06:06.0187 3396 DMusic - ok
18:06:06.0234 3396 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:06:06.0234 3396 Dnscache - ok
18:06:06.0281 3396 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:06:06.0281 3396 Dot3svc - ok
18:06:06.0312 3396 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:06:06.0312 3396 dpti2o - ok
18:06:06.0359 3396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:06:06.0359 3396 drmkaud - ok
18:06:06.0406 3396 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:06:06.0406 3396 drvmcdb - ok
18:06:06.0421 3396 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
18:06:06.0421 3396 drvnddm - ok
18:06:06.0531 3396 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
18:06:06.0531 3396 DSBrokerService - ok
18:06:06.0578 3396 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:06:06.0578 3396 DSproct - ok
18:06:06.0593 3396 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
18:06:06.0593 3396 dsunidrv - ok
18:06:06.0640 3396 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:06:06.0640 3396 E100B - ok
18:06:06.0671 3396 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:06:06.0671 3396 e1express - ok
18:06:06.0703 3396 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:06:06.0703 3396 EapHost - ok
18:06:06.0781 3396 ehRecvr (63f371f0248e3732a4821f86e6d0e370) C:\WINDOWS\eHome\ehRecvr.exe
18:06:06.0781 3396 ehRecvr - ok
18:06:06.0828 3396 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
18:06:06.0828 3396 ehSched - ok
18:06:06.0875 3396 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
18:06:06.0875 3396 emupia - ok
18:06:06.0921 3396 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:06:06.0921 3396 ERSvc - ok
18:06:06.0968 3396 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:06:06.0968 3396 Eventlog - ok
18:06:07.0015 3396 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:06:07.0015 3396 EventSystem - ok
18:06:07.0062 3396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:06:07.0062 3396 Fastfat - ok
18:06:07.0109 3396 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:06:07.0109 3396 FastUserSwitchingCompatibility - ok
18:06:07.0156 3396 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:06:07.0156 3396 Fax - ok
18:06:07.0187 3396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:06:07.0187 3396 Fdc - ok
18:06:07.0203 3396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:06:07.0203 3396 Fips - ok
18:06:07.0234 3396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:06:07.0234 3396 Flpydisk - ok
18:06:07.0281 3396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:06:07.0281 3396 FltMgr - ok
18:06:07.0343 3396 fpUpdateSvc (8654a274c46c9cb242bf2d75caeb250a) C:\Program Files\Internet Content Filter\UpdateService.exe
18:06:07.0359 3396 fpUpdateSvc - ok
18:06:07.0406 3396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:06:07.0406 3396 Fs_Rec - ok
18:06:07.0437 3396 FTDIBUS (782f67cfc6c362257916bbb50bc55de9) C:\WINDOWS\system32\drivers\ftdibus.sys
18:06:07.0437 3396 FTDIBUS - ok
18:06:07.0453 3396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:06:07.0453 3396 Ftdisk - ok
18:06:07.0500 3396 FTSER2K (4a995111f44cd6f35775865903f4f41e) C:\WINDOWS\system32\drivers\ftser2k.sys
18:06:07.0500 3396 FTSER2K - ok
18:06:07.0531 3396 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:06:07.0531 3396 gameenum - ok
18:06:07.0562 3396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:06:07.0562 3396 GEARAspiWDM - ok
18:06:07.0593 3396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:06:07.0593 3396 Gpc - ok
18:06:07.0687 3396 gupdate1c996a4747a1c94 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:06:07.0687 3396 gupdate1c996a4747a1c94 - ok
18:06:07.0703 3396 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:06:07.0703 3396 gupdatem - ok
18:06:07.0796 3396 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
18:06:07.0796 3396 ha10kx2k - ok
18:06:07.0828 3396 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
18:06:07.0828 3396 hap16v2k - ok
18:06:07.0859 3396 helpsvc - ok
18:06:07.0875 3396 HidServ - ok
18:06:07.0921 3396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:06:07.0921 3396 HidUsb - ok
18:06:07.0968 3396 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:06:07.0968 3396 hkmsvc - ok
18:06:08.0015 3396 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:06:08.0015 3396 hpn - ok
18:06:08.0171 3396 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:06:08.0171 3396 hpqcxs08 - ok
18:06:08.0218 3396 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:06:08.0218 3396 hpqddsvc - ok
18:06:08.0296 3396 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:06:08.0296 3396 HPZid412 - ok
18:06:08.0343 3396 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:06:08.0343 3396 HPZipr12 - ok
18:06:08.0390 3396 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:06:08.0390 3396 HPZius12 - ok
18:06:08.0421 3396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:06:08.0421 3396 HTTP - ok
18:06:08.0453 3396 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:06:08.0453 3396 HTTPFilter - ok
18:06:08.0484 3396 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:06:08.0484 3396 i2omgmt - ok
18:06:08.0515 3396 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:06:08.0515 3396 i2omp - ok
18:06:08.0546 3396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:06:08.0546 3396 i8042prt - ok
18:06:08.0640 3396 IAANTMon (d43e91e271c041bb86a6223462a41d28) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
18:06:08.0640 3396 IAANTMon - ok
18:06:08.0718 3396 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
18:06:08.0718 3396 iastor - ok
18:06:08.0765 3396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:06:08.0765 3396 Imapi - ok
18:06:08.0812 3396 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:06:08.0812 3396 ImapiService - ok
18:06:08.0859 3396 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:06:08.0859 3396 ini910u - ok
18:06:08.0875 3396 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:06:08.0875 3396 IntelIde - ok
18:06:08.0906 3396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:06:08.0921 3396 intelppm - ok
18:06:08.0953 3396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:06:08.0953 3396 Ip6Fw - ok
18:06:08.0984 3396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:06:08.0984 3396 IpFilterDriver - ok
18:06:09.0015 3396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:06:09.0015 3396 IpInIp - ok
18:06:09.0046 3396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:06:09.0062 3396 IpNat - ok
18:06:09.0187 3396 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
18:06:09.0187 3396 iPod Service - ok
18:06:09.0218 3396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:06:09.0218 3396 IPSec - ok
18:06:09.0234 3396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:06:09.0250 3396 IRENUM - ok
18:06:09.0265 3396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:06:09.0265 3396 isapnp - ok
18:06:09.0375 3396 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
18:06:09.0375 3396 JavaQuickStarterService - ok
18:06:09.0421 3396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sy@
18:06:09.0421 3396 Kbdclass - ok
18:06:09.0437 3396 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:06:09.0437 3396 kbdhid - ok
18:06:09.0453 3396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:06:09.0453 3396 kmixer - ok
18:06:09.0484 3396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:06:09.0484 3396 KSecDD - ok
18:06:09.0515 3396 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:06:09.0531 3396 lanmanserver - ok
18:06:09.0578 3396 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:06:09.0578 3396 lanmanworkstation - ok
18:06:09.0593 3396 Lbd - ok
18:06:09.0609 3396 lbrtfdc - ok
18:06:09.0656 3396 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:06:09.0656 3396 LmHosts - ok
18:06:09.0890 3396 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:06:09.0890 3396 mcmscsvc - ok
18:06:09.0953 3396 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:06:09.0953 3396 McNaiAnn - ok
18:06:10.0015 3396 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:06:10.0015 3396 McNASvc - ok
18:06:10.0218 3396 McODS (e8c5aae17e8332f5f4f57935238cd5eb) C:\Program Files\McAfee\VirusScan\mcods.exe
18:06:10.0218 3396 McODS - ok
18:06:10.0453 3396 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:06:10.0453 3396 McProxy - ok
18:06:10.0609 3396 McShield (151f3ca25b739b9cb0066abd1523f064) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:06:10.0609 3396 McShield - ok
18:06:10.0812 3396 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:06:10.0812 3396 MDM - ok
18:06:11.0078 3396 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:06:11.0078 3396 Messenger - ok
18:06:11.0343 3396 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
18:06:11.0359 3396 mfeapfk - ok
18:06:11.0531 3396 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:06:11.0531 3396 mfeavfk - ok
18:06:11.0671 3396 mfeavfk01 - ok
18:06:11.0828 3396 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
18:06:11.0828 3396 mfebopk - ok
18:06:11.0968 3396 mfefire (26ba2eebcff16f611ce1118fa0850810) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:06:11.0968 3396 mfefire - ok
18:06:12.0015 3396 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
18:06:12.0031 3396 mfefirek - ok
18:06:12.0078 3396 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
18:06:12.0078 3396 mfehidk - ok
18:06:12.0125 3396 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:06:12.0125 3396 mfendisk - ok
18:06:12.0140 3396 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:06:12.0140 3396 mfendiskmp - ok
18:06:12.0171 3396 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
18:06:12.0171 3396 mferkdet - ok
18:06:12.0218 3396 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
18:06:12.0218 3396 mferkdk - ok
18:06:12.0265 3396 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
18:06:12.0265 3396 mfesmfk - ok
18:06:12.0296 3396 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
18:06:12.0296 3396 mfetdi2k - ok
18:06:12.0343 3396 mfevtp (e91c36e76e6395f233b3ae2ebc17251e) C:\WINDOWS\system32\mfevtps.exe
18:06:12.0343 3396 mfevtp - ok
18:06:12.0390 3396 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:06:12.0390 3396 MHN - ok
18:06:12.0421 3396 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:06:12.0421 3396 MHNDRV - ok
18:06:12.0437 3396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:06:12.0453 3396 mnmdd - ok
18:06:12.0484 3396 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:06:12.0484 3396 mnmsrvc - ok
18:06:12.0531 3396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:06:12.0531 3396 Modem - ok
18:06:12.0578 3396 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:06:12.0578 3396 MODEMCSA - ok
18:06:12.0609 3396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:06:12.0609 3396 Mouclass - ok
18:06:12.0640 3396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:06:12.0640 3396 mouhid - ok
18:06:12.0671 3396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:06:12.0671 3396 MountMgr - ok
18:06:12.0703 3396 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:06:12.0703 3396 mraid35x - ok
18:06:12.0734 3396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:06:12.0734 3396 MRxDAV - ok
18:06:12.0750 3396 MRxSmb - ok
18:06:12.0796 3396 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:06:12.0796 3396 MSDTC - ok
18:06:12.0812 3396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:06:12.0812 3396 Msfs - ok
18:06:12.0812 3396 MSIServer - ok
18:06:12.0843 3396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:06:12.0843 3396 MSKSSRV - ok
18:06:12.0859 3396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:06:12.0859 3396 MSPCLOCK - ok
18:06:12.0875 3396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:06:12.0890 3396 MSPQM - ok
18:06:12.0921 3396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:06:12.0921 3396 mssmbios - ok
18:06:12.0984 3396 MSSQL$MICROSOFTBCM - ok
18:06:13.0031 3396 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
18:06:13.0031 3396 MSSQLServerADHelper - ok
18:06:13.0062 3396 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:06:13.0062 3396 MSTEE - ok
18:06:13.0093 3396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:06:13.0109 3396 Mup - ok
18:06:13.0140 3396 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:06:13.0140 3396 NABTSFEC - ok
18:06:13.0187 3396 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:06:13.0187 3396 napagent - ok
18:06:13.0203 3396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:06:13.0203 3396 NDIS - ok
18:06:13.0234 3396 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:06:13.0234 3396 NdisIP - ok
18:06:13.0281 3396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:06:13.0281 3396 NdisTapi - ok
18:06:13.0296 3396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:06:13.0296 3396 Ndisuio - ok
18:06:13.0312 3396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:06:13.0312 3396 NdisWan - ok
18:06:13.0343 3396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:06:13.0343 3396 NDProxy - ok
18:06:13.0375 3396 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
18:06:13.0375 3396 Net Driver HPZ12 - ok
18:06:13.0406 3396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:06:13.0406 3396 NetBIOS - ok
18:06:13.0453 3396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:06:13.0453 3396 NetBT - ok
18:06:13.0515 3396 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:06:13.0515 3396 NetDDE - ok
18:06:13.0515 3396 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:06:13.0515 3396 NetDDEdsdm - ok
18:06:13.0562 3396 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:06:13.0562 3396 Netlogon - ok
18:06:13.0593 3396 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:06:13.0593 3396 Netman - ok
18:06:13.0609 3396 netmdsb - ok
18:06:13.0750 3396 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
18:06:13.0750 3396 NetSvc - ok
18:06:13.0765 3396 nhcDriverDevice - ok
18:06:13.0812 3396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:06:13.0812 3396 NIC1394 - ok
18:06:13.0875 3396 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:06:13.0875 3396 Nla - ok
18:06:13.0968 3396 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
18:06:13.0968 3396 nmservice - ok
18:06:14.0000 3396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:06:14.0000 3396 Npfs - ok
18:06:14.0046 3396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:06:14.0062 3396 Ntfs - ok
18:06:14.0109 3396 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:06:14.0109 3396 NtLmSsp - ok
18:06:14.0140 3396 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:06:14.0156 3396 NtmsSvc - ok
18:06:14.0203 3396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:06:14.0203 3396 Null - ok
18:06:14.0296 3396 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:06:14.0312 3396 nv - ok
18:06:14.0343 3396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:06:14.0343 3396 NwlnkFlt - ok
18:06:14.0359 3396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:06:14.0359 3396 NwlnkFwd - ok
18:06:14.0390 3396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:06:14.0390 3396 ohci1394 - ok
18:06:14.0453 3396 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:06:14.0453 3396 ose - ok
18:06:14.0500 3396 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:06:14.0500 3396 ossrv - ok
18:06:14.0546 3396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:06:14.0546 3396 Parport - ok
18:06:14.0562 3396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:06:14.0562 3396 PartMgr - ok
18:06:14.0578 3396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:06:14.0578 3396 ParVdm - ok
18:06:14.0593 3396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:06:14.0593 3396 PCI - ok
18:06:14.0609 3396 PCIDump - ok
18:06:14.0640 3396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:06:14.0640 3396 PCIIde - ok
18:06:14.0671 3396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:06:14.0671 3396 Pcmcia - ok
18:06:14.0687 3396 PDCOMP - ok
18:06:14.0703 3396 PDFRAME - ok
18:06:14.0718 3396 PDRELI - ok
18:06:14.0734 3396 PDRFRAME - ok
18:06:14.0765 3396 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:06:14.0765 3396 perc2 - ok
18:06:14.0796 3396 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:06:14.0796 3396 perc2hib - ok
18:06:14.0859 3396 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
18:06:14.0859 3396 PfModNT - ok
18:06:14.0906 3396 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:06:14.0906 3396 PlugPlay - ok
18:06:14.0953 3396 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
18:06:14.0953 3396 Pml Driver HPZ12 - ok
18:06:15.0000 3396 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
18:06:15.0000 3396 pnarp - ok
18:06:15.0046 3396 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:06:15.0046 3396 PolicyAgent - ok
18:06:15.0093 3396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:06:15.0093 3396 PptpMiniport - ok
18:06:15.0109 3396 procexp111 - ok
18:06:15.0125 3396 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:06:15.0125 3396 ProtectedStorage - ok
18:06:15.0156 3396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:06:15.0156 3396 PSched - ok
18:06:15.0171 3396 PSI_SVC_2 - ok
18:06:15.0187 3396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:06:15.0187 3396 Ptilink - ok
18:06:15.0218 3396 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
18:06:15.0218 3396 purendis - ok
18:06:15.0265 3396 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:06:15.0265 3396 PxHelp20 - ok
18:06:15.0312 3396 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:06:15.0312 3396 ql1080 - ok
18:06:15.0328 3396 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:06:15.0328 3396 Ql10wnt - ok
18:06:15.0343 3396 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:06:15.0343 3396 ql12160 - ok
18:06:15.0375 3396 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:06:15.0375 3396 ql1240 - ok
18:06:15.0375 3396 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:06:15.0390 3396 ql1280 - ok
18:06:15.0421 3396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:06:15.0421 3396 RasAcd - ok
18:06:15.0468 3396 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:06:15.0468 3396 RasAuto - ok
18:06:15.0515 3396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:06:15.0515 3396 Rasl2tp - ok
18:06:15.0562 3396 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:06:15.0562 3396 RasMan - ok
18:06:15.0578 3396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:06:15.0593 3396 RasPppoe - ok
18:06:15.0609 3396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:06:15.0609 3396 Raspti - ok
18:06:15.0625 3396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:06:15.0640 3396 Rdbss - ok
18:06:15.0656 3396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:06:15.0656 3396 RDPCDD - ok
18:06:15.0703 3396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:06:15.0703 3396 rdpdr - ok
18:06:15.0750 3396 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:06:15.0750 3396 RDPWD - ok
18:06:15.0812 3396 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:06:15.0812 3396 RDSessMgr - ok
18:06:15.0843 3396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:06:15.0843 3396 redbook - ok
18:06:15.0906 3396 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:06:15.0906 3396 RemoteAccess - ok
18:06:15.0953 3396 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:06:15.0953 3396 RemoteRegistry - ok
18:06:15.0984 3396 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
18:06:15.0984 3396 Revoflt - ok
18:06:16.0015 3396 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:06:16.0031 3396 RimUsb - ok
18:06:16.0062 3396 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
18:06:16.0062 3396 RimVSerPort - ok
18:06:16.0109 3396 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:06:16.0109 3396 ROOTMODEM - ok
18:06:16.0234 3396 Roxio UPnP Renderer 9 (974507411bb4ffdbf9ddf9095160f9b1) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
18:06:16.0234 3396 Roxio UPnP Renderer 9 - ok
18:06:16.0265 3396 Roxio Upnp Server 9 (63f59f6dce646c6ecad1469ae0666422) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
18:06:16.0265 3396 Roxio Upnp Server 9 - ok
18:06:16.0343 3396 RoxLiveShare9 (373f059b74dbb6420e4b92dab9da5037) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
18:06:16.0343 3396 RoxLiveShare9 - ok
18:06:16.0406 3396 RoxMediaDB9 (67008eb6fb1778a394bc1f2c895d25a9) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:06:16.0406 3396 RoxMediaDB9 - ok
18:06:16.0453 3396 RoxWatch9 (f193446ae4dc16944370b9bcdb5eb830) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:06:16.0453 3396 RoxWatch9 - ok
18:06:16.0531 3396 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:06:16.0531 3396 RpcLocator - ok
18:06:16.0578 3396 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:06:16.0593 3396 RpcSs - ok
18:06:16.0640 3396 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:06:16.0640 3396 RSVP - ok
18:06:16.0656 3396 RTHDMIAzAudService - ok
18:06:16.0687 3396 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:06:16.0687 3396 SamSs - ok
18:06:16.0796 3396 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:06:16.0796 3396 SASDIFSV - ok
18:06:16.0812 3396 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:06:16.0812 3396 SASKUTIL - ok
18:06:16.0843 3396 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:06:16.0859 3396 SCardSvr - ok
18:06:16.0890 3396 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:06:16.0906 3396 Schedule - ok
18:06:16.0968 3396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:06:16.0968 3396 Secdrv - ok
18:06:17.0015 3396 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:06:17.0015 3396 seclogon - ok
18:06:17.0062 3396 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:06:17.0062 3396 SENS - ok
18:06:17.0109 3396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:06:17.0109 3396 serenum - ok
18:06:17.0140 3396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:06:17.0140 3396 Serial - ok
18:06:17.0187 3396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:06:17.0187 3396 Sfloppy - ok
18:06:17.0343 3396 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:06:17.0359 3396 SharedAccess - ok
18:06:17.0437 3396 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:06:17.0437 3396 ShellHWDetection - ok
18:06:17.0484 3396 Simbad - ok
18:06:17.0531 3396 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:06:17.0531 3396 sisagp - ok
18:06:17.0578 3396 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:06:17.0578 3396 SLIP - ok
18:06:17.0593 3396 Sntnlusb - ok
18:06:17.0640 3396 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
18:06:17.0640 3396 sonyhcb - ok
18:06:17.0812 3396 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
18:06:17.0812 3396 sonyhcs - ok
18:06:17.0890 3396 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:06:17.0890 3396 Sparrow - ok
18:06:18.0015 3396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:06:18.0015 3396 splitter - ok
18:06:18.0062 3396 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:06:18.0062 3396 Spooler - ok
18:06:18.0125 3396 SQLAgent$MICROSOFTBCM - ok
18:06:18.0187 3396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:06:18.0187 3396 sr - ok
18:06:18.0296 3396 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:06:18.0296 3396 srservice - ok
18:06:18.0359 3396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:06:18.0375 3396 Srv - ok
18:06:18.0406 3396 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:06:18.0406 3396 sscdbhk5 - ok
18:06:18.0437 3396 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:06:18.0437 3396 SSDPSRV - ok
18:06:18.0515 3396 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
18:06:18.0515 3396 ssrtln - ok
18:06:18.0531 3396 stcagent - ok
18:06:18.0578 3396 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:06:18.0578 3396 stisvc - ok
18:06:18.0718 3396 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:06:18.0718 3396 streamip - ok
18:06:18.0890 3396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:06:18.0890 3396 swenum - ok
18:06:18.0937 3396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:06:18.0937 3396 swmidi - ok
18:06:18.0937 3396 SwPrv - ok
18:06:18.0984 3396 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:06:18.0984 3396 symc810 - ok
18:06:19.0000 3396 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:06:19.0000 3396 symc8xx - ok
18:06:19.0015 3396 symfw - ok
18:06:19.0031 3396 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:06:19.0031 3396 sym_hi - ok
18:06:19.0062 3396 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:06:19.0062 3396 sym_u3 - ok
18:06:19.0093 3396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:06:19.0093 3396 sysaudio - ok
18:06:19.0140 3396 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:06:19.0156 3396 SysmonLog - ok
18:06:19.0203 3396 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:06:19.0203 3396 TapiSrv - ok
18:06:19.0250 3396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:06:19.0265 3396 Tcpip - ok
18:06:19.0296 3396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:06:19.0296 3396 TDPIPE - ok
18:06:19.0328 3396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:06:19.0328 3396 TDTCP - ok
18:06:19.0359 3396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:06:19.0359 3396 TermDD - ok
18:06:19.0421 3396 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:06:19.0421 3396 TermService - ok
18:06:19.0468 3396 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
18:06:19.0468 3396 tfsnboio - ok
18:06:19.0484 3396 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
18:06:19.0484 3396 tfsncofs - ok
18:06:19.0500 3396 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
18:06:19.0500 3396 tfsndrct - ok
18:06:19.0515 3396 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
18:06:19.0515 3396 tfsndres - ok
18:06:19.0546 3396 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
18:06:19.0546 3396 tfsnifs - ok
18:06:19.0562 3396 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
18:06:19.0562 3396 tfsnopio - ok
18:06:19.0578 3396 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
18:06:19.0578 3396 tfsnpool - ok
18:06:19.0609 3396 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
18:06:19.0609 3396 tfsnudf - ok
18:06:19.0640 3396 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:06:19.0640 3396 tfsnudfa - ok
18:06:19.0671 3396 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:06:19.0687 3396 Themes - ok
18:06:19.0718 3396 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:06:19.0734 3396 TlntSvr - ok
18:06:19.0765 3396 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:06:19.0765 3396 TosIde - ok
18:06:19.0812 3396 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:06:19.0812 3396 TrkWks - ok
18:06:19.0859 3396 TrufosAlt (c380e830a4bd08440e6757213f126db7) C:\WINDOWS\system32\DRIVERS\TrufosAlt.sys
18:06:19.0859 3396 TrufosAlt - ok
18:06:19.0921 3396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:06:19.0921 3396 Udfs - ok
18:06:19.0968 3396 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:06:19.0968 3396 ultra - ok
18:06:20.0000 3396 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
18:06:20.0000 3396 UMWdf - ok
18:06:20.0062 3396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:06:20.0062 3396 Update - ok
18:06:20.0109 3396 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:06:20.0109 3396 upnphost - ok
18:06:20.0125 3396 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:06:20.0125 3396 UPS - ok
18:06:20.0140 3396 upsmonservice - ok
18:06:20.0187 3396 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:06:20.0187 3396 USBAAPL - ok
18:06:20.0234 3396 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:06:20.0234 3396 usbaudio - ok
18:06:20.0281 3396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:06:20.0281 3396 usbccgp - ok
18:06:20.0328 3396 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\WINDOWS\system32\DRIVERS\usbcm.sys
18:06:20.0328 3396 usbcm - ok
18:06:20.0359 3396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:06:20.0359 3396 usbehci - ok
18:06:20.0390 3396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:06:20.0390 3396 usbhub - ok
18:06:20.0437 3396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:06:20.0437 3396 usbprint - ok
18:06:20.0453 3396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:06:20.0453 3396 usbscan - ok
18:06:20.0468 3396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:06:20.0468 3396 USBSTOR - ok
18:06:20.0484 3396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:06:20.0484 3396 usbuhci - ok
18:06:20.0531 3396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:06:20.0531 3396 VgaSave - ok
18:06:20.0562 3396 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:06:20.0562 3396 viaagp - ok
18:06:20.0593 3396 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:06:20.0593 3396 ViaIde - ok
18:06:20.0687 3396 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
18:06:20.0687 3396 Viewpoint Manager Service - ok
18:06:20.0718 3396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:06:20.0718 3396 VolSnap - ok
18:06:20.0781 3396 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:06:20.0781 3396 VSS - ok
18:06:20.0812 3396 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:06:20.0812 3396 w32time - ok
18:06:20.0859 3396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:06:20.0859 3396 Wanarp - ok
18:06:20.0875 3396 wanatw - ok
18:06:20.0906 3396 WDICA - ok
18:06:20.0937 3396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:06:20.0937 3396 wdmaud - ok
18:06:20.0968 3396 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:06:20.0968 3396 WebClient - ok
18:06:21.0046 3396 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:06:21.0046 3396 winmgmt - ok
18:06:21.0203 3396 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:06:21.0218 3396 wlidsvc - ok
18:06:21.0281 3396 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
18:06:21.0296 3396 WmdmPmSN - ok
18:06:21.0343 3396 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:06:21.0343 3396 Wmi - ok
18:06:21.0437 3396 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:06:21.0437 3396 WmiApSrv - ok
18:06:21.0500 3396 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:06:21.0500 3396 WpdUsb - ok
18:06:21.0546 3396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:06:21.0546 3396 WS2IFSL - ok
18:06:21.0593 3396 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:06:21.0593 3396 wscsvc - ok
18:06:21.0625 3396 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:06:21.0625 3396 WSTCODEC - ok
18:06:21.0656 3396 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:06:21.0671 3396 wuauserv - ok
18:06:21.0718 3396 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:06:21.0734 3396 WZCSVC - ok
18:06:21.0781 3396 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:06:21.0781 3396 xmlprov - ok
18:06:21.0812 3396 MBR (0x1B8) (49a546210c3e024eac559a37a6bf499a) \Device\Harddisk0\DR0
18:06:22.0031 3396 \Device\Harddisk0\DR0 - ok
18:06:22.0031 3396 Boot (0x1200) (e0c60f0ab2f147942ee37d01586506cd) \Device\Harddisk0\DR0\Partition0
18:06:22.0031 3396 \Device\Harddisk0\DR0\Partition0 - ok
18:06:22.0031 3396 ============================================================
18:06:22.0031 3396 Scan finished
18:06:22.0031 3396 ============================================================
18:06:22.0046 3840 Detected object count: 0
18:06:22.0046 3840 Actual detected object count: 0



aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 18:07:03
-----------------------------
18:07:03.921 OS Version: Windows 5.1.2600 Service Pack 3
18:07:03.921 Number of processors: 2 586 0x404
18:07:03.921 ComputerName: D7PLPP81 UserName: David
18:07:10.593 Initialize success
18:08:02.687 AVAST engine defs: 12040302
18:13:14.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:13:15.000 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
18:13:15.046 Disk 0 MBR read successfully
18:13:15.046 Disk 0 MBR scan
18:13:15.375 Disk 0 Windows XP default MBR code
18:13:15.390 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
18:13:15.406 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147769 MB offset 112455
18:13:15.437 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
18:13:15.437 Disk 0 scanning sectors +312496380
18:13:15.562 Disk 0 scanning C:\WINDOWS\system32\drivers
18:13:37.812 Service scanning
18:14:03.687 Modules scanning
18:14:09.468 Disk 0 trace - called modules:
18:14:09.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
18:14:09.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8716aab8]
18:14:09.484 3 CLASSPNP.SYS[f765ffd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x871ca030]
18:14:10.406 AVAST engine scan C:\WINDOWS
18:14:16.890 AVAST engine scan C:\WINDOWS\system32
18:17:07.656 AVAST engine scan C:\WINDOWS\system32\drivers
18:17:27.296 AVAST engine scan C:\Documents and Settings\David
18:31:04.265 AVAST engine scan C:\Documents and Settings\All Users
18:33:11.828 Scan finished successfully
18:37:43.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David\Desktop\MBR.dat"
18:37:43.125 The log file has been saved successfully to "C:\Documents and Settings\David\Desktop\aswMBR.txt"