Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with alureon.e


  • This topic is locked This topic is locked
20 replies to this topic

#1 mhenyon

mhenyon

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 10 May 2012 - 03:02 PM

Help!!!
One of my users clicked on a unsubscribe link in an email and caught what is being reported by Microsoft Security Essentials as the Alureon.e rootkit. TDDSS will not run. RKill finds nothing. Malwarebytes fails to install. ComboFix stalls and aswMBR doesn't respond.
Boot Cleaner reports that drive0 is controlled by a rootkit and boot code is hidden by a rootkit. Boot Cleaner tells me to run remover.exe, but it wasn't included in any of the copies that I have found.
I have tried fixmbr, nothing is working.
It has a browser redirect as well.

I will post additional files shortly.

Edited by mhenyon, 10 May 2012 - 06:05 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:05 AM

Posted 10 May 2012 - 08:09 PM

what is the OS?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 10 May 2012 - 09:57 PM

Windows XP pro sp3

Edited by mhenyon, 10 May 2012 - 09:58 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:05 AM

Posted 11 May 2012 - 12:31 PM

For 32bit systems please download Listparts
Run the tool,
check the "list BCD" box

click "Scan" and post the log (Result.txt) it makes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 11 May 2012 - 02:46 PM

ListParts by Farbar Version: 12-03-2012 03
Ran by Administrator (administrator) on 11-05-2012 at 15:47:43
Windows XP (X86)
Running From: C:\temp
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 1149.99 MB
Available physical RAM: 789.71 MB
Total Pagefile: 1414.13 MB
Available Pagefile: 1177.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.74 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:18.6 GB) (Free:2.22 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive e: () (Removable) (Total:0.96 GB) (Free:0.42 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 19 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 19 GB 39 MB
Partition 3 Unknown 8088 KB 19 GB
======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 19 GB Healthy Boot
======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.
======================================================================================================

****** End Of Log ******

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:05 AM

Posted 11 May 2012 - 03:42 PM

Please do the following:


You will need a USB drive and a CD. (not absolutely necessary, but format the USB before using it)

First we will burn the CD - please do the following:

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.


Now we need to prepare the USB


  • Download tdl_fix.sh and save it to the xPUD flash drive.
  • Boot the infected computer with the CD you just burned and the slash drive inserted
  • The computer must be set to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear, choose your language
  • click the File tab.
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh then press Enter.
  • Read the warning then type y and press Enter to continue.
  • Type sda then press Enter when prompted.
  • You will be shown a list of partitions to choose marking active.
  • Type 2 then press Enter.
  • If you are presented with a warning about no bootloader files, type n then press Enter to choose another. If this happens, type 1 to select partition 1 then press Enter.
  • When you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_fix.txt file that was created on your flash drive and let me know how the computer is behaving.

Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.

This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.

This is a backup of the original mbr and will restore it to it's current state.

Edited by CatByte, 11 May 2012 - 03:43 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 11 May 2012 - 11:31 PM

Thanks for the reply.. I will not be able to do this for two days, but will definitely follow up.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:05 AM

Posted 12 May 2012 - 08:03 AM

ok,

don't use the computer in the mean time as it has a hidden malware partition, this type of malware can open a "back door" which can allow your system to be accessed and your personal information could be compromised.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 14 May 2012 - 08:07 AM

2012-05-14-09:07:45

The following drives were found
sda
sdb
User has chosen drive sda
backing up mbr to tdl_mbr_sda.bin


Disk /dev/sda: 20.0 GB, 20020396032 bytes
255 heads, 63 sectors/track, 2434 cylinders, total 39102336 sectors
Units = sectors of 1 * 512 = 512 bytes

Device Boot Start End Blocks Id System
/dev/sda1 63 80324 40131 de Unknown
/dev/sda2 80325 39086144 19502910 7 HPFS/NTFS
/dev/sda3 * 39086145 39102319 8087+ 17 Hidden HPFS/NTFS

Model: ATA ST320011A (scsi)
Disk /dev/sda: 20.0GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 41.1MB 41.1MB primary fat16
2 41.1MB 20.0GB 20.0GB primary ntfs
3 20.0GB 20.0GB 8282kB primary ntfs boot, hidden


User has chosen to make partition 2 active

Model: ATA ST320011A (scsi)
Disk /dev/sda: 20.0GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 41.1MB 41.1MB primary fat16
2 41.1MB 20.0GB 20.0GB primary ntfs boot
3 20.0GB 20.0GB 8282kB primary ntfs hidden


User has accepted changes

#10 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 14 May 2012 - 08:11 AM

Browser is not re-directing, but Malwareybtes still fails to install. I haven't tried anything else.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:05 AM

Posted 14 May 2012 - 08:52 AM

OK,

that's very good, we are making progress,

we now need to delete that malware partition

Please do the following:

Please do the following:

Please go to start => Run (or press Windows key+R) to bring up the Run box.
Type cmd in the run box and click OK.
A black command windows opens.

Please copy each red line separately, then right-click in the command windows and select Paste then press Enter after each line. Or you can type the bold lines one by one and press Enter after each line. (note that you should not copy all the lines at the same time, it should be executed line by line:

diskpart

Press Enter and wait (you get "Diskpart>")

select disk=0

(Note that this is disk zero) Press Enter. You should get notified that "Disk 0 is now the selected disk".

select partition=3

Press Enter.

You should get notified that "Partition 3 is now the selected partition".

delete partition override

Press Enter.

You should get notified that "DiskPart successfully deleted the selected partition".

Please let me know how that goes


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 14 May 2012 - 09:36 AM

ComboFix 12-05-14.02 - Administrator 05/14/2012 10:22:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.678 [GMT -4:00]
Running from: c:\temp\Mike.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\.#
c:\documents and settings\All Users\Application Data\6DvTdWUkey1oiZ
c:\documents and settings\kgambino\GoToAssistDownloadHelper.exe
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\LiveView
c:\windows\Downloaded Program Files\LiveView\disable.jpg
c:\windows\Downloaded Program Files\LiveView\down.jpg
c:\windows\Downloaded Program Files\LiveView\Logo.tif
c:\windows\Downloaded Program Files\LiveView\mask.jpg
c:\windows\Downloaded Program Files\LiveView\normal.jpg
c:\windows\Downloaded Program Files\LiveView\over.jpg
c:\windows\Downloaded Program Files\LiveView\skin.ini
c:\windows\EventSystem.log
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\gotomon.log
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 14:16 . 2012-05-14 14:16 -------- d-----w- C:\Mike
2012-05-08 15:17 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-05-08 15:17 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-05-08 15:17 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-05-08 15:17 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-05-08 15:17 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-05-08 15:17 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-05-08 15:17 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-05-08 15:17 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-05-08 15:17 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-05-08 15:15 . 2001-08-17 16:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2012-05-08 15:14 . 2001-08-18 02:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-05-08 15:13 . 2001-08-17 17:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-05-08 15:08 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-05-08 15:07 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-05-08 15:06 . 2001-08-17 16:19 48768 ----a-w- c:\windows\system32\dllcache\maestro.sys
2012-05-08 15:05 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\kbdinkan.dll
2012-05-08 15:04 . 2001-08-17 18:02 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2012-05-08 12:44 . 2001-08-17 16:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-05-08 12:43 . 2001-08-17 16:11 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2012-05-08 12:42 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-05-08 12:37 . 2001-08-17 17:47 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-05-08 12:37 . 2004-08-04 02:31 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2012-05-08 12:37 . 2001-08-17 16:11 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys
2012-05-08 12:37 . 2001-08-17 17:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2012-05-08 12:37 . 2001-08-17 16:11 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2012-05-08 12:37 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2012-05-07 19:35 . 2012-05-11 16:25 -------- d-sh--w- c:\windows\Installer
2012-05-07 19:04 . 2012-05-07 19:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-05-07 18:25 . 2012-05-07 18:25 -------- d-----w- C:\0f5d36a029ec0613198721b71450f111
2012-05-03 16:54 . 2012-05-03 16:54 -------- d-----w- c:\program files\ESET
2012-05-03 13:41 . 2012-05-03 13:41 -------- d-----w- c:\program files\SequoiaView
2012-05-02 21:57 . 2012-05-02 23:25 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-02 21:57 . 2012-05-02 21:57 -------- d-----w- c:\windows\Windows Defender Offline
2012-05-02 19:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-02 18:38 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-24 16:03 . 2012-04-24 16:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
2012-04-24 16:03 . 2012-04-24 16:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
2012-04-24 16:03 . 2012-04-24 16:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2004-02-06 22:05 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-08-29 10:00 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-08-29 10:00 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-08-29 10:00 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 10:00 148480 ---ha-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-10-07 20:16 385024 ---ha-w- c:\windows\system32\html.iec
2012-04-21 01:19 . 2012-05-02 19:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"McAfeeUpdaterUI"="c:\epoagent\UpdaterUI.exe" [2003-05-21 135251]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"QuickBooksDB21"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2010-04-28 679936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\MSPaper\\MSPSCAN.EXE"=
.
R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 10:51 AM 212992]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 5:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 5:06 PM 23744]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R2 Sage.LS1.ServiceHost.1.1;Sage Service Host (v1.1);c:\program files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe [12/16/2008 10:41 AM 106496]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 12:40 PM 148768]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/2/2012 3:05 PM 129976]
S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748856582-1055178378-712731521-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-02 22:36]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748856582-1055178378-712731521-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-02 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.5 68.87.73.242
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7451D317-862C-45DA-8C28-1B21ADF95877} - hxxp://192.168.1.37/WebViewS.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6o4lldji.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Stamps.com support for Microsoft Outlook 2000, 2002, 2003 - c:\documents and settings\All Users\Application Data\{9C763789-6B7A-4C3E-8999-8C1F2532A845}\MSOPIMstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 2000-2007 - c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\MSOPIMstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2003 - c:\documents and settings\All Users\Application Data\{FDE4F0C9-21C9-4682-95F8-A19664E71A04}\MSOABPstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2007 - c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\MSOABPstmp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 10:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1748856582-1055178378-712731521-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,24,ee,c0,11,9f,49,81,b1,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,24,ee,c0,11,9f,49,81,b1,12,\
.
Completion time: 2012-05-14 10:38:13
ComboFix-quarantined-files.txt 2012-05-14 14:38
.
Pre-Run: 2,515,931,136 bytes free
Post-Run: 2,903,379,968 bytes free
.
- - End Of File - - D54F0645143489E8826561C82C5B404A

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:05 AM

Posted 14 May 2012 - 02:28 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Please advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 14 May 2012 - 03:06 PM

ComboFix 12-05-14.03 - Administrator 05/14/2012 15:45:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.689 [GMT -4:00]
Running from: c:\temp\Mike.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\instance.dat
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\mia.dll
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.dat
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.exe
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.msi
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.par
c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.res
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\instance.dat
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\mia.dll
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\setup.bmp
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\stamps.dat
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\stamps.exe
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\stamps.msi
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\stamps.par
c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\stamps.res
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\instance.dat
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\mia.dll
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\MSOPIMstmp.dat
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\MSOPIMstmp.exe
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\MSOPIMstmp.msi
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\MSOPIMstmp.par
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\MSOPIMstmp.res
c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\setup.bmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 14:16 . 2012-05-14 14:16 -------- d-----w- C:\Mike
2012-05-08 15:17 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-05-08 15:17 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-05-08 15:17 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-05-08 15:17 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-05-08 15:17 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-05-08 15:17 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-05-08 15:17 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-05-08 15:17 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-05-08 15:17 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-05-08 15:15 . 2001-08-17 16:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2012-05-08 15:14 . 2001-08-18 02:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-05-08 15:13 . 2001-08-17 17:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-05-08 15:08 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-05-08 15:07 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-05-08 15:06 . 2001-08-17 16:19 48768 ----a-w- c:\windows\system32\dllcache\maestro.sys
2012-05-08 15:05 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\kbdinkan.dll
2012-05-08 15:04 . 2001-08-17 18:02 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2012-05-08 12:44 . 2001-08-17 16:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-05-08 12:43 . 2001-08-17 16:11 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2012-05-08 12:42 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-05-08 12:37 . 2001-08-17 17:47 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-05-08 12:37 . 2004-08-04 02:31 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2012-05-08 12:37 . 2001-08-17 16:11 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys
2012-05-08 12:37 . 2001-08-17 17:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2012-05-08 12:37 . 2001-08-17 16:11 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2012-05-08 12:37 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2012-05-07 19:35 . 2012-05-11 16:25 -------- d-sh--w- c:\windows\Installer
2012-05-07 19:04 . 2012-05-07 19:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-05-07 18:25 . 2012-05-07 18:25 -------- d-----w- C:\0f5d36a029ec0613198721b71450f111
2012-05-03 13:41 . 2012-05-03 13:41 -------- d-----w- c:\program files\SequoiaView
2012-05-02 21:57 . 2012-05-02 23:25 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-02 21:57 . 2012-05-02 21:57 -------- d-----w- c:\windows\Windows Defender Offline
2012-05-02 19:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-02 18:38 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2004-02-06 22:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-08-29 10:00 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-08-29 10:00 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-08-29 10:00 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 10:00 148480 ---ha-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-10-07 20:16 385024 ---ha-w- c:\windows\system32\html.iec
2012-04-21 01:19 . 2012-05-02 19:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-14_14.34.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-14 19:38 . 2012-05-14 19:39 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"QuickBooksDB21"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2010-04-28 679936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\MSPaper\\MSPSCAN.EXE"=
.
R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 10:51 AM 212992]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 5:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 5:06 PM 23744]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R2 Sage.LS1.ServiceHost.1.1;Sage Service Host (v1.1);c:\program files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe [12/16/2008 10:41 AM 106496]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 12:40 PM 148768]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/2/2012 3:05 PM 129976]
S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748856582-1055178378-712731521-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-02 22:36]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748856582-1055178378-712731521-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-02 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.5 68.87.73.242
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7451D317-862C-45DA-8C28-1B21ADF95877} - hxxp://192.168.1.37/WebViewS.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6o4lldji.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Stamps.com - c:\documents and settings\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}\stamps.exe
AddRemove-Stamps.com support for Microsoft Outlook 2000-2010 - c:\documents and settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}\MSOPIMstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2010 - c:\documents and settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1748856582-1055178378-712731521-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,24,ee,c0,11,9f,49,81,b1,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7b,24,ee,c0,11,9f,49,81,b1,12,\
.
Completion time: 2012-05-14 15:59:40
ComboFix-quarantined-files.txt 2012-05-14 19:59
ComboFix2.txt 2012-05-14 14:38
.
Pre-Run: 2,873,024,512 bytes free
Post-Run: 2,948,288,512 bytes free
.
- - End Of File - - 72246F3E588825082C129F5046346400

16:05:29.0656 2892 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:05:29.0921 2892 ============================================================
16:05:29.0921 2892 Current date / time: 2012/05/14 16:05:29.0921
16:05:29.0921 2892 SystemInfo:
16:05:29.0921 2892
16:05:29.0921 2892 OS Version: 5.1.2600 ServicePack: 3.0
16:05:29.0921 2892 Product type: Workstation
16:05:29.0921 2892 ComputerName: KGAMBINO
16:05:29.0921 2892 UserName: Administrator
16:05:29.0921 2892 Windows directory: C:\WINDOWS
16:05:29.0921 2892 System windows directory: C:\WINDOWS
16:05:29.0921 2892 Processor architecture: Intel x86
16:05:29.0921 2892 Number of processors: 1
16:05:29.0921 2892 Page size: 0x1000
16:05:29.0921 2892 Boot type: Normal boot
16:05:29.0921 2892 ============================================================
16:05:33.0531 2892 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:05:33.0546 2892 Drive \Device\Harddisk1\DR3 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:05:33.0546 2892 ============================================================
16:05:33.0546 2892 \Device\Harddisk0\DR0:
16:05:33.0562 2892 MBR partitions:
16:05:33.0562 2892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x2532E7C
16:05:33.0562 2892 \Device\Harddisk1\DR3:
16:05:33.0578 2892 MBR partitions:
16:05:33.0578 2892 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1EBFC1
16:05:33.0578 2892 ============================================================
16:05:33.0937 2892 C: <-> \Device\Harddisk0\DR0\Partition0
16:05:33.0984 2892 ============================================================
16:05:33.0984 2892 Initialize success
16:05:33.0984 2892 ============================================================
16:05:41.0687 2944 ============================================================
16:05:41.0687 2944 Scan started
16:05:41.0687 2944 Mode: Manual; TDLFS;
16:05:41.0687 2944 ============================================================
16:05:49.0109 2944 Abiosdsk - ok
16:05:49.0234 2944 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
16:05:49.0312 2944 abp480n5 - ok
16:05:49.0859 2944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:05:49.0906 2944 ACPI - ok
16:05:50.0015 2944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:05:50.0031 2944 ACPIEC - ok
16:05:50.0250 2944 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
16:05:50.0281 2944 adpu160m - ok
16:05:50.0390 2944 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
16:05:50.0390 2944 aeaudio - ok
16:05:50.0765 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:05:50.0812 2944 aec - ok
16:05:51.0234 2944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:05:51.0250 2944 AFD - ok
16:05:51.0437 2944 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
16:05:51.0484 2944 agp440 - ok
16:05:51.0656 2944 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
16:05:51.0656 2944 agpCPQ - ok
16:05:51.0875 2944 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
16:05:51.0921 2944 Aha154x - ok
16:05:52.0468 2944 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
16:05:52.0515 2944 aic78u2 - ok
16:05:52.0687 2944 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
16:05:52.0703 2944 aic78xx - ok
16:05:53.0000 2944 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:05:53.0000 2944 Alerter - ok
16:05:53.0078 2944 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:05:53.0078 2944 ALG - ok
16:05:53.0390 2944 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
16:05:53.0390 2944 AliIde - ok
16:05:53.0468 2944 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
16:05:53.0468 2944 alim1541 - ok
16:05:53.0562 2944 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
16:05:53.0562 2944 amdagp - ok
16:05:53.0671 2944 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
16:05:53.0671 2944 amsint - ok
16:05:54.0031 2944 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:05:54.0078 2944 AppMgmt - ok
16:05:54.0218 2944 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
16:05:54.0265 2944 asc - ok
16:05:54.0343 2944 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
16:05:54.0343 2944 asc3350p - ok
16:05:54.0406 2944 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
16:05:54.0500 2944 asc3550 - ok
16:05:55.0109 2944 ASFAgent (2b363d346b081be18dc63e4a8139c258) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
16:05:55.0171 2944 ASFAgent - ok
16:05:55.0734 2944 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:05:55.0937 2944 aspnet_state - ok
16:05:56.0125 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:05:56.0140 2944 AsyncMac - ok
16:05:56.0453 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:05:56.0453 2944 atapi - ok
16:05:56.0484 2944 Atdisk - ok
16:05:56.0984 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:05:56.0984 2944 Atmarpc - ok
16:05:57.0250 2944 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:05:57.0250 2944 AudioSrv - ok
16:05:57.0343 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:05:57.0359 2944 audstub - ok
16:05:57.0625 2944 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
16:05:57.0640 2944 basic2 - ok
16:05:57.0796 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:05:57.0812 2944 Beep - ok
16:05:59.0015 2944 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:05:59.0156 2944 BITS - ok
16:05:59.0625 2944 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:05:59.0640 2944 Browser - ok
16:05:59.0656 2944 bvrp_pci - ok
16:05:59.0843 2944 catchme - ok
16:06:00.0046 2944 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
16:06:00.0109 2944 cbidf - ok
16:06:00.0125 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:06:00.0125 2944 cbidf2k - ok
16:06:00.0218 2944 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
16:06:00.0234 2944 cd20xrnt - ok
16:06:00.0359 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:06:00.0359 2944 Cdaudio - ok
16:06:00.0750 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:06:00.0781 2944 Cdfs - ok
16:06:00.0937 2944 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
16:06:00.0937 2944 Cdr4_xp - ok
16:06:01.0359 2944 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
16:06:01.0406 2944 Cdralw2k - ok
16:06:01.0562 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:06:01.0562 2944 Cdrom - ok
16:06:02.0453 2944 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
16:06:02.0500 2944 cdudf_xp - ok
16:06:02.0515 2944 Changer - ok
16:06:02.0640 2944 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:06:02.0640 2944 CiSvc - ok
16:06:03.0031 2944 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:06:03.0078 2944 ClipSrv - ok
16:06:03.0734 2944 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:06:03.0906 2944 clr_optimization_v2.0.50727_32 - ok
16:06:03.0937 2944 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
16:06:03.0937 2944 CmdIde - ok
16:06:03.0968 2944 COMSysApp - ok
16:06:04.0046 2944 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
16:06:04.0046 2944 Cpqarray - ok
16:06:04.0140 2944 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:06:04.0140 2944 CryptSvc - ok
16:06:04.0250 2944 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
16:06:04.0250 2944 dac2w2k - ok
16:06:04.0296 2944 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
16:06:04.0296 2944 dac960nt - ok
16:06:04.0531 2944 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:06:04.0546 2944 DcomLaunch - ok
16:06:04.0640 2944 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:06:04.0640 2944 Dhcp - ok
16:06:04.0671 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:06:04.0687 2944 Disk - ok
16:06:04.0703 2944 dmadmin - ok
16:06:05.0609 2944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:06:05.0640 2944 dmboot - ok
16:06:05.0703 2944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:06:05.0703 2944 dmio - ok
16:06:05.0765 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:06:05.0765 2944 dmload - ok
16:06:05.0812 2944 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:06:05.0812 2944 dmserver - ok
16:06:05.0843 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:06:05.0843 2944 DMusic - ok
16:06:05.0890 2944 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:06:05.0890 2944 Dnscache - ok
16:06:05.0953 2944 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:06:05.0968 2944 Dot3svc - ok
16:06:06.0015 2944 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
16:06:06.0015 2944 dpti2o - ok
16:06:06.0062 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:06:06.0078 2944 drmkaud - ok
16:06:06.0234 2944 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
16:06:06.0250 2944 dvd_2K - ok
16:06:06.0312 2944 E1000 (854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
16:06:06.0312 2944 E1000 - ok
16:06:06.0375 2944 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:06:06.0375 2944 EapHost - ok
16:06:06.0421 2944 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
16:06:06.0437 2944 EL90XBC - ok
16:06:06.0484 2944 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:06:06.0484 2944 ERSvc - ok
16:06:06.0531 2944 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:06:06.0531 2944 Eventlog - ok
16:06:06.0609 2944 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
16:06:06.0625 2944 EventSystem - ok
16:06:06.0687 2944 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
16:06:06.0703 2944 Fallback - ok
16:06:06.0734 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:06:06.0734 2944 Fastfat - ok
16:06:06.0796 2944 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:06:06.0796 2944 FastUserSwitchingCompatibility - ok
16:06:06.0828 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:06:06.0828 2944 Fdc - ok
16:06:06.0875 2944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:06:06.0875 2944 Fips - ok
16:06:06.0906 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:06:06.0906 2944 Flpydisk - ok
16:06:06.0937 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:06:06.0953 2944 FltMgr - ok
16:06:07.0046 2944 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:06:07.0062 2944 FontCache3.0.0.0 - ok
16:06:07.0125 2944 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
16:06:07.0125 2944 Fsks - ok
16:06:07.0187 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:06:07.0203 2944 Fs_Rec - ok
16:06:07.0234 2944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:06:07.0250 2944 Ftdisk - ok
16:06:07.0296 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:06:07.0296 2944 Gpc - ok
16:06:07.0390 2944 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:06:07.0390 2944 helpsvc - ok
16:06:07.0437 2944 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:06:07.0453 2944 HidServ - ok
16:06:07.0500 2944 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:06:07.0500 2944 HidUsb - ok
16:06:07.0546 2944 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:06:07.0546 2944 hkmsvc - ok
16:06:07.0593 2944 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
16:06:07.0593 2944 hpn - ok
16:06:07.0656 2944 HSFHWBS2 (5bb6ce6c3fac28d4ef5c147e02c19e0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:06:07.0656 2944 HSFHWBS2 - ok
16:06:07.0781 2944 HSF_DP (842b23035f8f68e79675efb436b6aa94) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:06:07.0796 2944 HSF_DP - ok
16:06:07.0875 2944 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
16:06:07.0906 2944 hsf_msft - ok
16:06:07.0984 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:06:07.0984 2944 HTTP - ok
16:06:08.0031 2944 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:06:08.0031 2944 HTTPFilter - ok
16:06:08.0093 2944 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:06:08.0093 2944 i2omgmt - ok
16:06:08.0140 2944 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
16:06:08.0140 2944 i2omp - ok
16:06:08.0187 2944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:06:08.0187 2944 i8042prt - ok
16:06:08.0250 2944 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
16:06:08.0250 2944 i81x - ok
16:06:08.0312 2944 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
16:06:08.0312 2944 iAimFP0 - ok
16:06:08.0343 2944 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
16:06:08.0343 2944 iAimFP1 - ok
16:06:08.0375 2944 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
16:06:08.0375 2944 iAimFP2 - ok
16:06:08.0437 2944 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
16:06:08.0437 2944 iAimFP3 - ok
16:06:08.0468 2944 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
16:06:08.0484 2944 iAimFP4 - ok
16:06:08.0531 2944 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
16:06:08.0531 2944 iAimTV0 - ok
16:06:08.0562 2944 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
16:06:08.0562 2944 iAimTV1 - ok
16:06:08.0593 2944 iAimTV2 - ok
16:06:08.0625 2944 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
16:06:08.0625 2944 iAimTV3 - ok
16:06:08.0687 2944 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
16:06:08.0703 2944 iAimTV4 - ok
16:06:08.0812 2944 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:06:08.0890 2944 ialm - ok
16:06:09.0015 2944 Iap (10b554a36160c79374a660bb4bcc9d6b) C:\Program Files\Dell\OpenManage\Client\Iap.exe
16:06:09.0015 2944 Iap - ok
16:06:09.0218 2944 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:06:09.0265 2944 idsvc - ok
16:06:09.0390 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:06:09.0390 2944 Imapi - ok
16:06:09.0453 2944 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:06:09.0468 2944 ImapiService - ok
16:06:09.0531 2944 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
16:06:09.0531 2944 ini910u - ok
16:06:09.0562 2944 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
16:06:09.0562 2944 IntelIde - ok
16:06:09.0609 2944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:06:09.0609 2944 intelppm - ok
16:06:09.0656 2944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:06:09.0656 2944 Ip6Fw - ok
16:06:09.0703 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:06:09.0703 2944 IpFilterDriver - ok
16:06:09.0734 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:06:09.0734 2944 IpInIp - ok
16:06:09.0781 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:06:09.0796 2944 IpNat - ok
16:06:09.0843 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:06:09.0843 2944 IPSec - ok
16:06:09.0890 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:06:09.0890 2944 IRENUM - ok
16:06:09.0953 2944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:06:09.0953 2944 isapnp - ok
16:06:10.0093 2944 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
16:06:10.0109 2944 JavaQuickStarterService - ok
16:06:10.0187 2944 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
16:06:10.0218 2944 K56 - ok
16:06:10.0250 2944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:06:10.0250 2944 Kbdclass - ok
16:06:10.0296 2944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:06:10.0296 2944 kbdhid - ok
16:06:10.0343 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:06:10.0343 2944 kmixer - ok
16:06:10.0390 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:06:10.0406 2944 KSecDD - ok
16:06:10.0453 2944 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:06:10.0453 2944 lanmanserver - ok
16:06:10.0515 2944 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:06:10.0515 2944 lanmanworkstation - ok
16:06:10.0546 2944 lbrtfdc - ok
16:06:10.0812 2944 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:06:10.0812 2944 LmHosts - ok
16:06:10.0859 2944 McAfeeFramework - ok
16:06:10.0890 2944 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:06:10.0890 2944 mdmxsdk - ok
16:06:10.0921 2944 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:06:10.0937 2944 Messenger - ok
16:06:10.0968 2944 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
16:06:10.0968 2944 mmc_2K - ok
16:06:11.0031 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:06:11.0031 2944 mnmdd - ok
16:06:11.0078 2944 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
16:06:11.0078 2944 mnmsrvc - ok
16:06:11.0140 2944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:06:11.0140 2944 Modem - ok
16:06:11.0171 2944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:06:11.0187 2944 Mouclass - ok
16:06:11.0250 2944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:06:11.0265 2944 mouhid - ok
16:06:11.0296 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:06:11.0312 2944 MountMgr - ok
16:06:11.0484 2944 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:06:11.0500 2944 MozillaMaintenance - ok
16:06:11.0562 2944 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
16:06:11.0562 2944 mraid35x - ok
16:06:11.0734 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:06:11.0750 2944 MRxDAV - ok
16:06:12.0078 2944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:06:12.0109 2944 MRxSmb - ok
16:06:12.0171 2944 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
16:06:12.0171 2944 MSDTC - ok
16:06:12.0250 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:06:12.0250 2944 Msfs - ok
16:06:12.0281 2944 MSIServer - ok
16:06:12.0328 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:06:12.0343 2944 MSKSSRV - ok
16:06:12.0359 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:06:12.0359 2944 MSPCLOCK - ok
16:06:12.0390 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:06:12.0390 2944 MSPQM - ok
16:06:12.0453 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:06:12.0453 2944 mssmbios - ok
16:06:12.0578 2944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:06:12.0578 2944 Mup - ok
16:06:12.0656 2944 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:06:12.0671 2944 napagent - ok
16:06:12.0734 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:06:12.0750 2944 NDIS - ok
16:06:12.0796 2944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:06:12.0796 2944 NdisTapi - ok
16:06:12.0828 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:06:12.0828 2944 Ndisuio - ok
16:06:12.0859 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:06:12.0859 2944 NdisWan - ok
16:06:12.0906 2944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:06:12.0906 2944 NDProxy - ok
16:06:12.0968 2944 NetAlrt (73c0f29643f54ebe777521c88535114a) C:\WINDOWS\System32\drivers\NetAlrt.sys
16:06:12.0968 2944 NetAlrt - ok
16:06:13.0031 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:06:13.0031 2944 NetBIOS - ok
16:06:13.0062 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:06:13.0062 2944 NetBT - ok
16:06:13.0125 2944 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:06:13.0140 2944 NetDDE - ok
16:06:13.0156 2944 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:06:13.0156 2944 NetDDEdsdm - ok
16:06:13.0203 2944 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:06:13.0203 2944 Netlogon - ok
16:06:13.0234 2944 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:06:13.0250 2944 Netman - ok
16:06:13.0375 2944 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:13.0375 2944 NetTcpPortSharing - ok
16:06:13.0437 2944 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:06:13.0453 2944 Nla - ok
16:06:13.0515 2944 NMSCFG (f7f15b15d7d376af554450387753d34a) C:\WINDOWS\System32\drivers\NMSCFG.SYS
16:06:13.0515 2944 NMSCFG - ok
16:06:13.0640 2944 NMSSvc (e030d729c683df9673f33bfc5822567a) C:\WINDOWS\System32\NMSSvc.exe
16:06:13.0687 2944 NMSSvc - ok
16:06:13.0734 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:06:13.0734 2944 Npfs - ok
16:06:13.0812 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:06:13.0843 2944 Ntfs - ok
16:06:13.0890 2944 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
16:06:13.0890 2944 NtLmSsp - ok
16:06:13.0968 2944 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:06:14.0000 2944 NtmsSvc - ok
16:06:14.0046 2944 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:06:14.0046 2944 NuidFltr - ok
16:06:14.0109 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:06:14.0109 2944 Null - ok
16:06:14.0328 2944 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:06:14.0390 2944 nv - ok
16:06:14.0593 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:06:14.0593 2944 NwlnkFlt - ok
16:06:14.0656 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:06:14.0656 2944 NwlnkFwd - ok
16:06:14.0718 2944 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
16:06:14.0718 2944 omci - ok
16:06:14.0765 2944 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
16:06:14.0765 2944 P3 - ok
16:06:14.0812 2944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:06:14.0812 2944 Parport - ok
16:06:14.0828 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:06:14.0828 2944 PartMgr - ok
16:06:14.0875 2944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:06:14.0890 2944 ParVdm - ok
16:06:14.0921 2944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:06:14.0921 2944 PCI - ok
16:06:14.0953 2944 PCIDump - ok
16:06:15.0000 2944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:06:15.0000 2944 PCIIde - ok
16:06:15.0062 2944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:06:15.0062 2944 Pcmcia - ok
16:06:15.0093 2944 PDCOMP - ok
16:06:15.0109 2944 PDFRAME - ok
16:06:15.0125 2944 PDRELI - ok
16:06:15.0156 2944 PDRFRAME - ok
16:06:15.0218 2944 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
16:06:15.0218 2944 perc2 - ok
16:06:15.0281 2944 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
16:06:15.0281 2944 perc2hib - ok
16:06:15.0375 2944 PlatAlrt (7e885eb50520747204947eff818b0a29) C:\WINDOWS\System32\drivers\PlatAlrt.sys
16:06:15.0375 2944 PlatAlrt - ok
16:06:15.0421 2944 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:06:15.0421 2944 PlugPlay - ok
16:06:15.0562 2944 Pml Driver HPZ12 (2fec35e69f33202b447cc508acf135cf) C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\HPZipm12.exe
16:06:15.0578 2944 Pml Driver HPZ12 - ok
16:06:15.0625 2944 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:06:15.0640 2944 PolicyAgent - ok
16:06:15.0687 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:06:15.0687 2944 PptpMiniport - ok
16:06:15.0718 2944 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:06:15.0718 2944 Processor - ok
16:06:15.0750 2944 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:06:15.0750 2944 ProtectedStorage - ok
16:06:15.0796 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:06:15.0796 2944 Ptilink - ok
16:06:15.0859 2944 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
16:06:15.0859 2944 pwd_2k - ok
16:06:16.0000 2944 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:06:16.0000 2944 QBCFMonitorService - ok
16:06:16.0062 2944 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:06:16.0062 2944 QBFCService - ok
16:06:16.0250 2944 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
16:06:16.0312 2944 QBVSS - ok
16:06:16.0484 2944 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
16:06:16.0484 2944 ql1080 - ok
16:06:16.0515 2944 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
16:06:16.0515 2944 Ql10wnt - ok
16:06:16.0546 2944 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
16:06:16.0546 2944 ql12160 - ok
16:06:16.0578 2944 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
16:06:16.0578 2944 ql1240 - ok
16:06:16.0609 2944 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
16:06:16.0609 2944 ql1280 - ok
16:06:16.0703 2944 QuickBooksDB21 - ok
16:06:16.0765 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:06:16.0765 2944 RasAcd - ok
16:06:16.0812 2944 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:06:16.0828 2944 RasAuto - ok
16:06:16.0859 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:06:16.0859 2944 Rasl2tp - ok
16:06:16.0921 2944 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:06:16.0937 2944 RasMan - ok
16:06:16.0968 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:06:16.0968 2944 RasPppoe - ok
16:06:17.0031 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:06:17.0031 2944 Raspti - ok
16:06:17.0078 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:06:17.0093 2944 Rdbss - ok
16:06:17.0125 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:06:17.0125 2944 RDPCDD - ok
16:06:17.0171 2944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:06:17.0187 2944 rdpdr - ok
16:06:17.0265 2944 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:06:17.0265 2944 RDPWD - ok
16:06:17.0328 2944 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:06:17.0343 2944 RDSessMgr - ok
16:06:17.0390 2944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:06:17.0390 2944 redbook - ok
16:06:17.0453 2944 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:06:17.0453 2944 RemoteAccess - ok
16:06:17.0515 2944 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:06:17.0515 2944 RemoteRegistry - ok
16:06:17.0578 2944 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
16:06:17.0578 2944 Rksample - ok
16:06:17.0640 2944 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
16:06:17.0640 2944 RpcLocator - ok
16:06:17.0734 2944 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:06:17.0750 2944 RpcSs - ok
16:06:17.0796 2944 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
16:06:17.0812 2944 RSVP - ok
16:06:17.0953 2944 Sage.LS1.ServiceHost.1.1 (a30b7977f815edd31f0aa7743e58d32c) C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe
16:06:17.0968 2944 Sage.LS1.ServiceHost.1.1 - ok
16:06:18.0015 2944 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:06:18.0031 2944 SamSs - ok
16:06:18.0078 2944 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:06:18.0093 2944 SCardSvr - ok
16:06:18.0140 2944 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:06:18.0156 2944 Schedule - ok
16:06:18.0218 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:06:18.0218 2944 Secdrv - ok
16:06:18.0265 2944 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:06:18.0265 2944 seclogon - ok
16:06:18.0296 2944 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:06:18.0312 2944 SENS - ok
16:06:18.0359 2944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:06:18.0359 2944 serenum - ok
16:06:18.0390 2944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:06:18.0390 2944 Serial - ok
16:06:18.0437 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:06:18.0437 2944 Sfloppy - ok
16:06:18.0500 2944 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:06:18.0531 2944 SharedAccess - ok
16:06:18.0578 2944 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:06:18.0578 2944 ShellHWDetection - ok
16:06:18.0609 2944 Simbad - ok
16:06:18.0656 2944 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
16:06:18.0656 2944 sisagp - ok
16:06:18.0750 2944 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
16:06:18.0812 2944 smwdm - ok
16:06:18.0890 2944 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
16:06:18.0890 2944 SoftFax - ok
16:06:18.0937 2944 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
16:06:18.0937 2944 Sparrow - ok
16:06:18.0984 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:06:18.0984 2944 splitter - ok
16:06:19.0031 2944 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:06:19.0046 2944 Spooler - ok
16:06:19.0093 2944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:06:19.0093 2944 sr - ok
16:06:19.0156 2944 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:06:19.0171 2944 srservice - ok
16:06:19.0234 2944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:06:19.0250 2944 Srv - ok
16:06:19.0312 2944 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:06:19.0312 2944 SSDPSRV - ok
16:06:19.0375 2944 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:06:19.0406 2944 stisvc - ok
16:06:19.0515 2944 SupportSoft RemoteAssist (6377ad46967e559eee8ea0372ee72970) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
16:06:19.0546 2944 SupportSoft RemoteAssist - ok
16:06:19.0625 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:06:19.0625 2944 swenum - ok
16:06:19.0656 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:06:19.0656 2944 swmidi - ok
16:06:19.0687 2944 SwPrv - ok
16:06:19.0750 2944 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
16:06:19.0750 2944 symc810 - ok
16:06:19.0781 2944 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
16:06:19.0781 2944 symc8xx - ok
16:06:19.0812 2944 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
16:06:19.0812 2944 sym_hi - ok
16:06:19.0875 2944 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
16:06:19.0875 2944 sym_u3 - ok
16:06:19.0921 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:06:19.0921 2944 sysaudio - ok
16:06:20.0000 2944 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:06:20.0000 2944 SysmonLog - ok
16:06:20.0156 2944 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:06:20.0156 2944 TapiSrv - ok
16:06:20.0484 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:06:20.0609 2944 Tcpip - ok
16:06:20.0671 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:06:20.0671 2944 TDPIPE - ok
16:06:20.0750 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:06:20.0750 2944 TDTCP - ok
16:06:20.0796 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:06:20.0796 2944 TermDD - ok
16:06:20.0953 2944 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:06:20.0968 2944 TermService - ok
16:06:21.0109 2944 tgsrvc_providercomcast - ok
16:06:21.0406 2944 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:06:21.0421 2944 Themes - ok
16:06:21.0609 2944 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
16:06:21.0625 2944 TlntSvr - ok
16:06:21.0687 2944 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
16:06:21.0687 2944 Tones - ok
16:06:21.0734 2944 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
16:06:21.0734 2944 TosIde - ok
16:06:21.0796 2944 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:06:21.0812 2944 TrkWks - ok
16:06:21.0875 2944 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
16:06:21.0875 2944 UdfReadr_xp - ok
16:06:21.0921 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:06:21.0921 2944 Udfs - ok
16:06:21.0984 2944 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
16:06:21.0984 2944 ultra - ok
16:06:22.0062 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:06:22.0093 2944 Update - ok
16:06:22.0140 2944 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:06:22.0140 2944 upnphost - ok
16:06:22.0187 2944 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:06:22.0187 2944 UPS - ok
16:06:22.0250 2944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:06:22.0250 2944 usbccgp - ok
16:06:22.0296 2944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:06:22.0296 2944 usbehci - ok
16:06:22.0328 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:06:22.0328 2944 usbhub - ok
16:06:22.0375 2944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:06:22.0375 2944 USBSTOR - ok
16:06:22.0406 2944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:06:22.0406 2944 usbuhci - ok
16:06:22.0500 2944 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
16:06:22.0531 2944 V124 - ok
16:06:22.0578 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:06:22.0593 2944 VgaSave - ok
16:06:22.0625 2944 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
16:06:22.0625 2944 viaagp - ok
16:06:22.0656 2944 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
16:06:22.0656 2944 ViaIde - ok
16:06:22.0703 2944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:06:22.0703 2944 VolSnap - ok
16:06:22.0765 2944 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:06:22.0796 2944 VSS - ok
16:06:22.0859 2944 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:06:22.0859 2944 w32time - ok
16:06:22.0906 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:06:22.0921 2944 Wanarp - ok
16:06:23.0000 2944 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:06:23.0031 2944 Wdf01000 - ok
16:06:23.0046 2944 WDICA - ok
16:06:23.0078 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:06:23.0093 2944 wdmaud - ok
16:06:23.0140 2944 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:06:23.0140 2944 WebClient - ok
16:06:23.0234 2944 winachsf (bcdcc21314add47e26f1dfa1605e11c9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:06:23.0250 2944 winachsf - ok
16:06:23.0328 2944 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:06:23.0328 2944 winmgmt - ok
16:06:23.0406 2944 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:06:23.0406 2944 WmdmPmSN - ok
16:06:23.0500 2944 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:06:23.0531 2944 Wmi - ok
16:06:23.0593 2944 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:06:23.0609 2944 WmiApSrv - ok
16:06:23.0796 2944 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:06:23.0843 2944 WMPNetworkSvc - ok
16:06:23.0937 2944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:06:23.0937 2944 WS2IFSL - ok
16:06:23.0984 2944 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:06:23.0984 2944 wscsvc - ok
16:06:24.0031 2944 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:06:24.0031 2944 wuauserv - ok
16:06:24.0078 2944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:06:24.0093 2944 WudfPf - ok
16:06:24.0125 2944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:06:24.0140 2944 WudfRd - ok
16:06:24.0171 2944 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:06:24.0171 2944 WudfSvc - ok
16:06:24.0265 2944 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:06:24.0296 2944 WZCSVC - ok
16:06:24.0359 2944 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:06:24.0375 2944 xmlprov - ok
16:06:24.0406 2944 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
16:06:24.0406 2944 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
16:06:24.0453 2944 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
16:06:24.0453 2944 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
16:06:24.0484 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:06:24.0765 2944 \Device\Harddisk0\DR0 - ok
16:06:24.0781 2944 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR3
16:06:30.0015 2944 \Device\Harddisk1\DR3 - ok
16:06:30.0046 2944 Boot (0x1200) (362be12cb64b360f4f1439c0c3c7ef07) \Device\Harddisk0\DR0\Partition0
16:06:30.0046 2944 \Device\Harddisk0\DR0\Partition0 - ok
16:06:30.0078 2944 Boot (0x1200) (f8b064c88f3cb5f9b98693124aa174bc) \Device\Harddisk1\DR3\Partition0
16:06:30.0078 2944 \Device\Harddisk1\DR3\Partition0 - ok
16:06:30.0078 2944 ============================================================
16:06:30.0078 2944 Scan finished
16:06:30.0078 2944 ============================================================
16:06:30.0109 2936 Detected object count: 0
16:06:30.0109 2936 Actual detected object count: 0
16:06:55.0296 2884 Deinitialize success

#15 mhenyon

mhenyon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 14 May 2012 - 03:08 PM

Machine seems okay, but Malwarebytes still fails install at the end of it's installation process with the popup box titled "setup" and says, "access denied" with okay button.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users