Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP Google Redirect


  • This topic is locked This topic is locked
28 replies to this topic

#1 david1932

david1932

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 10 May 2012 - 04:24 AM

Hi,

I've been asked to help fix a google-redirect problem for a friend.

The XP/SP3 PC has been infected for several months. Symptom is that some (but not all) links returned by google queries point to dodgy shopping sites or similar.

I've used info from bleeping computer several times before to remove malware but I can't see where to start with this one. Help would be very much appreciated.

Thanks

David

Attach.txt and ark.txt attached.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 23:17:59 on 2012-05-09
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.260 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120425134559.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [D-Link AirPlus Xtreme G] c:\program files\d-link\airplus xtreme g\AirPlusCFG.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Conime] %windir%\system32\conime.exe
mRun: [ADAiO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 192.0.2.1
TCP: Interfaces\{478BF980-13E0-4230-A541-1F5AD11A7DA0} : NameServer = 127.0.0.1
TCP: Interfaces\{518442C2-B9D7-4345-BAC3-F479E2EE36BE} : DhcpNameServer = 192.0.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-11 464304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-11 89792]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\advent\aio\center\ADAIOHostService.exe [2011-10-14 361904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-26 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-11 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-11 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-11 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-11 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-11 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-11 151880]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2003-10-22 344800]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-11 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-11 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-11 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-11 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-11 83856]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-11 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-11 87656]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
.
=============== Created Last 30 ================
.
2012-05-09 22:04:22 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-05-09 19:21:34 -------- d-----w- c:\windows\system32\NtmsData
2012-05-09 19:10:11 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-04-14 11:40:15 -------- d-----w- c:\windows\system32\advent
2012-04-14 11:40:09 604160 ------w- c:\windows\system32\ADAiO2MON.dll
2012-04-14 11:40:09 48640 ------w- c:\windows\system32\spool\prtprocs\w32x86\ADAiO2PPR.dll
2012-04-14 11:40:08 115712 ------w- c:\windows\system32\ADAIO2COI01.dll
2012-04-14 11:39:26 -------- d-----w- c:\program files\Advent
2012-04-14 11:39:08 -------- d-----w- c:\program files\MSXML 6.0
2012-04-14 11:37:10 -------- d-----w- c:\documents and settings\all users\application data\Advent
.
==================== Find3M ====================
.
2012-04-27 15:54:56 5852 --sh--w- c:\windows\system32\KGyGaAvL.sys
2012-04-27 15:54:39 88 --sh--r- c:\windows\system32\708111F5BE.sys
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-22 12:29:46 9608 ------w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29:46 89792 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 12:29:46 87656 ------w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 12:29:46 83856 ------w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 12:29:46 59456 ------w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29:46 57600 ------w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29:46 464304 ------w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29:46 340920 ------w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29:46 180848 ------w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29:46 121544 ------w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 23:25:15.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:08:02 AM

Posted 10 May 2012 - 10:37 AM

Hi David,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#3 david1932

david1932
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 10 May 2012 - 11:37 AM

Hi,

Thanks - I'll wait to hear from you.

Just in case you're curious about the log line ...

TCP: Interfaces\{478BF980-13E0-4230-A541-1F5AD11A7DA0} : NameServer = 127.0.0.1

... that's down to me rather than unwelcome software.

#4 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:08:02 AM

Posted 10 May 2012 - 12:47 PM

Hi David,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Step 1
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Viewpoint Media Player, click Remove.
  • Do the same for each Viewpoint component.





Step 2
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





Step 3
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Close to close the tool.
    Note: We don't want to fix anything here, but just get an overview of your computer!
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.





What you should post with your next answer:
  • the logfile from aswMBR,
  • the logfile from TDSS-Killer,
  • any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#5 david1932

david1932
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 10 May 2012 - 01:20 PM

Hi M-K-D-B,

Logs as requested.

I have uninstalled Viewpoint (there was only one entry in add/remove programs)

No extra info to add at this time.

Thanks

David

----------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 18:57:56
-----------------------------
18:57:56.695 OS Version: Windows 5.1.2600 Service Pack 3
18:57:56.695 Number of processors: 2 586 0x40A
18:57:56.695 ComputerName: BOOJAMKAT UserName:
18:57:57.804 Initialize success
18:58:08.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:58:08.679 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
18:58:08.742 Disk 0 MBR read successfully
18:58:08.742 Disk 0 MBR scan
18:58:08.742 Disk 0 unknown MBR code
18:58:08.758 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:58:08.773 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149464 MB offset 80325
18:58:08.804 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306198900
18:58:08.804 Disk 0 scanning sectors +312496380
18:58:08.883 Disk 0 scanning C:\WINDOWS\system32\drivers
18:58:16.476 Service scanning
18:58:27.273 Modules scanning
18:58:33.023 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
18:58:38.117 Disk 0 trace - called modules:
18:58:38.148 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
18:58:38.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd8ab8]
18:58:38.148 3 CLASSPNP.SYS[f84b5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82fd9d98]
18:58:38.164 Scan finished successfully
18:58:56.179 Disk 0 MBR has been saved successfully to "F:\AV\MBR.dat"
18:58:56.367 The log file has been saved successfully to "F:\AV\aswMBR.txt"










19:04:34.0773 1992 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:04:36.0039 1992 ============================================================
19:04:36.0039 1992 Current date / time: 2012/05/10 19:04:36.0039
19:04:36.0039 1992 SystemInfo:
19:04:36.0039 1992
19:04:36.0039 1992 OS Version: 5.1.2600 ServicePack: 3.0
19:04:36.0039 1992 Product type: Workstation
19:04:36.0039 1992 ComputerName: BOOJAMKAT
19:04:36.0039 1992 UserName: Administrator
19:04:36.0039 1992 Windows directory: C:\WINDOWS
19:04:36.0039 1992 System windows directory: C:\WINDOWS
19:04:36.0039 1992 Processor architecture: Intel x86
19:04:36.0039 1992 Number of processors: 2
19:04:36.0039 1992 Page size: 0x1000
19:04:36.0039 1992 Boot type: Normal boot
19:04:36.0039 1992 ============================================================
19:04:39.0195 1992 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:04:39.0195 1992 Drive \Device\Harddisk1\DR6 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:39.0211 1992 Drive \Device\Harddisk2\DR14 - Size: 0x1E6B00000 (7.60 Gb), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:39.0211 1992 ============================================================
19:04:39.0211 1992 \Device\Harddisk0\DR0:
19:04:39.0211 1992 MBR partitions:
19:04:39.0211 1992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE
19:04:39.0211 1992 \Device\Harddisk1\DR6:
19:04:39.0211 1992 MBR partitions:
19:04:39.0211 1992 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:04:39.0211 1992 \Device\Harddisk2\DR14:
19:04:39.0211 1992 MBR partitions:
19:04:39.0211 1992 ============================================================
19:04:39.0242 1992 C: <-> \Device\Harddisk0\DR0\Partition0
19:04:39.0242 1992 E: <-> \Device\Harddisk1\DR6\Partition0
19:04:39.0242 1992 ============================================================
19:04:39.0242 1992 Initialize success
19:04:39.0242 1992 ============================================================
19:05:20.0258 2160 ============================================================
19:05:20.0258 2160 Scan started
19:05:20.0258 2160 Mode: Manual;
19:05:20.0258 2160 ============================================================
19:05:20.0586 2160 A3AB (b5f0db0a8f1c656302e42d180c461fee) C:\WINDOWS\system32\DRIVERS\A3AB.sys
19:05:20.0586 2160 A3AB - ok
19:05:20.0601 2160 Abiosdsk - ok
19:05:20.0617 2160 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:05:20.0617 2160 abp480n5 - ok
19:05:20.0679 2160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:05:20.0679 2160 ACPI - ok
19:05:20.0695 2160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:05:20.0695 2160 ACPIEC - ok
19:05:20.0726 2160 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:05:20.0804 2160 adpu160m - ok
19:05:20.0929 2160 Advent AIO Network Discovery Service (7dac769f048f78fab96b4b5cec713301) C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
19:05:20.0929 2160 Advent AIO Network Discovery Service - ok
19:05:20.0961 2160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:05:20.0976 2160 aec - ok
19:05:21.0023 2160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:05:21.0133 2160 AFD - ok
19:05:21.0148 2160 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:05:21.0164 2160 agp440 - ok
19:05:21.0164 2160 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:05:21.0164 2160 agpCPQ - ok
19:05:21.0179 2160 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:05:21.0258 2160 Aha154x - ok
19:05:21.0273 2160 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:05:21.0273 2160 aic78u2 - ok
19:05:21.0273 2160 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:05:21.0289 2160 aic78xx - ok
19:05:21.0320 2160 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:05:21.0320 2160 Alerter - ok
19:05:21.0336 2160 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:05:21.0336 2160 ALG - ok
19:05:21.0351 2160 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:05:21.0351 2160 AliIde - ok
19:05:21.0367 2160 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:05:21.0367 2160 alim1541 - ok
19:05:21.0367 2160 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:05:21.0383 2160 amdagp - ok
19:05:21.0383 2160 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:05:21.0398 2160 amsint - ok
19:05:21.0414 2160 ANIO (4a5c7eaefa4c43d139c402c6da5bfd2c) C:\WINDOWS\system32\ANIO.SYS
19:05:21.0414 2160 ANIO - ok
19:05:21.0461 2160 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:05:21.0461 2160 AppMgmt - ok
19:05:21.0461 2160 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:05:21.0461 2160 asc - ok
19:05:21.0476 2160 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:05:21.0476 2160 asc3350p - ok
19:05:21.0695 2160 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:05:21.0773 2160 asc3550 - ok
19:05:21.0789 2160 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
19:05:21.0867 2160 ASCTRM - ok
19:05:22.0039 2160 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:05:22.0195 2160 aspnet_state - ok
19:05:22.0226 2160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:05:22.0226 2160 AsyncMac - ok
19:05:22.0258 2160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:05:22.0258 2160 atapi - ok
19:05:22.0258 2160 Atdisk - ok
19:05:22.0304 2160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:05:22.0304 2160 Atmarpc - ok
19:05:22.0351 2160 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:05:22.0351 2160 AudioSrv - ok
19:05:22.0398 2160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:05:22.0414 2160 audstub - ok
19:05:22.0414 2160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:05:22.0414 2160 Beep - ok
19:05:22.0492 2160 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:05:22.0508 2160 BITS - ok
19:05:22.0523 2160 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:05:22.0539 2160 Browser - ok
19:05:22.0554 2160 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:05:22.0570 2160 cbidf - ok
19:05:22.0586 2160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:05:22.0586 2160 cbidf2k - ok
19:05:22.0617 2160 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:05:22.0617 2160 CCDECODE - ok
19:05:22.0633 2160 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:05:22.0633 2160 cd20xrnt - ok
19:05:22.0633 2160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:05:22.0648 2160 Cdaudio - ok
19:05:22.0648 2160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:05:22.0664 2160 Cdfs - ok
19:05:22.0664 2160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:05:22.0664 2160 Cdrom - ok
19:05:22.0726 2160 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
19:05:22.0742 2160 cfwids - ok
19:05:22.0742 2160 Changer - ok
19:05:22.0758 2160 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:05:22.0773 2160 CiSvc - ok
19:05:23.0164 2160 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:05:23.0164 2160 ClipSrv - ok
19:05:23.0179 2160 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:23.0367 2160 clr_optimization_v2.0.50727_32 - ok
19:05:23.0398 2160 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:05:23.0398 2160 CmdIde - ok
19:05:23.0414 2160 COMSysApp - ok
19:05:23.0492 2160 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:05:23.0508 2160 Cpqarray - ok
19:05:23.0570 2160 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:05:23.0570 2160 CryptSvc - ok
19:05:23.0617 2160 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:05:23.0617 2160 dac2w2k - ok
19:05:23.0633 2160 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:05:23.0633 2160 dac960nt - ok
19:05:23.0742 2160 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:05:23.0742 2160 DcomLaunch - ok
19:05:23.0789 2160 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:05:23.0804 2160 Dhcp - ok
19:05:23.0836 2160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:05:23.0836 2160 Disk - ok
19:05:23.0898 2160 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:05:23.0914 2160 DLABOIOM - ok
19:05:23.0914 2160 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:05:23.0914 2160 DLACDBHM - ok
19:05:23.0929 2160 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
19:05:24.0070 2160 DLADResN - ok
19:05:24.0086 2160 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:05:24.0101 2160 DLAIFS_M - ok
19:05:24.0117 2160 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:05:24.0320 2160 DLAOPIOM - ok
19:05:24.0320 2160 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:05:24.0445 2160 DLAPoolM - ok
19:05:24.0461 2160 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:05:24.0461 2160 DLARTL_N - ok
19:05:24.0476 2160 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:05:24.0492 2160 DLAUDFAM - ok
19:05:24.0492 2160 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:05:24.0664 2160 DLAUDF_M - ok
19:05:24.0664 2160 dmadmin - ok
19:05:24.0742 2160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:05:24.0773 2160 dmboot - ok
19:05:24.0804 2160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:05:24.0804 2160 dmio - ok
19:05:24.0820 2160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:05:24.0820 2160 dmload - ok
19:05:24.0867 2160 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:05:24.0867 2160 dmserver - ok
19:05:24.0883 2160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:05:24.0883 2160 DMusic - ok
19:05:24.0945 2160 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:05:24.0945 2160 Dnscache - ok
19:05:24.0992 2160 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:05:24.0992 2160 Dot3svc - ok
19:05:25.0008 2160 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:05:25.0008 2160 dpti2o - ok
19:05:25.0023 2160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:05:25.0039 2160 drmkaud - ok
19:05:25.0086 2160 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:05:25.0086 2160 DRVMCDB - ok
19:05:25.0101 2160 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:05:25.0101 2160 DRVNDDM - ok
19:05:25.0133 2160 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:05:25.0133 2160 E100B - ok
19:05:25.0179 2160 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:05:25.0179 2160 EapHost - ok
19:05:25.0211 2160 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:05:25.0211 2160 ERSvc - ok
19:05:25.0258 2160 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:05:25.0273 2160 Eventlog - ok
19:05:25.0336 2160 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:05:25.0336 2160 EventSystem - ok
19:05:25.0367 2160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:05:25.0367 2160 Fastfat - ok
19:05:25.0414 2160 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:25.0414 2160 FastUserSwitchingCompatibility - ok
19:05:25.0445 2160 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
19:05:25.0461 2160 Fax - ok
19:05:25.0758 2160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:05:25.0758 2160 Fdc - ok
19:05:25.0773 2160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:05:25.0773 2160 Fips - ok
19:05:25.0773 2160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:05:25.0773 2160 Flpydisk - ok
19:05:25.0789 2160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:05:25.0804 2160 FltMgr - ok
19:05:25.0929 2160 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:05:25.0929 2160 FontCache3.0.0.0 - ok
19:05:25.0945 2160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:05:25.0945 2160 Fs_Rec - ok
19:05:25.0961 2160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:05:25.0961 2160 Ftdisk - ok
19:05:26.0008 2160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:05:26.0008 2160 Gpc - ok
19:05:26.0039 2160 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:05:26.0039 2160 HDAudBus - ok
19:05:26.0320 2160 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:05:26.0320 2160 helpsvc - ok
19:05:26.0320 2160 HidServ - ok
19:05:26.0351 2160 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:05:26.0351 2160 HidUsb - ok
19:05:26.0398 2160 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:05:26.0398 2160 hkmsvc - ok
19:05:26.0429 2160 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:05:26.0429 2160 hpn - ok
19:05:26.0476 2160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:05:26.0492 2160 HTTP - ok
19:05:26.0523 2160 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:05:26.0523 2160 HTTPFilter - ok
19:05:26.0554 2160 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:05:26.0554 2160 i2omgmt - ok
19:05:26.0570 2160 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:05:26.0570 2160 i2omp - ok
19:05:26.0586 2160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:05:26.0586 2160 i8042prt - ok
19:05:26.0695 2160 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:05:26.0851 2160 ialm - ok
19:05:27.0023 2160 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:05:27.0179 2160 idsvc - ok
19:05:27.0351 2160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:05:27.0351 2160 Imapi - ok
19:05:27.0398 2160 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:05:27.0414 2160 ImapiService - ok
19:05:27.0461 2160 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:05:27.0461 2160 ini910u - ok
19:05:27.0476 2160 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:05:27.0476 2160 IntelIde - ok
19:05:27.0539 2160 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:05:27.0539 2160 intelppm - ok
19:05:27.0539 2160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:05:27.0554 2160 Ip6Fw - ok
19:05:27.0586 2160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:05:27.0586 2160 IpFilterDriver - ok
19:05:27.0586 2160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:05:27.0601 2160 IpInIp - ok
19:05:27.0617 2160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:05:27.0617 2160 IpNat - ok
19:05:27.0648 2160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:05:27.0664 2160 IPSec - ok
19:05:27.0664 2160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:05:27.0664 2160 IRENUM - ok
19:05:27.0679 2160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:05:27.0679 2160 isapnp - ok
19:05:27.0711 2160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:05:27.0711 2160 Kbdclass - ok
19:05:27.0711 2160 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:05:27.0711 2160 kbdhid - ok
19:05:27.0742 2160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:05:27.0742 2160 kmixer - ok
19:05:27.0773 2160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:05:27.0773 2160 KSecDD - ok
19:05:27.0820 2160 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:05:27.0820 2160 lanmanserver - ok
19:05:27.0883 2160 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:05:27.0883 2160 lanmanworkstation - ok
19:05:27.0883 2160 lbrtfdc - ok
19:05:27.0945 2160 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:05:27.0945 2160 LmHosts - ok
19:05:28.0523 2160 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
19:05:28.0539 2160 McAfee SiteAdvisor Service - ok
19:05:28.0633 2160 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:05:28.0633 2160 McMPFSvc - ok
19:05:28.0648 2160 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0648 2160 mcmscsvc - ok
19:05:28.0648 2160 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0664 2160 McNaiAnn - ok
19:05:28.0664 2160 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0664 2160 McNASvc - ok
19:05:28.0758 2160 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
19:05:28.0773 2160 McODS - ok
19:05:28.0789 2160 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0789 2160 McProxy - ok
19:05:28.0851 2160 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:05:28.0851 2160 McShield - ok
19:05:28.0883 2160 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:05:28.0883 2160 Messenger - ok
19:05:28.0945 2160 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
19:05:28.0945 2160 mfeapfk - ok
19:05:28.0976 2160 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
19:05:28.0992 2160 mfeavfk - ok
19:05:28.0992 2160 mfeavfk01 - ok
19:05:29.0054 2160 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
19:05:29.0054 2160 mfebopk - ok
19:05:29.0101 2160 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:05:29.0117 2160 mfefire - ok
19:05:29.0164 2160 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
19:05:29.0164 2160 mfefirek - ok
19:05:29.0242 2160 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
19:05:29.0242 2160 mfehidk - ok
19:05:29.0320 2160 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:05:29.0320 2160 mfendisk - ok
19:05:29.0336 2160 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:05:29.0336 2160 mfendiskmp - ok
19:05:29.0383 2160 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
19:05:29.0383 2160 mferkdet - ok
19:05:29.0429 2160 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
19:05:29.0445 2160 mfetdi2k - ok
19:05:29.0461 2160 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
19:05:29.0476 2160 mfevtp - ok
19:05:29.0523 2160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:05:29.0523 2160 mnmdd - ok
19:05:29.0570 2160 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:05:29.0586 2160 mnmsrvc - ok
19:05:29.0633 2160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:05:29.0633 2160 Modem - ok
19:05:29.0664 2160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:05:29.0664 2160 Mouclass - ok
19:05:29.0711 2160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:05:29.0711 2160 mouhid - ok
19:05:29.0726 2160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:05:29.0726 2160 MountMgr - ok
19:05:29.0758 2160 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:05:29.0758 2160 mraid35x - ok
19:05:29.0789 2160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:05:29.0789 2160 MRxDAV - ok
19:05:29.0851 2160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:05:29.0851 2160 MRxSmb - ok
19:05:29.0898 2160 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:05:29.0898 2160 MSDTC - ok
19:05:29.0929 2160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:05:29.0929 2160 Msfs - ok
19:05:29.0929 2160 MSIServer - ok
19:05:30.0039 2160 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:05:30.0039 2160 MSK80Service - ok
19:05:30.0054 2160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:05:30.0054 2160 MSKSSRV - ok
19:05:30.0054 2160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:05:30.0070 2160 MSPCLOCK - ok
19:05:30.0070 2160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:05:30.0070 2160 MSPQM - ok
19:05:30.0101 2160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:05:30.0101 2160 mssmbios - ok
19:05:30.0445 2160 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:05:30.0445 2160 MSTEE - ok
19:05:30.0461 2160 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:05:30.0523 2160 Mup - ok
19:05:30.0570 2160 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:05:30.0570 2160 NABTSFEC - ok
19:05:30.0617 2160 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:05:30.0633 2160 napagent - ok
19:05:30.0664 2160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:05:30.0679 2160 NDIS - ok
19:05:30.0679 2160 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:05:30.0679 2160 NdisIP - ok
19:05:30.0742 2160 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:05:30.0804 2160 NdisTapi - ok
19:05:30.0851 2160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:05:30.0851 2160 Ndisuio - ok
19:05:30.0867 2160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:05:30.0867 2160 NdisWan - ok
19:05:30.0914 2160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:05:30.0914 2160 NDProxy - ok
19:05:30.0929 2160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:05:30.0929 2160 NetBIOS - ok
19:05:30.0961 2160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:05:30.0961 2160 NetBT - ok
19:05:31.0008 2160 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:31.0008 2160 NetDDE - ok
19:05:31.0008 2160 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:31.0023 2160 NetDDEdsdm - ok
19:05:31.0054 2160 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:31.0054 2160 Netlogon - ok
19:05:31.0117 2160 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:05:31.0133 2160 Netman - ok
19:05:31.0289 2160 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
19:05:31.0445 2160 NetSvc - ok
19:05:31.0586 2160 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:05:31.0586 2160 NetTcpPortSharing - ok
19:05:31.0648 2160 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:05:31.0648 2160 Nla - ok
19:05:31.0695 2160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:05:31.0695 2160 Npfs - ok
19:05:31.0758 2160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:05:31.0758 2160 Ntfs - ok
19:05:31.0804 2160 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:31.0804 2160 NtLmSsp - ok
19:05:31.0883 2160 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:05:31.0898 2160 NtmsSvc - ok
19:05:31.0929 2160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:05:31.0929 2160 Null - ok
19:05:32.0101 2160 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:05:32.0148 2160 nv - ok
19:05:32.0258 2160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:05:32.0258 2160 NwlnkFlt - ok
19:05:32.0258 2160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:05:32.0273 2160 NwlnkFwd - ok
19:05:32.0367 2160 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:05:32.0367 2160 ose - ok
19:05:32.0414 2160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:05:32.0414 2160 Parport - ok
19:05:32.0445 2160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:05:32.0445 2160 PartMgr - ok
19:05:32.0445 2160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:05:32.0445 2160 ParVdm - ok
19:05:32.0461 2160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:05:32.0476 2160 PCI - ok
19:05:32.0476 2160 PCIDump - ok
19:05:32.0508 2160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:05:32.0508 2160 PCIIde - ok
19:05:32.0523 2160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:05:32.0523 2160 Pcmcia - ok
19:05:32.0539 2160 PDCOMP - ok
19:05:32.0539 2160 PDFRAME - ok
19:05:32.0554 2160 PDRELI - ok
19:05:32.0570 2160 PDRFRAME - ok
19:05:32.0586 2160 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:05:32.0586 2160 perc2 - ok
19:05:32.0601 2160 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:05:32.0601 2160 perc2hib - ok
19:05:32.0664 2160 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:05:32.0664 2160 PlugPlay - ok
19:05:32.0726 2160 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:32.0726 2160 PolicyAgent - ok
19:05:32.0742 2160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:05:32.0742 2160 PptpMiniport - ok
19:05:32.0758 2160 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:32.0758 2160 ProtectedStorage - ok
19:05:32.0773 2160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:05:32.0773 2160 PSched - ok
19:05:32.0804 2160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:05:32.0804 2160 Ptilink - ok
19:05:32.0820 2160 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:05:32.0820 2160 PxHelp20 - ok
19:05:32.0836 2160 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:05:32.0836 2160 ql1080 - ok
19:05:32.0851 2160 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:05:32.0851 2160 Ql10wnt - ok
19:05:32.0851 2160 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:05:32.0867 2160 ql12160 - ok
19:05:33.0164 2160 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:05:33.0179 2160 ql1240 - ok
19:05:33.0179 2160 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:05:33.0179 2160 ql1280 - ok
19:05:33.0211 2160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:05:33.0211 2160 RasAcd - ok
19:05:33.0258 2160 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:05:33.0258 2160 RasAuto - ok
19:05:33.0289 2160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:05:33.0289 2160 Rasl2tp - ok
19:05:33.0351 2160 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:05:33.0351 2160 RasMan - ok
19:05:33.0367 2160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:05:33.0367 2160 RasPppoe - ok
19:05:33.0367 2160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:05:33.0383 2160 Raspti - ok
19:05:34.0086 2160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:05:34.0101 2160 Rdbss - ok
19:05:34.0117 2160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:05:34.0117 2160 RDPCDD - ok
19:05:34.0148 2160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:05:34.0164 2160 rdpdr - ok
19:05:34.0226 2160 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:05:34.0226 2160 RDPWD - ok
19:05:34.0242 2160 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:05:34.0258 2160 RDSessMgr - ok
19:05:34.0289 2160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:05:34.0289 2160 redbook - ok
19:05:34.0351 2160 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:05:34.0351 2160 RemoteAccess - ok
19:05:34.0398 2160 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:05:34.0414 2160 RemoteRegistry - ok
19:05:34.0539 2160 RetroLauncher (6fb9b33d20a2aac7c89884246a0e25fb) C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
19:05:34.0742 2160 RetroLauncher - ok
19:05:34.0773 2160 Retrospect Helper (5b767df028dc39d4246f09f5628d7fdd) C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
19:05:35.0054 2160 Retrospect Helper - ok
19:05:35.0117 2160 RetroWDSvc (6f5386267113fe4e0f87a882de48c577) C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
19:05:35.0320 2160 RetroWDSvc - ok
19:05:35.0492 2160 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:05:35.0508 2160 RpcLocator - ok
19:05:35.0617 2160 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:05:35.0617 2160 RpcSs - ok
19:05:35.0679 2160 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:05:35.0679 2160 RSVP - ok
19:05:35.0726 2160 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:35.0726 2160 SamSs - ok
19:05:35.0773 2160 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:05:35.0789 2160 SCardSvr - ok
19:05:35.0836 2160 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:05:35.0851 2160 Schedule - ok
19:05:35.0945 2160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:05:35.0945 2160 Secdrv - ok
19:05:35.0976 2160 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:05:35.0976 2160 seclogon - ok
19:05:35.0992 2160 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:05:35.0992 2160 SENS - ok
19:05:36.0008 2160 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:05:36.0023 2160 serenum - ok
19:05:36.0070 2160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:05:36.0070 2160 Serial - ok
19:05:36.0101 2160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:05:36.0101 2160 Sfloppy - ok
19:05:36.0179 2160 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:05:36.0179 2160 SharedAccess - ok
19:05:36.0242 2160 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:36.0242 2160 ShellHWDetection - ok
19:05:36.0242 2160 Simbad - ok
19:05:36.0258 2160 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:05:36.0258 2160 sisagp - ok
19:05:36.0304 2160 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:05:36.0320 2160 SLIP - ok
19:05:36.0367 2160 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:05:36.0383 2160 Sparrow - ok
19:05:36.0398 2160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:05:36.0414 2160 splitter - ok
19:05:36.0476 2160 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:05:36.0617 2160 Spooler - ok
19:05:36.0664 2160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:05:36.0664 2160 sr - ok
19:05:36.0711 2160 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:05:36.0726 2160 srservice - ok
19:05:36.0773 2160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:05:36.0773 2160 Srv - ok
19:05:36.0804 2160 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:05:36.0820 2160 SSDPSRV - ok
19:05:36.0929 2160 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
19:05:37.0070 2160 STHDA - ok
19:05:37.0117 2160 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:05:37.0117 2160 stisvc - ok
19:05:37.0226 2160 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:05:37.0226 2160 streamip - ok
19:05:37.0258 2160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:05:37.0258 2160 swenum - ok
19:05:37.0289 2160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:05:37.0289 2160 swmidi - ok
19:05:37.0289 2160 SwPrv - ok
19:05:37.0320 2160 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:05:37.0336 2160 symc810 - ok
19:05:37.0336 2160 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:05:37.0336 2160 symc8xx - ok
19:05:37.0351 2160 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:05:37.0351 2160 sym_hi - ok
19:05:37.0367 2160 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:05:37.0367 2160 sym_u3 - ok
19:05:37.0414 2160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:05:37.0414 2160 sysaudio - ok
19:05:37.0445 2160 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:05:37.0461 2160 SysmonLog - ok
19:05:37.0508 2160 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:05:37.0508 2160 TapiSrv - ok
19:05:38.0039 2160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:05:38.0039 2160 Tcpip - ok
19:05:38.0054 2160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:05:38.0070 2160 TDPIPE - ok
19:05:38.0070 2160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:05:38.0070 2160 TDTCP - ok
19:05:38.0101 2160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:05:38.0101 2160 TermDD - ok
19:05:38.0148 2160 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:05:38.0164 2160 TermService - ok
19:05:38.0226 2160 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:38.0226 2160 Themes - ok
19:05:38.0320 2160 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:05:38.0336 2160 TlntSvr - ok
19:05:38.0351 2160 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:05:38.0351 2160 TosIde - ok
19:05:38.0383 2160 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:05:38.0398 2160 TrkWks - ok
19:05:38.0429 2160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:05:38.0429 2160 Udfs - ok
19:05:38.0445 2160 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:05:38.0523 2160 ultra - ok
19:05:38.0554 2160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:05:38.0554 2160 Update - ok
19:05:38.0601 2160 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:05:38.0601 2160 upnphost - ok
19:05:38.0617 2160 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:05:38.0633 2160 UPS - ok
19:05:38.0679 2160 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:05:38.0679 2160 usbaudio - ok
19:05:38.0695 2160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:05:38.0695 2160 usbccgp - ok
19:05:38.0711 2160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:05:38.0711 2160 usbehci - ok
19:05:38.0726 2160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:38.0726 2160 usbhub - ok
19:05:38.0758 2160 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:05:38.0758 2160 usbprint - ok
19:05:38.0789 2160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:05:38.0789 2160 usbscan - ok
19:05:38.0804 2160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:38.0804 2160 USBSTOR - ok
19:05:38.0836 2160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:05:38.0836 2160 usbuhci - ok
19:05:39.0179 2160 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:05:39.0179 2160 usbvideo - ok
19:05:39.0211 2160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:05:39.0211 2160 VgaSave - ok
19:05:39.0304 2160 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:05:39.0304 2160 viaagp - ok
19:05:39.0320 2160 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:05:39.0320 2160 ViaIde - ok
19:05:39.0351 2160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:39.0351 2160 VolSnap - ok
19:05:39.0414 2160 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:05:39.0414 2160 VSS - ok
19:05:39.0461 2160 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:05:39.0461 2160 w32time - ok
19:05:39.0492 2160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:39.0492 2160 Wanarp - ok
19:05:39.0508 2160 wanatw - ok
19:05:39.0508 2160 WDICA - ok
19:05:39.0539 2160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:39.0539 2160 wdmaud - ok
19:05:39.0586 2160 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:05:39.0586 2160 WebClient - ok
19:05:39.0679 2160 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:05:39.0695 2160 winmgmt - ok
19:05:39.0758 2160 WLAN(WLAN) (b183823cfa0ec393556261a817cd4ad8) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
19:05:39.0773 2160 WLAN(WLAN) - ok
19:05:39.0804 2160 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
19:05:39.0929 2160 WmdmPmSN - ok
19:05:40.0008 2160 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:05:40.0023 2160 Wmi - ok
19:05:40.0070 2160 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:05:40.0070 2160 WmiApSrv - ok
19:05:40.0133 2160 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:05:40.0133 2160 wscsvc - ok
19:05:40.0179 2160 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:05:40.0179 2160 WSTCODEC - ok
19:05:40.0242 2160 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:05:40.0258 2160 wuauserv - ok
19:05:40.0336 2160 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:05:40.0351 2160 WZCSVC - ok
19:05:40.0383 2160 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:05:40.0398 2160 xmlprov - ok
19:05:40.0429 2160 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
19:05:40.0461 2160 \Device\Harddisk0\DR0 - ok
19:05:40.0461 2160 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk1\DR6
19:05:40.0476 2160 \Device\Harddisk1\DR6 - ok
19:05:40.0476 2160 MBR (0x1B8) (3b16467ca19b2fc24e6e41ca2c26bea5) \Device\Harddisk2\DR14
19:05:40.0726 2160 \Device\Harddisk2\DR14 - ok
19:05:40.0758 2160 Boot (0x1200) (952082bb1b0366112245ba897bf4b384) \Device\Harddisk0\DR0\Partition0
19:05:40.0758 2160 \Device\Harddisk0\DR0\Partition0 - ok
19:05:40.0773 2160 Boot (0x1200) (1df476ee0c0e517b2a74c513b5a7d5b7) \Device\Harddisk1\DR6\Partition0
19:05:40.0773 2160 \Device\Harddisk1\DR6\Partition0 - ok
19:05:40.0773 2160 ============================================================
19:05:40.0773 2160 Scan finished
19:05:40.0773 2160 ============================================================
19:05:40.0789 3840 Detected object count: 0
19:05:40.0789 3840 Actual detected object count: 0
19:05:56.0976 0392 Deinitialize success

#6 david1932

david1932
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 10 May 2012 - 01:31 PM

Hi M-K-D-B,

Logs as requested.

I have uninstalled Viewpoint (there was only one entry in add/remove programs)

No extra info to add at this time.

Thanks

David

----------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 18:57:56
-----------------------------
18:57:56.695 OS Version: Windows 5.1.2600 Service Pack 3
18:57:56.695 Number of processors: 2 586 0x40A
18:57:56.695 ComputerName: BOOJAMKAT UserName:
18:57:57.804 Initialize success
18:58:08.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:58:08.679 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
18:58:08.742 Disk 0 MBR read successfully
18:58:08.742 Disk 0 MBR scan
18:58:08.742 Disk 0 unknown MBR code
18:58:08.758 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:58:08.773 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149464 MB offset 80325
18:58:08.804 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306198900
18:58:08.804 Disk 0 scanning sectors +312496380
18:58:08.883 Disk 0 scanning C:\WINDOWS\system32\drivers
18:58:16.476 Service scanning
18:58:27.273 Modules scanning
18:58:33.023 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
18:58:38.117 Disk 0 trace - called modules:
18:58:38.148 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
18:58:38.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd8ab8]
18:58:38.148 3 CLASSPNP.SYS[f84b5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82fd9d98]
18:58:38.164 Scan finished successfully
18:58:56.179 Disk 0 MBR has been saved successfully to "F:\AV\MBR.dat"
18:58:56.367 The log file has been saved successfully to "F:\AV\aswMBR.txt"










19:04:34.0773 1992 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:04:36.0039 1992 ============================================================
19:04:36.0039 1992 Current date / time: 2012/05/10 19:04:36.0039
19:04:36.0039 1992 SystemInfo:
19:04:36.0039 1992
19:04:36.0039 1992 OS Version: 5.1.2600 ServicePack: 3.0
19:04:36.0039 1992 Product type: Workstation
19:04:36.0039 1992 ComputerName: BOOJAMKAT
19:04:36.0039 1992 UserName: Administrator
19:04:36.0039 1992 Windows directory: C:\WINDOWS
19:04:36.0039 1992 System windows directory: C:\WINDOWS
19:04:36.0039 1992 Processor architecture: Intel x86
19:04:36.0039 1992 Number of processors: 2
19:04:36.0039 1992 Page size: 0x1000
19:04:36.0039 1992 Boot type: Normal boot
19:04:36.0039 1992 ============================================================
19:04:39.0195 1992 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:04:39.0195 1992 Drive \Device\Harddisk1\DR6 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:39.0211 1992 Drive \Device\Harddisk2\DR14 - Size: 0x1E6B00000 (7.60 Gb), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:39.0211 1992 ============================================================
19:04:39.0211 1992 \Device\Harddisk0\DR0:
19:04:39.0211 1992 MBR partitions:
19:04:39.0211 1992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE
19:04:39.0211 1992 \Device\Harddisk1\DR6:
19:04:39.0211 1992 MBR partitions:
19:04:39.0211 1992 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:04:39.0211 1992 \Device\Harddisk2\DR14:
19:04:39.0211 1992 MBR partitions:
19:04:39.0211 1992 ============================================================
19:04:39.0242 1992 C: <-> \Device\Harddisk0\DR0\Partition0
19:04:39.0242 1992 E: <-> \Device\Harddisk1\DR6\Partition0
19:04:39.0242 1992 ============================================================
19:04:39.0242 1992 Initialize success
19:04:39.0242 1992 ============================================================
19:05:20.0258 2160 ============================================================
19:05:20.0258 2160 Scan started
19:05:20.0258 2160 Mode: Manual;
19:05:20.0258 2160 ============================================================
19:05:20.0586 2160 A3AB (b5f0db0a8f1c656302e42d180c461fee) C:\WINDOWS\system32\DRIVERS\A3AB.sys
19:05:20.0586 2160 A3AB - ok
19:05:20.0601 2160 Abiosdsk - ok
19:05:20.0617 2160 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:05:20.0617 2160 abp480n5 - ok
19:05:20.0679 2160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:05:20.0679 2160 ACPI - ok
19:05:20.0695 2160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:05:20.0695 2160 ACPIEC - ok
19:05:20.0726 2160 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:05:20.0804 2160 adpu160m - ok
19:05:20.0929 2160 Advent AIO Network Discovery Service (7dac769f048f78fab96b4b5cec713301) C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
19:05:20.0929 2160 Advent AIO Network Discovery Service - ok
19:05:20.0961 2160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:05:20.0976 2160 aec - ok
19:05:21.0023 2160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:05:21.0133 2160 AFD - ok
19:05:21.0148 2160 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:05:21.0164 2160 agp440 - ok
19:05:21.0164 2160 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:05:21.0164 2160 agpCPQ - ok
19:05:21.0179 2160 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:05:21.0258 2160 Aha154x - ok
19:05:21.0273 2160 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:05:21.0273 2160 aic78u2 - ok
19:05:21.0273 2160 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:05:21.0289 2160 aic78xx - ok
19:05:21.0320 2160 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:05:21.0320 2160 Alerter - ok
19:05:21.0336 2160 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:05:21.0336 2160 ALG - ok
19:05:21.0351 2160 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:05:21.0351 2160 AliIde - ok
19:05:21.0367 2160 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:05:21.0367 2160 alim1541 - ok
19:05:21.0367 2160 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:05:21.0383 2160 amdagp - ok
19:05:21.0383 2160 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:05:21.0398 2160 amsint - ok
19:05:21.0414 2160 ANIO (4a5c7eaefa4c43d139c402c6da5bfd2c) C:\WINDOWS\system32\ANIO.SYS
19:05:21.0414 2160 ANIO - ok
19:05:21.0461 2160 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:05:21.0461 2160 AppMgmt - ok
19:05:21.0461 2160 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:05:21.0461 2160 asc - ok
19:05:21.0476 2160 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:05:21.0476 2160 asc3350p - ok
19:05:21.0695 2160 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:05:21.0773 2160 asc3550 - ok
19:05:21.0789 2160 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
19:05:21.0867 2160 ASCTRM - ok
19:05:22.0039 2160 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:05:22.0195 2160 aspnet_state - ok
19:05:22.0226 2160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:05:22.0226 2160 AsyncMac - ok
19:05:22.0258 2160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:05:22.0258 2160 atapi - ok
19:05:22.0258 2160 Atdisk - ok
19:05:22.0304 2160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:05:22.0304 2160 Atmarpc - ok
19:05:22.0351 2160 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:05:22.0351 2160 AudioSrv - ok
19:05:22.0398 2160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:05:22.0414 2160 audstub - ok
19:05:22.0414 2160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:05:22.0414 2160 Beep - ok
19:05:22.0492 2160 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:05:22.0508 2160 BITS - ok
19:05:22.0523 2160 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:05:22.0539 2160 Browser - ok
19:05:22.0554 2160 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:05:22.0570 2160 cbidf - ok
19:05:22.0586 2160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:05:22.0586 2160 cbidf2k - ok
19:05:22.0617 2160 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:05:22.0617 2160 CCDECODE - ok
19:05:22.0633 2160 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:05:22.0633 2160 cd20xrnt - ok
19:05:22.0633 2160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:05:22.0648 2160 Cdaudio - ok
19:05:22.0648 2160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:05:22.0664 2160 Cdfs - ok
19:05:22.0664 2160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:05:22.0664 2160 Cdrom - ok
19:05:22.0726 2160 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
19:05:22.0742 2160 cfwids - ok
19:05:22.0742 2160 Changer - ok
19:05:22.0758 2160 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:05:22.0773 2160 CiSvc - ok
19:05:23.0164 2160 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:05:23.0164 2160 ClipSrv - ok
19:05:23.0179 2160 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:23.0367 2160 clr_optimization_v2.0.50727_32 - ok
19:05:23.0398 2160 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:05:23.0398 2160 CmdIde - ok
19:05:23.0414 2160 COMSysApp - ok
19:05:23.0492 2160 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:05:23.0508 2160 Cpqarray - ok
19:05:23.0570 2160 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:05:23.0570 2160 CryptSvc - ok
19:05:23.0617 2160 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:05:23.0617 2160 dac2w2k - ok
19:05:23.0633 2160 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:05:23.0633 2160 dac960nt - ok
19:05:23.0742 2160 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:05:23.0742 2160 DcomLaunch - ok
19:05:23.0789 2160 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:05:23.0804 2160 Dhcp - ok
19:05:23.0836 2160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:05:23.0836 2160 Disk - ok
19:05:23.0898 2160 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:05:23.0914 2160 DLABOIOM - ok
19:05:23.0914 2160 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:05:23.0914 2160 DLACDBHM - ok
19:05:23.0929 2160 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
19:05:24.0070 2160 DLADResN - ok
19:05:24.0086 2160 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:05:24.0101 2160 DLAIFS_M - ok
19:05:24.0117 2160 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:05:24.0320 2160 DLAOPIOM - ok
19:05:24.0320 2160 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:05:24.0445 2160 DLAPoolM - ok
19:05:24.0461 2160 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:05:24.0461 2160 DLARTL_N - ok
19:05:24.0476 2160 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:05:24.0492 2160 DLAUDFAM - ok
19:05:24.0492 2160 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:05:24.0664 2160 DLAUDF_M - ok
19:05:24.0664 2160 dmadmin - ok
19:05:24.0742 2160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:05:24.0773 2160 dmboot - ok
19:05:24.0804 2160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:05:24.0804 2160 dmio - ok
19:05:24.0820 2160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:05:24.0820 2160 dmload - ok
19:05:24.0867 2160 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:05:24.0867 2160 dmserver - ok
19:05:24.0883 2160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:05:24.0883 2160 DMusic - ok
19:05:24.0945 2160 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:05:24.0945 2160 Dnscache - ok
19:05:24.0992 2160 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:05:24.0992 2160 Dot3svc - ok
19:05:25.0008 2160 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:05:25.0008 2160 dpti2o - ok
19:05:25.0023 2160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:05:25.0039 2160 drmkaud - ok
19:05:25.0086 2160 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:05:25.0086 2160 DRVMCDB - ok
19:05:25.0101 2160 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:05:25.0101 2160 DRVNDDM - ok
19:05:25.0133 2160 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:05:25.0133 2160 E100B - ok
19:05:25.0179 2160 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:05:25.0179 2160 EapHost - ok
19:05:25.0211 2160 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:05:25.0211 2160 ERSvc - ok
19:05:25.0258 2160 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:05:25.0273 2160 Eventlog - ok
19:05:25.0336 2160 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:05:25.0336 2160 EventSystem - ok
19:05:25.0367 2160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:05:25.0367 2160 Fastfat - ok
19:05:25.0414 2160 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:25.0414 2160 FastUserSwitchingCompatibility - ok
19:05:25.0445 2160 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
19:05:25.0461 2160 Fax - ok
19:05:25.0758 2160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:05:25.0758 2160 Fdc - ok
19:05:25.0773 2160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:05:25.0773 2160 Fips - ok
19:05:25.0773 2160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:05:25.0773 2160 Flpydisk - ok
19:05:25.0789 2160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:05:25.0804 2160 FltMgr - ok
19:05:25.0929 2160 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:05:25.0929 2160 FontCache3.0.0.0 - ok
19:05:25.0945 2160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:05:25.0945 2160 Fs_Rec - ok
19:05:25.0961 2160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:05:25.0961 2160 Ftdisk - ok
19:05:26.0008 2160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:05:26.0008 2160 Gpc - ok
19:05:26.0039 2160 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:05:26.0039 2160 HDAudBus - ok
19:05:26.0320 2160 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:05:26.0320 2160 helpsvc - ok
19:05:26.0320 2160 HidServ - ok
19:05:26.0351 2160 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:05:26.0351 2160 HidUsb - ok
19:05:26.0398 2160 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:05:26.0398 2160 hkmsvc - ok
19:05:26.0429 2160 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:05:26.0429 2160 hpn - ok
19:05:26.0476 2160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:05:26.0492 2160 HTTP - ok
19:05:26.0523 2160 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:05:26.0523 2160 HTTPFilter - ok
19:05:26.0554 2160 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:05:26.0554 2160 i2omgmt - ok
19:05:26.0570 2160 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:05:26.0570 2160 i2omp - ok
19:05:26.0586 2160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:05:26.0586 2160 i8042prt - ok
19:05:26.0695 2160 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:05:26.0851 2160 ialm - ok
19:05:27.0023 2160 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:05:27.0179 2160 idsvc - ok
19:05:27.0351 2160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:05:27.0351 2160 Imapi - ok
19:05:27.0398 2160 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:05:27.0414 2160 ImapiService - ok
19:05:27.0461 2160 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:05:27.0461 2160 ini910u - ok
19:05:27.0476 2160 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:05:27.0476 2160 IntelIde - ok
19:05:27.0539 2160 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:05:27.0539 2160 intelppm - ok
19:05:27.0539 2160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:05:27.0554 2160 Ip6Fw - ok
19:05:27.0586 2160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:05:27.0586 2160 IpFilterDriver - ok
19:05:27.0586 2160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:05:27.0601 2160 IpInIp - ok
19:05:27.0617 2160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:05:27.0617 2160 IpNat - ok
19:05:27.0648 2160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:05:27.0664 2160 IPSec - ok
19:05:27.0664 2160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:05:27.0664 2160 IRENUM - ok
19:05:27.0679 2160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:05:27.0679 2160 isapnp - ok
19:05:27.0711 2160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:05:27.0711 2160 Kbdclass - ok
19:05:27.0711 2160 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:05:27.0711 2160 kbdhid - ok
19:05:27.0742 2160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:05:27.0742 2160 kmixer - ok
19:05:27.0773 2160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:05:27.0773 2160 KSecDD - ok
19:05:27.0820 2160 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:05:27.0820 2160 lanmanserver - ok
19:05:27.0883 2160 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:05:27.0883 2160 lanmanworkstation - ok
19:05:27.0883 2160 lbrtfdc - ok
19:05:27.0945 2160 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:05:27.0945 2160 LmHosts - ok
19:05:28.0523 2160 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
19:05:28.0539 2160 McAfee SiteAdvisor Service - ok
19:05:28.0633 2160 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:05:28.0633 2160 McMPFSvc - ok
19:05:28.0648 2160 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0648 2160 mcmscsvc - ok
19:05:28.0648 2160 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0664 2160 McNaiAnn - ok
19:05:28.0664 2160 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0664 2160 McNASvc - ok
19:05:28.0758 2160 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
19:05:28.0773 2160 McODS - ok
19:05:28.0789 2160 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:05:28.0789 2160 McProxy - ok
19:05:28.0851 2160 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:05:28.0851 2160 McShield - ok
19:05:28.0883 2160 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:05:28.0883 2160 Messenger - ok
19:05:28.0945 2160 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
19:05:28.0945 2160 mfeapfk - ok
19:05:28.0976 2160 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
19:05:28.0992 2160 mfeavfk - ok
19:05:28.0992 2160 mfeavfk01 - ok
19:05:29.0054 2160 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
19:05:29.0054 2160 mfebopk - ok
19:05:29.0101 2160 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:05:29.0117 2160 mfefire - ok
19:05:29.0164 2160 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
19:05:29.0164 2160 mfefirek - ok
19:05:29.0242 2160 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
19:05:29.0242 2160 mfehidk - ok
19:05:29.0320 2160 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:05:29.0320 2160 mfendisk - ok
19:05:29.0336 2160 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:05:29.0336 2160 mfendiskmp - ok
19:05:29.0383 2160 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
19:05:29.0383 2160 mferkdet - ok
19:05:29.0429 2160 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
19:05:29.0445 2160 mfetdi2k - ok
19:05:29.0461 2160 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
19:05:29.0476 2160 mfevtp - ok
19:05:29.0523 2160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:05:29.0523 2160 mnmdd - ok
19:05:29.0570 2160 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:05:29.0586 2160 mnmsrvc - ok
19:05:29.0633 2160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:05:29.0633 2160 Modem - ok
19:05:29.0664 2160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:05:29.0664 2160 Mouclass - ok
19:05:29.0711 2160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:05:29.0711 2160 mouhid - ok
19:05:29.0726 2160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:05:29.0726 2160 MountMgr - ok
19:05:29.0758 2160 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:05:29.0758 2160 mraid35x - ok
19:05:29.0789 2160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:05:29.0789 2160 MRxDAV - ok
19:05:29.0851 2160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:05:29.0851 2160 MRxSmb - ok
19:05:29.0898 2160 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:05:29.0898 2160 MSDTC - ok
19:05:29.0929 2160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:05:29.0929 2160 Msfs - ok
19:05:29.0929 2160 MSIServer - ok
19:05:30.0039 2160 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:05:30.0039 2160 MSK80Service - ok
19:05:30.0054 2160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:05:30.0054 2160 MSKSSRV - ok
19:05:30.0054 2160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:05:30.0070 2160 MSPCLOCK - ok
19:05:30.0070 2160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:05:30.0070 2160 MSPQM - ok
19:05:30.0101 2160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:05:30.0101 2160 mssmbios - ok
19:05:30.0445 2160 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:05:30.0445 2160 MSTEE - ok
19:05:30.0461 2160 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:05:30.0523 2160 Mup - ok
19:05:30.0570 2160 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:05:30.0570 2160 NABTSFEC - ok
19:05:30.0617 2160 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:05:30.0633 2160 napagent - ok
19:05:30.0664 2160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:05:30.0679 2160 NDIS - ok
19:05:30.0679 2160 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:05:30.0679 2160 NdisIP - ok
19:05:30.0742 2160 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:05:30.0804 2160 NdisTapi - ok
19:05:30.0851 2160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:05:30.0851 2160 Ndisuio - ok
19:05:30.0867 2160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:05:30.0867 2160 NdisWan - ok
19:05:30.0914 2160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:05:30.0914 2160 NDProxy - ok
19:05:30.0929 2160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:05:30.0929 2160 NetBIOS - ok
19:05:30.0961 2160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:05:30.0961 2160 NetBT - ok
19:05:31.0008 2160 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:31.0008 2160 NetDDE - ok
19:05:31.0008 2160 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:31.0023 2160 NetDDEdsdm - ok
19:05:31.0054 2160 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:31.0054 2160 Netlogon - ok
19:05:31.0117 2160 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:05:31.0133 2160 Netman - ok
19:05:31.0289 2160 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
19:05:31.0445 2160 NetSvc - ok
19:05:31.0586 2160 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:05:31.0586 2160 NetTcpPortSharing - ok
19:05:31.0648 2160 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:05:31.0648 2160 Nla - ok
19:05:31.0695 2160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:05:31.0695 2160 Npfs - ok
19:05:31.0758 2160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:05:31.0758 2160 Ntfs - ok
19:05:31.0804 2160 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:31.0804 2160 NtLmSsp - ok
19:05:31.0883 2160 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:05:31.0898 2160 NtmsSvc - ok
19:05:31.0929 2160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:05:31.0929 2160 Null - ok
19:05:32.0101 2160 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:05:32.0148 2160 nv - ok
19:05:32.0258 2160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:05:32.0258 2160 NwlnkFlt - ok
19:05:32.0258 2160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:05:32.0273 2160 NwlnkFwd - ok
19:05:32.0367 2160 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:05:32.0367 2160 ose - ok
19:05:32.0414 2160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:05:32.0414 2160 Parport - ok
19:05:32.0445 2160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:05:32.0445 2160 PartMgr - ok
19:05:32.0445 2160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:05:32.0445 2160 ParVdm - ok
19:05:32.0461 2160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:05:32.0476 2160 PCI - ok
19:05:32.0476 2160 PCIDump - ok
19:05:32.0508 2160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:05:32.0508 2160 PCIIde - ok
19:05:32.0523 2160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:05:32.0523 2160 Pcmcia - ok
19:05:32.0539 2160 PDCOMP - ok
19:05:32.0539 2160 PDFRAME - ok
19:05:32.0554 2160 PDRELI - ok
19:05:32.0570 2160 PDRFRAME - ok
19:05:32.0586 2160 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:05:32.0586 2160 perc2 - ok
19:05:32.0601 2160 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:05:32.0601 2160 perc2hib - ok
19:05:32.0664 2160 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:05:32.0664 2160 PlugPlay - ok
19:05:32.0726 2160 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:32.0726 2160 PolicyAgent - ok
19:05:32.0742 2160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:05:32.0742 2160 PptpMiniport - ok
19:05:32.0758 2160 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:32.0758 2160 ProtectedStorage - ok
19:05:32.0773 2160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:05:32.0773 2160 PSched - ok
19:05:32.0804 2160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:05:32.0804 2160 Ptilink - ok
19:05:32.0820 2160 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:05:32.0820 2160 PxHelp20 - ok
19:05:32.0836 2160 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:05:32.0836 2160 ql1080 - ok
19:05:32.0851 2160 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:05:32.0851 2160 Ql10wnt - ok
19:05:32.0851 2160 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:05:32.0867 2160 ql12160 - ok
19:05:33.0164 2160 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:05:33.0179 2160 ql1240 - ok
19:05:33.0179 2160 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:05:33.0179 2160 ql1280 - ok
19:05:33.0211 2160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:05:33.0211 2160 RasAcd - ok
19:05:33.0258 2160 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:05:33.0258 2160 RasAuto - ok
19:05:33.0289 2160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:05:33.0289 2160 Rasl2tp - ok
19:05:33.0351 2160 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:05:33.0351 2160 RasMan - ok
19:05:33.0367 2160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:05:33.0367 2160 RasPppoe - ok
19:05:33.0367 2160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:05:33.0383 2160 Raspti - ok
19:05:34.0086 2160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:05:34.0101 2160 Rdbss - ok
19:05:34.0117 2160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:05:34.0117 2160 RDPCDD - ok
19:05:34.0148 2160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:05:34.0164 2160 rdpdr - ok
19:05:34.0226 2160 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:05:34.0226 2160 RDPWD - ok
19:05:34.0242 2160 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:05:34.0258 2160 RDSessMgr - ok
19:05:34.0289 2160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:05:34.0289 2160 redbook - ok
19:05:34.0351 2160 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:05:34.0351 2160 RemoteAccess - ok
19:05:34.0398 2160 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:05:34.0414 2160 RemoteRegistry - ok
19:05:34.0539 2160 RetroLauncher (6fb9b33d20a2aac7c89884246a0e25fb) C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
19:05:34.0742 2160 RetroLauncher - ok
19:05:34.0773 2160 Retrospect Helper (5b767df028dc39d4246f09f5628d7fdd) C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
19:05:35.0054 2160 Retrospect Helper - ok
19:05:35.0117 2160 RetroWDSvc (6f5386267113fe4e0f87a882de48c577) C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
19:05:35.0320 2160 RetroWDSvc - ok
19:05:35.0492 2160 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:05:35.0508 2160 RpcLocator - ok
19:05:35.0617 2160 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:05:35.0617 2160 RpcSs - ok
19:05:35.0679 2160 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:05:35.0679 2160 RSVP - ok
19:05:35.0726 2160 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:35.0726 2160 SamSs - ok
19:05:35.0773 2160 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:05:35.0789 2160 SCardSvr - ok
19:05:35.0836 2160 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:05:35.0851 2160 Schedule - ok
19:05:35.0945 2160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:05:35.0945 2160 Secdrv - ok
19:05:35.0976 2160 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:05:35.0976 2160 seclogon - ok
19:05:35.0992 2160 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:05:35.0992 2160 SENS - ok
19:05:36.0008 2160 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:05:36.0023 2160 serenum - ok
19:05:36.0070 2160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:05:36.0070 2160 Serial - ok
19:05:36.0101 2160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:05:36.0101 2160 Sfloppy - ok
19:05:36.0179 2160 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:05:36.0179 2160 SharedAccess - ok
19:05:36.0242 2160 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:36.0242 2160 ShellHWDetection - ok
19:05:36.0242 2160 Simbad - ok
19:05:36.0258 2160 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:05:36.0258 2160 sisagp - ok
19:05:36.0304 2160 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:05:36.0320 2160 SLIP - ok
19:05:36.0367 2160 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:05:36.0383 2160 Sparrow - ok
19:05:36.0398 2160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:05:36.0414 2160 splitter - ok
19:05:36.0476 2160 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:05:36.0617 2160 Spooler - ok
19:05:36.0664 2160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:05:36.0664 2160 sr - ok
19:05:36.0711 2160 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:05:36.0726 2160 srservice - ok
19:05:36.0773 2160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:05:36.0773 2160 Srv - ok
19:05:36.0804 2160 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:05:36.0820 2160 SSDPSRV - ok
19:05:36.0929 2160 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
19:05:37.0070 2160 STHDA - ok
19:05:37.0117 2160 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:05:37.0117 2160 stisvc - ok
19:05:37.0226 2160 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:05:37.0226 2160 streamip - ok
19:05:37.0258 2160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:05:37.0258 2160 swenum - ok
19:05:37.0289 2160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:05:37.0289 2160 swmidi - ok
19:05:37.0289 2160 SwPrv - ok
19:05:37.0320 2160 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:05:37.0336 2160 symc810 - ok
19:05:37.0336 2160 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:05:37.0336 2160 symc8xx - ok
19:05:37.0351 2160 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:05:37.0351 2160 sym_hi - ok
19:05:37.0367 2160 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:05:37.0367 2160 sym_u3 - ok
19:05:37.0414 2160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:05:37.0414 2160 sysaudio - ok
19:05:37.0445 2160 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:05:37.0461 2160 SysmonLog - ok
19:05:37.0508 2160 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:05:37.0508 2160 TapiSrv - ok
19:05:38.0039 2160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:05:38.0039 2160 Tcpip - ok
19:05:38.0054 2160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:05:38.0070 2160 TDPIPE - ok
19:05:38.0070 2160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:05:38.0070 2160 TDTCP - ok
19:05:38.0101 2160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:05:38.0101 2160 TermDD - ok
19:05:38.0148 2160 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:05:38.0164 2160 TermService - ok
19:05:38.0226 2160 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:05:38.0226 2160 Themes - ok
19:05:38.0320 2160 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:05:38.0336 2160 TlntSvr - ok
19:05:38.0351 2160 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:05:38.0351 2160 TosIde - ok
19:05:38.0383 2160 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:05:38.0398 2160 TrkWks - ok
19:05:38.0429 2160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:05:38.0429 2160 Udfs - ok
19:05:38.0445 2160 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:05:38.0523 2160 ultra - ok
19:05:38.0554 2160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:05:38.0554 2160 Update - ok
19:05:38.0601 2160 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:05:38.0601 2160 upnphost - ok
19:05:38.0617 2160 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:05:38.0633 2160 UPS - ok
19:05:38.0679 2160 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:05:38.0679 2160 usbaudio - ok
19:05:38.0695 2160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:05:38.0695 2160 usbccgp - ok
19:05:38.0711 2160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:05:38.0711 2160 usbehci - ok
19:05:38.0726 2160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:38.0726 2160 usbhub - ok
19:05:38.0758 2160 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:05:38.0758 2160 usbprint - ok
19:05:38.0789 2160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:05:38.0789 2160 usbscan - ok
19:05:38.0804 2160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:38.0804 2160 USBSTOR - ok
19:05:38.0836 2160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:05:38.0836 2160 usbuhci - ok
19:05:39.0179 2160 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:05:39.0179 2160 usbvideo - ok
19:05:39.0211 2160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:05:39.0211 2160 VgaSave - ok
19:05:39.0304 2160 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:05:39.0304 2160 viaagp - ok
19:05:39.0320 2160 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:05:39.0320 2160 ViaIde - ok
19:05:39.0351 2160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:39.0351 2160 VolSnap - ok
19:05:39.0414 2160 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:05:39.0414 2160 VSS - ok
19:05:39.0461 2160 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:05:39.0461 2160 w32time - ok
19:05:39.0492 2160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:39.0492 2160 Wanarp - ok
19:05:39.0508 2160 wanatw - ok
19:05:39.0508 2160 WDICA - ok
19:05:39.0539 2160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:39.0539 2160 wdmaud - ok
19:05:39.0586 2160 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:05:39.0586 2160 WebClient - ok
19:05:39.0679 2160 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:05:39.0695 2160 winmgmt - ok
19:05:39.0758 2160 WLAN(WLAN) (b183823cfa0ec393556261a817cd4ad8) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
19:05:39.0773 2160 WLAN(WLAN) - ok
19:05:39.0804 2160 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
19:05:39.0929 2160 WmdmPmSN - ok
19:05:40.0008 2160 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:05:40.0023 2160 Wmi - ok
19:05:40.0070 2160 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:05:40.0070 2160 WmiApSrv - ok
19:05:40.0133 2160 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:05:40.0133 2160 wscsvc - ok
19:05:40.0179 2160 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:05:40.0179 2160 WSTCODEC - ok
19:05:40.0242 2160 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:05:40.0258 2160 wuauserv - ok
19:05:40.0336 2160 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:05:40.0351 2160 WZCSVC - ok
19:05:40.0383 2160 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:05:40.0398 2160 xmlprov - ok
19:05:40.0429 2160 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
19:05:40.0461 2160 \Device\Harddisk0\DR0 - ok
19:05:40.0461 2160 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk1\DR6
19:05:40.0476 2160 \Device\Harddisk1\DR6 - ok
19:05:40.0476 2160 MBR (0x1B8) (3b16467ca19b2fc24e6e41ca2c26bea5) \Device\Harddisk2\DR14
19:05:40.0726 2160 \Device\Harddisk2\DR14 - ok
19:05:40.0758 2160 Boot (0x1200) (952082bb1b0366112245ba897bf4b384) \Device\Harddisk0\DR0\Partition0
19:05:40.0758 2160 \Device\Harddisk0\DR0\Partition0 - ok
19:05:40.0773 2160 Boot (0x1200) (1df476ee0c0e517b2a74c513b5a7d5b7) \Device\Harddisk1\DR6\Partition0
19:05:40.0773 2160 \Device\Harddisk1\DR6\Partition0 - ok
19:05:40.0773 2160 ============================================================
19:05:40.0773 2160 Scan finished
19:05:40.0773 2160 ============================================================
19:05:40.0789 3840 Detected object count: 0
19:05:40.0789 3840 Actual detected object count: 0
19:05:56.0976 0392 Deinitialize success

#7 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:08:02 AM

Posted 10 May 2012 - 02:33 PM

Hi David,



Step 1
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.





What you should post with your next answer:
  • the logfile from ComboFix.

Regards,
M-K-D-B

#8 david1932

david1932
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 10 May 2012 - 05:28 PM

Hi,

It took about 2 hours to run.

There were many dialog box messages that NIRKMD could not be found. I clicked OK for each.

Regards

D.E.




ComboFix 12-05-10.04 - Administrator 10/05/2012 21:43:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.217 [GMT 1:00]
Running from: f:\av\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Barbara\My Documents\~WRD0004.tmp
c:\documents and settings\Barbara\My Documents\~WRD0005.tmp
c:\documents and settings\Barbara\My Documents\~WRL3452.tmp
c:\documents and settings\Barbara\My Documents\~WRL4034.tmp
c:\documents and settings\Barbara\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-09 22:04 . 2012-05-09 22:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-05-09 19:21 . 2012-05-09 21:59 -------- d-----w- c:\windows\system32\NtmsData
2012-05-09 19:10 . 2012-05-09 19:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-04-15 11:42 . 2012-05-09 12:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp
2012-04-14 11:40 . 2012-04-14 11:42 -------- d-----w- c:\documents and settings\Barbara\Local Settings\Application Data\DSGi
2012-04-14 11:40 . 2012-04-14 11:40 -------- d-----w- c:\windows\system32\advent
2012-04-14 11:40 . 2010-10-18 10:41 604160 ------w- c:\windows\system32\ADAiO2MON.dll
2012-04-14 11:40 . 2010-10-18 10:41 48640 ------w- c:\windows\system32\Spool\prtprocs\w32x86\ADAiO2PPR.dll
2012-04-14 11:40 . 2010-10-18 10:41 115712 ------w- c:\windows\system32\ADAIO2COI01.dll
2012-04-14 11:40 . 2012-04-14 11:40 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-14 11:39 . 2012-04-14 11:39 -------- d-----w- c:\program files\Advent
2012-04-14 11:39 . 2012-04-14 11:39 -------- d-----w- c:\program files\MSXML 6.0
2012-04-14 11:37 . 2012-04-14 11:38 -------- d-----w- c:\documents and settings\Barbara\Application Data\Temp
2012-04-14 11:37 . 2012-05-10 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Advent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2004-08-11 16:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-11 16:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 21:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 16:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 16:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 16:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 16:00 385024 ------w- c:\windows\system32\html.iec
2012-02-22 12:29 . 2010-08-11 21:51 9608 ------w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29 . 2010-08-11 21:51 89792 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 12:29 . 2010-08-11 21:51 87656 ------w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 12:29 . 2010-08-11 21:51 83856 ------w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 12:29 . 2010-08-11 21:51 59456 ------w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29 . 2010-08-11 21:51 464304 ------w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29 . 2010-08-11 21:51 340920 ------w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29 . 2010-08-11 21:51 180848 ------w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29 . 2010-08-11 21:51 121544 ------w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 12:29 . 2010-08-11 21:51 57600 ------w- c:\windows\system32\drivers\cfwids.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-30 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-30 98304]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"D-Link AirPlus Xtreme G"="c:\program files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 2502656]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"WD Button Manager"="WDBtnMgr.exe" [2007-01-05 335872]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"ADAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Barbara\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/08/2010 22:51 89792]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [14/10/2011 13:59 361904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [26/09/2008 08:25 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/08/2010 22:51 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [11/08/2010 22:51 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [11/08/2010 22:52 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [11/08/2010 22:51 151880]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [22/10/2003 15:27 344800]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/08/2010 22:51 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/08/2010 22:51 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 22:51 83856]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 22:51 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/08/2010 22:51 87656]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [16/08/2005 14:50 278016]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 40259968
*NewlyCreated* - 43949377
*NewlyCreated* - 95574032
*NewlyCreated* - ASWMBR
*NewlyCreated* - NTMSSVC
*NewlyCreated* - SWPRV
*NewlyCreated* - UGLDYPOG
*NewlyCreated* - VSS
*Deregistered* - 40259968
*Deregistered* - 43949377
*Deregistered* - 95574032
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
*Deregistered* - ugldypog
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.0.2.1
TCP: Interfaces\{478BF980-13E0-4230-A541-1F5AD11A7DA0}: NameServer = 127.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - D:\HijackThis.exe
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-05-10 23:15:47
ComboFix-quarantined-files.txt 2012-05-10 22:15
.
Pre-Run: 116,503,941,120 bytes free
Post-Run: 117,349,031,936 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 95FED005B4237335A420AE26BA5E4ADA

#9 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:08:02 AM

Posted 12 May 2012 - 04:42 AM

Hi David,



Step 1
Please visit VirusTotal.
Click Choose File.
Copy and paste the following code into the search field and press enter:
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\dlimport.exe.vir
Click on Scan it.
If the file was already uploaded to VirusTotal before, click on Reanalyse.
VirusTotal will show you the results of the uploaded file. This may take some time. Please be patient.
After VirusTotal has finished analysing the file, please copy the link in your adress bar and post it with your next answer.




Step 2
Go to the folder F:\AV.
Right click on the file MBR.dat and select send to compressed (zip) folders.
This will create a zipped copy of the file MBR.dat.
Please attach the zip file with your next post.





What you should post with your next answer:
  • the link to VirusTotal,
  • the zipped MBR.dat file.

Regards,
M-K-D-B

#10 david1932

david1932
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 12 May 2012 - 01:33 PM

Hi,

This is the link.

https://www.virustotal.com/file/70f980250a0822c8e13d4abb46038dc194aad710f0a921cc3f164caed2ac375a/analysis/1336846566/


MBR.zip attached.

FYI, drive F: on the infected PC is a USB memory stick that I'm using to pass files between the infected PC and the [different] PC I'm using to talk to you. It is where I'm downloading tools and saving scan results in directory \AV. The current content of F:\AV is ...

Volume in drive F has no label.
Volume Serial Number is E815-4E66

Directory of F:\AV

12/05/2012 19:24 <DIR> .
12/05/2012 19:24 <DIR> ..
10/05/2012 09:24 64,072 ark.txt
10/05/2012 11:55 4,731,392 aswMBR.exe
10/05/2012 18:58 3,342 aswMBR.txt
09/05/2012 23:26 19,022 attach.txt
10/05/2012 11:52 767 checkup.txt
10/05/2012 20:41 4,489,310 ComboFix.exe
09/05/2012 23:12 607,260 dds.scr
09/05/2012 23:26 11,089 dds.txt
09/05/2012 23:08 50,477 Defogger.exe
09/05/2012 23:17 462 defogger_disable.log
12/05/2012 19:24 0 dir.txt
10/05/2012 23:19 11,019 log.txt
10/05/2012 18:58 512 MBR.dat
12/05/2012 19:24 577 MBR.zip
09/05/2012 23:14 302,592 mhozi78r.exe
10/05/2012 11:44 879,714 SecurityCheck.exe
10/05/2012 19:05 93,704 TDSSKiller.2.7.34.0_10.05.2012_19.04.34_log.txt
02/05/2012 10:00 2,075,184 TDSSKiller.exe
12/05/2012 19:23 119 virustotallink.txt
19 File(s) 13,340,614 bytes
2 Dir(s) 7,513,767,936 bytes free


Thanks


D.E.

Attached Files

  • Attached File  MBR.zip   577bytes   5 downloads


#11 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:08:02 AM

Posted 13 May 2012 - 12:38 PM

Hi David,



Step 1
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

DeQuarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\dlimport.exe.vir

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Step 2
I would like you to answer the following questions as exactly as you can:
  • How is your compter running at the moment?
  • Are you still being redirected?





What you should post with your next answer:
  • the new logfile from ComboFix,
  • an answer to my questions.

Regards,
M-K-D-B

#12 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:08:02 AM

Posted 16 May 2012 - 12:06 PM

Hi David,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#13 david1932

david1932
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 16 May 2012 - 12:58 PM

Hi,

Sorry, I missed your last post .... I'll do what you asked now.

Thanks

D.E.

#14 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:08:02 AM

Posted 18 May 2012 - 10:48 AM

Hi David,


have you been able to do the steps that I've posted?
Or did you encounter any problem? If so, please let me know.
Thank you.
Regards,
M-K-D-B

#15 david1932

david1932
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 18 May 2012 - 11:40 AM

Hi,

Thanks for your patience. I *have* been struggling a bit ...

Despite thinking I had turned AntiVirus (McAfee) off, whenever I ran ComboFix it complained that AV was active and recommended me not to continue.

After trying lots of things which didn't seem to work, I took the disk out of the PC, put it into another and renamed all directories that seemed to be connected with McAfee.

Refitted disk & rebooted. ComboFix *still* complained that McAfee was active but no McAfee services were running so I allowed ComboFix to run.

At this time, I couldn't get any network connections to work.

ComboFix next complained it had "expired" and would run in "reduced functionality" mode. As well as creating ComboFix.txt it also created a new log which I attach as log-2.

I have since renamed all McAfee directories back to normal, rebooted and network access is restored. I think the PC is running very slowly put it's not mine so I don't know what is "normal" ... it's only got 512M RAM so I don't expect much but it does still seem slow. Currently, google searches are *not* being directed ... does this mean the root cause of the problem [Ha Ha ... little joke] has been removed?

Here is ComboFix.txt (log-2 as attachment)


Thanks

D.E.



ComboFix 12-05-10.04 - Administrator 17/05/2012 9:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.256 [GMT 1:00]
Running from: f:\av\ComboFix.exe
Command switches used :: f:\av\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 07:38 . 2012-05-17 07:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DSGi
2012-05-11 08:15 . 2012-05-11 08:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-05-09 22:04 . 2012-05-09 22:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-05-09 19:21 . 2012-05-09 21:59 -------- d-----w- c:\windows\system32\NtmsData
2012-05-09 19:10 . 2012-05-09 19:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2004-08-11 16:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-11 16:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 21:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 16:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 16:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 16:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 16:00 385024 ------w- c:\windows\system32\html.iec
2012-02-22 12:29 . 2010-08-11 21:51 9608 ------w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29 . 2010-08-11 21:51 89792 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 12:29 . 2010-08-11 21:51 87656 ------w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 12:29 . 2010-08-11 21:51 83856 ------w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 12:29 . 2010-08-11 21:51 59456 ------w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29 . 2010-08-11 21:51 464304 ------w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 12:29 . 2010-08-11 21:51 340920 ------w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29 . 2010-08-11 21:51 180848 ------w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29 . 2010-08-11 21:51 121544 ------w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 12:29 . 2010-08-11 21:51 57600 ------w- c:\windows\system32\drivers\cfwids.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-10_22.07.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 16:00 . 2012-05-11 08:40 73126 c:\windows\system32\perfc009.dat
+ 2006-06-01 18:04 . 2012-05-16 23:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-06-01 18:04 . 2012-05-10 20:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-06-01 18:04 . 2012-05-16 23:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-06-01 18:04 . 2012-05-10 20:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-06-01 18:04 . 2012-05-10 20:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-11 00:31 . 2012-05-16 23:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-11 08:24 . 2012-05-11 08:24 28672 c:\windows\ERDNT\AutoBackup\11-05-2012\Users\00000002\UsrClass.dat
+ 2004-08-11 16:00 . 2012-05-11 08:40 446112 c:\windows\system32\perfh009.dat
+ 2012-05-11 08:24 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-05-2012\ERDNT.EXE
+ 2012-05-11 08:24 . 2012-05-11 08:24 5066752 c:\windows\ERDNT\AutoBackup\11-05-2012\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-30 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-30 98304]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"D-Link AirPlus Xtreme G"="c:\program files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 2502656]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"WD Button Manager"="WDBtnMgr.exe" [2007-01-05 335872]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"ADAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Barbara\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9333:TCP"= 9333:TCP:ADDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/08/2010 22:51 89792]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [14/10/2011 13:59 361904]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [22/10/2003 15:27 344800]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/08/2010 22:51 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 22:51 83856]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S2 mfefire;McAfee Firewall Core Service;"c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe" --> c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;"c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe" --> c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/08/2010 22:51 57600]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 22:51 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/08/2010 22:51 87656]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [16/08/2005 14:50 278016]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: Interfaces\{478BF980-13E0-4230-A541-1F5AD11A7DA0}: NameServer = 127.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-MSC - c:\program files\McAfee\MSC\mcuihost.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 09:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1330170470-2882055774-1714745267-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,b4,d7,2b,78,24,d3,41,86,ac,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,b4,d7,2b,78,24,d3,41,86,ac,76,\
.
Completion time: 2012-05-17 09:56:30
ComboFix-quarantined-files.txt 2012-05-17 08:56
ComboFix2.txt 2012-05-10 22:15
C:\DeQuarantine.txt
.
Pre-Run: 117,370,241,024 bytes free
Post-Run: 117,379,440,640 bytes free
.
- - End Of File - - A1C8BD27B3FD6401CF011B56270F3D2E

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users