View Full Version : svchost.exe is taking up most cpu; random windows sounds play
Leepo136
2012-04-05, 19:01
I ran MBAM and DDS thus far. MBAM found nothing. Below and attached is the DDS logs.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Lee at 11:56:09 on 2012-04-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.705 [GMT -7:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Tegrity\Recorder\TegSrv.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Tegrity\Recorder\TegrityTray.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lee\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\lee\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Tegrity Recorder] c:\program files\tegrity\recorder\TegrityTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\lee\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\lee\application data\dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB} - hxxp://tegrity2.wku.edu/tegrity/_instructor/RecInstaller.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 205.152.150.23 205.152.132.23
TCP: Interfaces\{7BAE8CF8-D574-4116-B62F-FC564F0F4C03} : DhcpNameServer = 205.152.150.23 205.152.132.23
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2010-8-29 540776]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2010-8-29 493144]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-8-29 352856]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2010-8-29 248416]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-8-29 144960]
R2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-8-29 643664]
R2 TegSrv;TegSrv;c:\program files\tegrity\recorder\TegSrv.exe [2011-12-14 157536]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-5-21 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-5-20 539184]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-8-29 71496]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-8-29 34184]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-8-29 170408]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2010-8-29 37480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2010-8-29 32008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-05 18:00:49 -------- d-----w- c:\documents and settings\lee\application data\Malwarebytes
2012-04-05 18:00:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-05 18:00:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 18:00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-02 16:46:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-02 16:46:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1237GSX rev.DL140D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89C9349F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89c9a740]; MOV EAX, [0x89c9a8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DCD030]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89D60030]
\Driver\atapi[0x89DD02B0] -> IRP_MJ_CREATE -> 0x89C9349F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89C932C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:58:20.62 ===============
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
First we need to make all files and folders VISIBLE:
Go to Start>Control Panel>Folder Options>View
Choose to "Show hidden files and folders,"
Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
Close the window with OK
----------
Please download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)
Double-click to run TDSSKiller.exe
Press Change Parameters
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click on the Start Scan button
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Copy and paste the log in your next reply
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
----------
Leepo136
2012-04-06, 19:06
Ran it, found one malicious item, cured it, and restarted. It seems to be working good thus far. There isn't an svchost process that's eating up my cpu usage now.
12:00:28.0281 1732 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:00:30.0296 1732 ============================================================
12:00:30.0296 1732 Current date / time: 2012/04/06 12:00:30.0296
12:00:30.0296 1732 SystemInfo:
12:00:30.0296 1732
12:00:30.0296 1732 OS Version: 5.1.2600 ServicePack: 3.0
12:00:30.0296 1732 Product type: Workstation
12:00:30.0296 1732 ComputerName: FREDRICK
12:00:30.0296 1732 UserName: Lee
12:00:30.0296 1732 Windows directory: C:\WINDOWS
12:00:30.0296 1732 System windows directory: C:\WINDOWS
12:00:30.0296 1732 Processor architecture: Intel x86
12:00:30.0296 1732 Number of processors: 2
12:00:30.0296 1732 Page size: 0x1000
12:00:30.0296 1732 Boot type: Normal boot
12:00:30.0296 1732 ============================================================
12:00:35.0031 1732 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:00:35.0031 1732 \Device\Harddisk0\DR0:
12:00:35.0031 1732 MBR used
12:00:35.0031 1732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0xDF7807A
12:00:35.0078 1732 Initialize success
12:00:35.0078 1732 ============================================================
12:01:29.0515 6020 ============================================================
12:01:29.0515 6020 Scan started
12:01:29.0515 6020 Mode: Manual; SigCheck; TDLFS;
12:01:29.0515 6020 ============================================================
12:01:31.0125 6020 Abiosdsk - ok
12:01:31.0140 6020 abp480n5 - ok
12:01:31.0187 6020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:01:33.0703 6020 ACPI - ok
12:01:33.0796 6020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:01:33.0968 6020 ACPIEC - ok
12:01:34.0062 6020 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:34.0109 6020 AdobeFlashPlayerUpdateSvc - ok
12:01:34.0171 6020 adpu160m - ok
12:01:34.0281 6020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:01:34.0437 6020 aec - ok
12:01:34.0562 6020 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:01:34.0609 6020 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:01:34.0609 6020 AegisP - detected UnsignedFile.Multi.Generic (1)
12:01:34.0671 6020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:01:34.0781 6020 AFD - ok
12:01:34.0890 6020 Aha154x - ok
12:01:34.0906 6020 aic78u2 - ok
12:01:34.0921 6020 aic78xx - ok
12:01:34.0984 6020 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:01:35.0140 6020 Alerter - ok
12:01:35.0187 6020 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:01:35.0312 6020 ALG - ok
12:01:35.0468 6020 AliIde - ok
12:01:35.0484 6020 amsint - ok
12:01:35.0562 6020 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:01:35.0671 6020 ApfiltrService - ok
12:01:35.0687 6020 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:01:35.0734 6020 APPDRV ( UnsignedFile.Multi.Generic ) - warning
12:01:35.0734 6020 APPDRV - detected UnsignedFile.Multi.Generic (1)
12:01:35.0828 6020 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:01:35.0953 6020 AppMgmt - ok
12:01:36.0000 6020 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:01:36.0140 6020 Arp1394 - ok
12:01:36.0203 6020 asc - ok
12:01:36.0218 6020 asc3350p - ok
12:01:36.0234 6020 asc3550 - ok
12:01:36.0359 6020 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:01:36.0390 6020 aspnet_state - ok
12:01:36.0468 6020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:01:36.0593 6020 AsyncMac - ok
12:01:36.0625 6020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:01:36.0750 6020 atapi - ok
12:01:36.0796 6020 Atdisk - ok
12:01:36.0843 6020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:01:36.0968 6020 Atmarpc - ok
12:01:37.0015 6020 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:01:37.0140 6020 AudioSrv - ok
12:01:37.0187 6020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:01:37.0312 6020 audstub - ok
12:01:37.0390 6020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:01:37.0531 6020 Beep - ok
12:01:37.0609 6020 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:01:37.0750 6020 BITS - ok
12:01:37.0796 6020 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:01:37.0906 6020 Browser - ok
12:01:38.0000 6020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:01:38.0109 6020 cbidf2k - ok
12:01:38.0125 6020 cd20xrnt - ok
12:01:38.0171 6020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:01:38.0312 6020 Cdaudio - ok
12:01:38.0468 6020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:01:38.0609 6020 Cdfs - ok
12:01:38.0671 6020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:01:38.0796 6020 Cdrom - ok
12:01:38.0859 6020 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
12:01:38.0937 6020 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
12:01:38.0937 6020 cercsr6 - detected UnsignedFile.Multi.Generic (1)
12:01:38.0984 6020 Changer - ok
12:01:39.0078 6020 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:01:39.0187 6020 CiSvc - ok
12:01:39.0234 6020 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:01:39.0343 6020 ClipSrv - ok
12:01:39.0421 6020 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:39.0453 6020 clr_optimization_v4.0.30319_32 - ok
12:01:39.0500 6020 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:01:39.0625 6020 CmBatt - ok
12:01:39.0703 6020 CmdIde - ok
12:01:39.0734 6020 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:01:39.0843 6020 Compbatt - ok
12:01:39.0859 6020 COMSysApp - ok
12:01:39.0890 6020 Cpqarray - ok
12:01:39.0953 6020 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:01:40.0062 6020 CryptSvc - ok
12:01:40.0109 6020 dac2w2k - ok
12:01:40.0265 6020 dac960nt - ok
12:01:40.0328 6020 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:01:40.0453 6020 DcomLaunch - ok
12:01:40.0531 6020 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:01:40.0671 6020 Dhcp - ok
12:01:40.0734 6020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:01:40.0859 6020 Disk - ok
12:01:41.0031 6020 dmadmin - ok
12:01:41.0234 6020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:01:41.0406 6020 dmboot - ok
12:01:41.0546 6020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:01:41.0718 6020 dmio - ok
12:01:41.0765 6020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:01:41.0890 6020 dmload - ok
12:01:41.0953 6020 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:01:42.0093 6020 dmserver - ok
12:01:42.0171 6020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:01:42.0328 6020 DMusic - ok
12:01:42.0390 6020 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:01:42.0515 6020 Dnscache - ok
12:01:42.0609 6020 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:01:42.0750 6020 Dot3svc - ok
12:01:42.0781 6020 dpti2o - ok
12:01:42.0906 6020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:01:43.0015 6020 drmkaud - ok
12:01:43.0046 6020 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:01:43.0171 6020 EapHost - ok
12:01:43.0312 6020 Emproxy (db415bb143cd8ae0bcd62e3448667c43) C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
12:01:43.0343 6020 Emproxy - ok
12:01:43.0437 6020 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:01:43.0593 6020 ERSvc - ok
12:01:43.0656 6020 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:01:43.0703 6020 Eventlog - ok
12:01:43.0812 6020 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:01:43.0875 6020 EventSystem - ok
12:01:43.0953 6020 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:01:44.0046 6020 EvtEng ( UnsignedFile.Multi.Generic ) - warning
12:01:44.0046 6020 EvtEng - detected UnsignedFile.Multi.Generic (1)
12:01:44.0140 6020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:01:44.0281 6020 Fastfat - ok
12:01:44.0359 6020 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:01:44.0500 6020 FastUserSwitchingCompatibility - ok
12:01:44.0625 6020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:01:44.0750 6020 Fdc - ok
12:01:44.0781 6020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:01:44.0890 6020 Fips - ok
12:01:44.0921 6020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:01:45.0046 6020 Flpydisk - ok
12:01:45.0078 6020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:01:45.0203 6020 FltMgr - ok
12:01:45.0312 6020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:01:45.0453 6020 Fs_Rec - ok
12:01:45.0468 6020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:01:45.0609 6020 Ftdisk - ok
12:01:45.0656 6020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:01:45.0781 6020 Gpc - ok
12:01:45.0875 6020 hcmon (fef4c8cb7412c644c36074cd7596df2a) C:\WINDOWS\system32\drivers\hcmon.sys
12:01:45.0921 6020 hcmon - ok
12:01:45.0968 6020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:01:46.0093 6020 HDAudBus - ok
12:01:46.0140 6020 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:01:46.0265 6020 helpsvc - ok
12:01:46.0609 6020 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:01:46.0734 6020 HidServ - ok
12:01:46.0843 6020 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:01:46.0968 6020 hidusb - ok
12:01:47.0031 6020 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:01:47.0156 6020 hkmsvc - ok
12:01:47.0265 6020 hpn - ok
12:01:47.0328 6020 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:01:47.0406 6020 HSFHWAZL - ok
12:01:47.0468 6020 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:01:47.0562 6020 HSF_DPV - ok
12:01:47.0750 6020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:01:47.0828 6020 HTTP - ok
12:01:47.0875 6020 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:01:48.0000 6020 HTTPFilter - ok
12:01:48.0031 6020 i2omgmt - ok
12:01:48.0109 6020 i2omp - ok
12:01:48.0187 6020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:01:48.0312 6020 i8042prt - ok
12:01:48.0406 6020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:01:48.0562 6020 Imapi - ok
12:01:48.0625 6020 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:01:48.0750 6020 ImapiService - ok
12:01:48.0796 6020 ini910u - ok
12:01:48.0828 6020 IntelIde - ok
12:01:48.0875 6020 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:01:49.0000 6020 intelppm - ok
12:01:49.0062 6020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:01:49.0218 6020 Ip6Fw - ok
12:01:49.0281 6020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:01:49.0406 6020 IpFilterDriver - ok
12:01:49.0453 6020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:01:49.0578 6020 IpInIp - ok
12:01:49.0625 6020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:01:49.0750 6020 IpNat - ok
12:01:49.0812 6020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:01:49.0937 6020 IPSec - ok
12:01:49.0968 6020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:01:50.0093 6020 IRENUM - ok
12:01:50.0234 6020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:01:50.0359 6020 isapnp - ok
12:01:50.0437 6020 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
12:01:50.0484 6020 JavaQuickStarterService - ok
12:01:50.0515 6020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:01:50.0656 6020 Kbdclass - ok
12:01:50.0765 6020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:01:50.0921 6020 kmixer - ok
12:01:50.0968 6020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:01:51.0078 6020 KSecDD - ok
12:01:51.0187 6020 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:01:51.0218 6020 lanmanserver - ok
12:01:51.0312 6020 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:01:51.0390 6020 lanmanworkstation - ok
12:01:51.0437 6020 lbrtfdc - ok
12:01:51.0531 6020 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:01:51.0656 6020 LmHosts - ok
12:01:51.0750 6020 McAfee HackerWatch Service (359b5c5cab0ca31061506e51ccbaf4b1) C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
12:01:51.0765 6020 McAfee HackerWatch Service - ok
12:01:51.0843 6020 mcmispupdmgr (993582ec1cf765206cf9d4d5ca22589f) C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
12:01:51.0890 6020 mcmispupdmgr - ok
12:01:51.0921 6020 mcmscsvc (bb8a45e65be310996a201f8a75646a8d) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
12:01:51.0953 6020 mcmscsvc - ok
12:01:52.0078 6020 McNASvc (4c5b97b76c13d9154aa91d0c754e79e3) c:\program files\common files\mcafee\mna\mcnasvc.exe
12:01:52.0171 6020 McNASvc - ok
12:01:52.0453 6020 McODS (d984faf698966aa360c1702ef623c3f9) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
12:01:52.0515 6020 McODS - ok
12:01:52.0562 6020 mcpromgr (14313ff5203df7cb53e8d2f18f59d4d2) C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
12:01:52.0609 6020 mcpromgr - ok
12:01:52.0671 6020 McProxy (76e4b69de7a2d725877d0cbf23d52f2b) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
12:01:52.0687 6020 McProxy - ok
12:01:52.0796 6020 McRedirector (825040724ca09837719022d7181c555c) c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
12:01:52.0812 6020 McRedirector - ok
12:01:52.0859 6020 McShield (b74cebef7f2126f68cdc060c855e5aab) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
12:01:52.0875 6020 McShield - ok
12:01:52.0937 6020 McSysmon (9770a8706bba3c4cbea998d2a6bf2d08) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
12:01:52.0968 6020 McSysmon - ok
12:01:53.0062 6020 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:01:53.0125 6020 mdmxsdk - ok
12:01:53.0171 6020 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:01:53.0359 6020 Messenger - ok
12:01:53.0437 6020 mfeavfk (f5250976c1334c1e4feceddcdf02353e) C:\WINDOWS\system32\drivers\mfeavfk.sys
12:01:53.0437 6020 mfeavfk - ok
12:01:53.0453 6020 mfebopk (787702627cc0770f45206f4034390580) C:\WINDOWS\system32\drivers\mfebopk.sys
12:01:53.0468 6020 mfebopk - ok
12:01:53.0500 6020 mfehidk (241c09c7d8c589ea1d72a36e6578e42c) C:\WINDOWS\system32\drivers\mfehidk.sys
12:01:53.0515 6020 mfehidk - ok
12:01:53.0593 6020 mferkdk (a321c17fadad2665c455c6d39e465fe0) C:\WINDOWS\system32\drivers\mferkdk.sys
12:01:53.0625 6020 mferkdk - ok
12:01:53.0687 6020 mfesmfk (1fbdd2eb37ce910d6cee60140c400b6a) C:\WINDOWS\system32\drivers\mfesmfk.sys
12:01:53.0781 6020 mfesmfk - ok
12:01:53.0812 6020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:01:53.0921 6020 mnmdd - ok
12:01:53.0984 6020 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:01:54.0187 6020 mnmsrvc - ok
12:01:54.0281 6020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:01:54.0406 6020 Modem - ok
12:01:54.0453 6020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:01:54.0562 6020 Mouclass - ok
12:01:54.0625 6020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:01:54.0750 6020 mouhid - ok
12:01:54.0812 6020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:01:54.0953 6020 MountMgr - ok
12:01:55.0031 6020 MPFP (8c5842de130c8920050ea80dbe8f746b) C:\WINDOWS\system32\Drivers\Mpfp.sys
12:01:55.0046 6020 MPFP - ok
12:01:55.0125 6020 MpfService (0928b5dbbf198340d5ff7eda01922791) C:\Program Files\McAfee\MPF\MPFSrv.exe
12:01:55.0156 6020 MpfService - ok
12:01:55.0234 6020 MPS9 (12b87c8f9614c26c58488be8610a9b67) C:\PROGRA~1\McAfee\MPS\mps.exe
12:01:55.0296 6020 MPS9 - ok
12:01:55.0375 6020 mraid35x - ok
12:01:55.0453 6020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:01:55.0578 6020 MRxDAV - ok
12:01:55.0640 6020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:01:55.0718 6020 MRxSmb - ok
12:01:55.0796 6020 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:01:56.0000 6020 MSDTC - ok
12:01:56.0062 6020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:01:56.0171 6020 Msfs - ok
12:01:56.0187 6020 MSIServer - ok
12:01:56.0281 6020 MSK80Service (10be560bb16f1a926246c7eab94a47ff) C:\Program Files\McAfee\MSK\MskSrver.exe
12:01:56.0296 6020 MSK80Service - ok
12:01:56.0375 6020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:01:56.0484 6020 MSKSSRV - ok
12:01:56.0546 6020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:01:56.0671 6020 MSPCLOCK - ok
12:01:56.0703 6020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:01:56.0828 6020 MSPQM - ok
12:01:56.0875 6020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:01:56.0984 6020 mssmbios - ok
12:01:57.0062 6020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:01:57.0093 6020 Mup - ok
12:01:57.0140 6020 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:01:57.0281 6020 napagent - ok
12:01:57.0390 6020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:01:57.0515 6020 NDIS - ok
12:01:57.0578 6020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:01:57.0640 6020 NdisTapi - ok
12:01:57.0734 6020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:01:57.0859 6020 Ndisuio - ok
12:01:57.0906 6020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:01:58.0031 6020 NdisWan - ok
12:01:58.0078 6020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:01:58.0140 6020 NDProxy - ok
12:01:58.0234 6020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:01:58.0359 6020 NetBIOS - ok
12:01:58.0437 6020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:01:58.0593 6020 NetBT - ok
12:01:58.0656 6020 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:01:58.0828 6020 NetDDE - ok
12:01:58.0828 6020 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:01:58.0937 6020 NetDDEdsdm - ok
12:01:58.0984 6020 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:01:59.0109 6020 Netlogon - ok
12:01:59.0125 6020 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:01:59.0250 6020 Netman - ok
12:01:59.0375 6020 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:01:59.0406 6020 NetTcpPortSharing - ok
12:01:59.0578 6020 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
12:01:59.0796 6020 NETw4x32 - ok
12:01:59.0921 6020 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:02:00.0046 6020 NIC1394 - ok
12:02:00.0265 6020 NICCONFIGSVC (173c750946a08c776daa6bded59a1db5) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
12:02:00.0328 6020 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
12:02:00.0328 6020 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
12:02:00.0421 6020 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:02:00.0500 6020 Nla - ok
12:02:00.0562 6020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:02:00.0671 6020 Npfs - ok
12:02:00.0718 6020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:02:00.0859 6020 Ntfs - ok
12:02:00.0937 6020 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:01.0046 6020 NtLmSsp - ok
12:02:01.0093 6020 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:02:01.0250 6020 NtmsSvc - ok
12:02:01.0359 6020 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:02:01.0375 6020 NuidFltr - ok
12:02:01.0531 6020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:02:01.0656 6020 Null - ok
12:02:01.0718 6020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:02:01.0875 6020 NwlnkFlt - ok
12:02:02.0015 6020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:02:02.0156 6020 NwlnkFwd - ok
12:02:02.0328 6020 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:02:02.0390 6020 odserv - ok
12:02:02.0484 6020 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:02:02.0703 6020 ohci1394 - ok
12:02:02.0781 6020 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:02.0812 6020 ose - ok
12:02:02.0921 6020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:02:03.0078 6020 Parport - ok
12:02:03.0156 6020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:02:03.0281 6020 PartMgr - ok
12:02:03.0406 6020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:02:03.0531 6020 ParVdm - ok
12:02:03.0562 6020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:02:03.0687 6020 PCI - ok
12:02:03.0781 6020 PCIDump - ok
12:02:03.0921 6020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:02:04.0046 6020 PCIIde - ok
12:02:04.0093 6020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:02:04.0203 6020 Pcmcia - ok
12:02:04.0265 6020 PDCOMP - ok
12:02:04.0265 6020 PDFRAME - ok
12:02:04.0296 6020 PDRELI - ok
12:02:04.0312 6020 PDRFRAME - ok
12:02:04.0343 6020 perc2 - ok
12:02:04.0375 6020 perc2hib - ok
12:02:04.0468 6020 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:02:04.0531 6020 PlugPlay - ok
12:02:04.0609 6020 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:04.0703 6020 PolicyAgent - ok
12:02:04.0765 6020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:02:04.0890 6020 PptpMiniport - ok
12:02:04.0937 6020 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:05.0031 6020 ProtectedStorage - ok
12:02:05.0078 6020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:02:05.0203 6020 PSched - ok
12:02:05.0453 6020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:02:05.0578 6020 Ptilink - ok
12:02:05.0656 6020 ql1080 - ok
12:02:05.0687 6020 Ql10wnt - ok
12:02:05.0703 6020 ql12160 - ok
12:02:05.0734 6020 ql1240 - ok
12:02:05.0750 6020 ql1280 - ok
12:02:05.0781 6020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:02:05.0906 6020 RasAcd - ok
12:02:05.0953 6020 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:02:06.0093 6020 RasAuto - ok
12:02:06.0250 6020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:02:06.0375 6020 Rasl2tp - ok
12:02:06.0484 6020 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:02:06.0609 6020 RasMan - ok
12:02:06.0640 6020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:02:06.0765 6020 RasPppoe - ok
12:02:06.0828 6020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:02:06.0968 6020 Raspti - ok
12:02:07.0109 6020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:02:07.0234 6020 Rdbss - ok
12:02:07.0343 6020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:02:07.0468 6020 RDPCDD - ok
12:02:07.0531 6020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:02:07.0656 6020 rdpdr - ok
12:02:07.0718 6020 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:02:07.0781 6020 RDPWD - ok
12:02:07.0859 6020 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:02:07.0968 6020 RDSessMgr - ok
12:02:08.0015 6020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:02:08.0140 6020 redbook - ok
12:02:08.0203 6020 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:02:08.0281 6020 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
12:02:08.0281 6020 RegSrvc - detected UnsignedFile.Multi.Generic (1)
12:02:08.0421 6020 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:02:08.0578 6020 RemoteAccess - ok
12:02:08.0640 6020 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:02:08.0765 6020 RemoteRegistry - ok
12:02:08.0828 6020 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:02:08.0968 6020 RpcLocator - ok
12:02:09.0046 6020 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:02:09.0109 6020 RpcSs - ok
12:02:09.0156 6020 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:02:09.0281 6020 RSVP - ok
12:02:09.0406 6020 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:02:09.0531 6020 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
12:02:09.0531 6020 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
12:02:09.0765 6020 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:02:09.0796 6020 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:02:09.0796 6020 s24trans - detected UnsignedFile.Multi.Generic (1)
12:02:09.0843 6020 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:02:09.0953 6020 SamSs - ok
12:02:09.0984 6020 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:02:10.0109 6020 SCardSvr - ok
12:02:10.0187 6020 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:02:10.0312 6020 Schedule - ok
12:02:10.0390 6020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:02:10.0515 6020 Secdrv - ok
12:02:10.0562 6020 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:02:10.0687 6020 seclogon - ok
12:02:10.0796 6020 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:02:10.0921 6020 SENS - ok
12:02:10.0968 6020 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:02:11.0093 6020 serenum - ok
12:02:11.0125 6020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:02:11.0250 6020 Serial - ok
12:02:11.0390 6020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:02:11.0515 6020 Sfloppy - ok
12:02:11.0578 6020 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:02:11.0734 6020 SharedAccess - ok
12:02:11.0781 6020 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:11.0812 6020 ShellHWDetection - ok
12:02:11.0875 6020 Simbad - ok
12:02:11.0921 6020 Sparrow - ok
12:02:11.0953 6020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:02:12.0078 6020 splitter - ok
12:02:12.0109 6020 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:02:12.0171 6020 Spooler - ok
12:02:12.0203 6020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:02:12.0359 6020 sr - ok
12:02:12.0453 6020 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:02:12.0593 6020 srservice - ok
12:02:12.0656 6020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:02:12.0750 6020 Srv - ok
12:02:12.0843 6020 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:02:12.0968 6020 SSDPSRV - ok
12:02:13.0109 6020 STacSV (686fa4acfdcb4e16b7f0230b88f6d17e) C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
12:02:13.0156 6020 STacSV ( UnsignedFile.Multi.Generic ) - warning
12:02:13.0156 6020 STacSV - detected UnsignedFile.Multi.Generic (1)
12:02:13.0328 6020 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
12:02:13.0468 6020 STHDA - ok
12:02:13.0671 6020 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:02:13.0828 6020 stisvc - ok
12:02:13.0921 6020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:14.0046 6020 swenum - ok
12:02:14.0109 6020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:02:14.0234 6020 swmidi - ok
12:02:14.0250 6020 SwPrv - ok
12:02:14.0281 6020 symc810 - ok
12:02:14.0312 6020 symc8xx - ok
12:02:14.0328 6020 sym_hi - ok
12:02:14.0359 6020 sym_u3 - ok
12:02:14.0421 6020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:02:14.0546 6020 sysaudio - ok
12:02:14.0625 6020 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:02:14.0765 6020 SysmonLog - ok
12:02:14.0828 6020 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:02:14.0953 6020 TapiSrv - ok
12:02:15.0015 6020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:02:15.0093 6020 Tcpip - ok
12:02:15.0156 6020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:02:15.0296 6020 TDPIPE - ok
12:02:15.0375 6020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:02:15.0484 6020 TDTCP - ok
12:02:15.0546 6020 TegSrv (5814663e16486858b4e2b7bd984cf92c) C:\Program Files\Tegrity\Recorder\TegSrv.exe
12:02:15.0562 6020 TegSrv - ok
12:02:15.0640 6020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:02:15.0781 6020 TermDD - ok
12:02:15.0843 6020 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:02:15.0968 6020 TermService - ok
12:02:16.0046 6020 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:16.0062 6020 Themes - ok
12:02:16.0093 6020 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:02:16.0234 6020 TlntSvr - ok
12:02:16.0265 6020 TosIde - ok
12:02:16.0328 6020 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:02:16.0468 6020 TrkWks - ok
12:02:16.0562 6020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:02:16.0687 6020 Udfs - ok
12:02:16.0750 6020 ufad-ws60 (27fedeaf9d646b9d001a5e27a18bd437) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
12:02:16.0796 6020 ufad-ws60 - ok
12:02:16.0843 6020 ultra - ok
12:02:16.0921 6020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:02:17.0062 6020 Update - ok
12:02:17.0093 6020 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:02:17.0234 6020 upnphost - ok
12:02:17.0281 6020 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:02:17.0406 6020 UPS - ok
12:02:17.0484 6020 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:02:17.0546 6020 USBCCID - ok
12:02:17.0593 6020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:02:17.0718 6020 usbehci - ok
12:02:17.0765 6020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:02:17.0890 6020 usbhub - ok
12:02:17.0953 6020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:02:18.0078 6020 USBSTOR - ok
12:02:18.0109 6020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:02:18.0218 6020 usbuhci - ok
12:02:18.0234 6020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:02:18.0343 6020 VgaSave - ok
12:02:18.0359 6020 ViaIde - ok
12:02:18.0421 6020 VMAuthdService (4d45f1f1637e53455e407dfcb4e0d459) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
12:02:18.0437 6020 VMAuthdService - ok
12:02:18.0500 6020 vmci (a032c61cf37f5ec1e254348686a1b9f7) C:\WINDOWS\system32\Drivers\vmci.sys
12:02:18.0531 6020 vmci - ok
12:02:18.0609 6020 vmkbd (0ff56144a95abe14c87a20bcc63d6ae1) C:\WINDOWS\system32\drivers\VMkbd.sys
12:02:18.0625 6020 vmkbd - ok
12:02:18.0656 6020 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
12:02:18.0687 6020 VMnetAdapter - ok
12:02:18.0718 6020 VMnetBridge (e44ecd0d2caa7ac3d7cb9d06e78963a0) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
12:02:18.0734 6020 VMnetBridge - ok
12:02:18.0796 6020 VMnetDHCP (3231287f43eac069dd5a635250820eb6) C:\WINDOWS\system32\vmnetdhcp.exe
12:02:18.0812 6020 VMnetDHCP - ok
12:02:18.0875 6020 VMnetuserif (b26da84d8d5c654b107972397a89fb46) C:\WINDOWS\system32\drivers\vmnetuserif.sys
12:02:18.0906 6020 VMnetuserif - ok
12:02:18.0953 6020 VMUSBArbService (26bd025b6d74d1c345d13ff9c509e893) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
12:02:18.0984 6020 VMUSBArbService - ok
12:02:19.0046 6020 VMware NAT Service (96dd61e7e665c35d2d22c2ff280e71d9) C:\WINDOWS\system32\vmnat.exe
12:02:19.0078 6020 VMware NAT Service - ok
12:02:19.0187 6020 vmx86 (97c1f1803e208d5e95a60e789a7e070a) C:\WINDOWS\system32\Drivers\vmx86.sys
12:02:19.0250 6020 vmx86 - ok
12:02:19.0296 6020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:02:19.0437 6020 VolSnap - ok
12:02:19.0500 6020 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:02:19.0640 6020 VSS - ok
12:02:19.0703 6020 vstor2-ws60 (c40598b7708c6af55a629a4d349e33bb) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
12:02:19.0734 6020 vstor2-ws60 - ok
12:02:19.0796 6020 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:02:19.0921 6020 W32Time - ok
12:02:19.0984 6020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:02:20.0109 6020 Wanarp - ok
12:02:20.0171 6020 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:02:20.0218 6020 Wdf01000 - ok
12:02:20.0250 6020 WDICA - ok
12:02:20.0296 6020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:02:20.0406 6020 wdmaud - ok
12:02:20.0468 6020 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:02:20.0593 6020 WebClient - ok
12:02:20.0687 6020 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:02:20.0781 6020 winachsf - ok
12:02:20.0859 6020 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\WINDOWS\system32\drivers\windrvr6.sys
12:02:21.0015 6020 WinDriver6 - ok
12:02:21.0078 6020 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:02:21.0187 6020 winmgmt - ok
12:02:21.0281 6020 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
12:02:21.0359 6020 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
12:02:21.0359 6020 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
12:02:21.0421 6020 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:02:21.0468 6020 WmdmPmSN - ok
12:02:21.0531 6020 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:02:21.0609 6020 Wmi - ok
12:02:21.0656 6020 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:02:21.0765 6020 WmiAcpi - ok
12:02:21.0875 6020 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:02:22.0000 6020 WmiApSrv - ok
12:02:22.0140 6020 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:02:22.0203 6020 WPFFontCache_v0400 - ok
12:02:22.0296 6020 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:02:22.0421 6020 WS2IFSL - ok
12:02:22.0484 6020 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:02:22.0609 6020 wscsvc - ok
12:02:22.0625 6020 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:02:22.0750 6020 wuauserv - ok
12:02:22.0843 6020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:02:22.0906 6020 WudfPf - ok
12:02:22.0921 6020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:02:22.0968 6020 WudfRd - ok
12:02:23.0000 6020 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:02:23.0046 6020 WudfSvc - ok
12:02:23.0125 6020 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:02:23.0281 6020 WZCSVC - ok
12:02:23.0328 6020 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:02:23.0484 6020 xmlprov - ok
12:02:23.0546 6020 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
12:02:23.0578 6020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:02:23.0578 6020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:02:23.0593 6020 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:02:23.0593 6020 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:02:23.0640 6020 Boot (0x1200) (d89fd2108ab8280d4b39385d3566f0a7) \Device\Harddisk0\DR0\Partition0
12:02:23.0640 6020 \Device\Harddisk0\DR0\Partition0 - ok
12:02:23.0640 6020 ============================================================
12:02:23.0640 6020 Scan finished
12:02:23.0640 6020 ============================================================
12:02:23.0781 0668 Detected object count: 12
12:02:23.0781 0668 Actual detected object count: 12
12:02:59.0281 0668 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0281 0668 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0296 0668 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0296 0668 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0296 0668 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0296 0668 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0296 0668 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0296 0668 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0296 0668 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0296 0668 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0312 0668 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0312 0668 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0312 0668 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0312 0668 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0312 0668 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0312 0668 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0312 0668 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0312 0668 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0328 0668 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:59.0328 0668 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:59.0875 0668 \Device\Harddisk0\DR0\# - copied to quarantine
12:02:59.0875 0668 \Device\Harddisk0\DR0 - copied to quarantine
12:02:59.0953 0668 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:02:59.0968 0668 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:02:59.0984 0668 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:03:00.0000 0668 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:03:00.0015 0668 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:03:00.0046 0668 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:03:00.0062 0668 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:03:00.0078 0668 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:03:00.0078 0668 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:03:00.0125 0668 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:03:00.0171 0668 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:03:00.0187 0668 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:03:00.0234 0668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:03:00.0234 0668 \Device\Harddisk0\DR0 - ok
12:03:00.0312 0668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:03:00.0328 0668 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:03:00.0328 0668 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:03:02.0750 5512 Deinitialize success
Hi,
Run TDSSKiller again and when you get to this entry >> \Device\Harddisk0\DR0 ( TDSS File System ) ... Remove it.
-------
Please read through these instructions to familarize yourself with what to expect when this tool runs
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------
In your next reply please post the logs made by TDSSKiller and ComboFix. :)
Leepo136
2012-04-07, 02:21
Ok. I ran TDSSKiller again, and tht log is below. However, I CANNOT disable McAfee Security Center, which means I can't run Combofix. It does not give me the options shown, and clicking "Fix" returns no updates for the program (updating would give me the options I need). So, should I run Combofix in Safe Mode, or do you have a way to disable McAfee? Attached is a screenshot of my McAfee window. Notice that I do not have a "Configure" button in the right box when PC and Files is highlighted. The configure button shown is not the correct one.
18:56:44.0750 4132 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:56:46.0250 4132 ============================================================
18:56:46.0250 4132 Current date / time: 2012/04/06 18:56:46.0250
18:56:46.0250 4132 SystemInfo:
18:56:46.0250 4132
18:56:46.0250 4132 OS Version: 5.1.2600 ServicePack: 3.0
18:56:46.0250 4132 Product type: Workstation
18:56:46.0250 4132 ComputerName: FREDRICK
18:56:46.0250 4132 UserName: Lee
18:56:46.0250 4132 Windows directory: C:\WINDOWS
18:56:46.0250 4132 System windows directory: C:\WINDOWS
18:56:46.0250 4132 Processor architecture: Intel x86
18:56:46.0250 4132 Number of processors: 2
18:56:46.0250 4132 Page size: 0x1000
18:56:46.0250 4132 Boot type: Normal boot
18:56:46.0250 4132 ============================================================
18:56:47.0953 4132 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:56:47.0953 4132 \Device\Harddisk0\DR0:
18:56:47.0953 4132 MBR used
18:56:47.0953 4132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0xDF7807A
18:56:48.0265 4132 Initialize success
18:56:48.0265 4132 ============================================================
18:57:03.0718 4708 ============================================================
18:57:03.0718 4708 Scan started
18:57:03.0718 4708 Mode: Manual; SigCheck; TDLFS;
18:57:03.0718 4708 ============================================================
18:57:04.0468 4708 Abiosdsk - ok
18:57:04.0500 4708 abp480n5 - ok
18:57:04.0546 4708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:57:06.0234 4708 ACPI - ok
18:57:06.0312 4708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:57:06.0453 4708 ACPIEC - ok
18:57:06.0515 4708 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:57:06.0546 4708 AdobeFlashPlayerUpdateSvc - ok
18:57:06.0562 4708 adpu160m - ok
18:57:06.0609 4708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:57:06.0734 4708 aec - ok
18:57:06.0796 4708 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:57:06.0828 4708 AegisP ( UnsignedFile.Multi.Generic ) - warning
18:57:06.0828 4708 AegisP - detected UnsignedFile.Multi.Generic (1)
18:57:06.0859 4708 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:57:06.0937 4708 AFD - ok
18:57:07.0000 4708 Aha154x - ok
18:57:07.0015 4708 aic78u2 - ok
18:57:07.0031 4708 aic78xx - ok
18:57:07.0078 4708 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:57:07.0203 4708 Alerter - ok
18:57:07.0218 4708 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:57:07.0343 4708 ALG - ok
18:57:07.0359 4708 AliIde - ok
18:57:07.0375 4708 amsint - ok
18:57:07.0406 4708 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:57:07.0500 4708 ApfiltrService - ok
18:57:07.0562 4708 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:57:07.0593 4708 APPDRV ( UnsignedFile.Multi.Generic ) - warning
18:57:07.0593 4708 APPDRV - detected UnsignedFile.Multi.Generic (1)
18:57:07.0625 4708 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:57:07.0750 4708 AppMgmt - ok
18:57:07.0781 4708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:57:07.0875 4708 Arp1394 - ok
18:57:07.0937 4708 asc - ok
18:57:07.0953 4708 asc3350p - ok
18:57:07.0968 4708 asc3550 - ok
18:57:08.0062 4708 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:57:08.0093 4708 aspnet_state - ok
18:57:08.0109 4708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:57:08.0218 4708 AsyncMac - ok
18:57:08.0250 4708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:57:08.0359 4708 atapi - ok
18:57:08.0406 4708 Atdisk - ok
18:57:08.0437 4708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:57:08.0546 4708 Atmarpc - ok
18:57:08.0578 4708 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:57:08.0687 4708 AudioSrv - ok
18:57:08.0718 4708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:57:08.0812 4708 audstub - ok
18:57:08.0875 4708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:57:08.0984 4708 Beep - ok
18:57:09.0046 4708 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:57:09.0187 4708 BITS - ok
18:57:09.0218 4708 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:57:09.0328 4708 Browser - ok
18:57:09.0375 4708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:57:09.0484 4708 cbidf2k - ok
18:57:09.0531 4708 cd20xrnt - ok
18:57:09.0562 4708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:57:09.0687 4708 Cdaudio - ok
18:57:09.0718 4708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:57:09.0828 4708 Cdfs - ok
18:57:09.0843 4708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:57:09.0953 4708 Cdrom - ok
18:57:10.0015 4708 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:57:10.0046 4708 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
18:57:10.0046 4708 cercsr6 - detected UnsignedFile.Multi.Generic (1)
18:57:10.0078 4708 Changer - ok
18:57:10.0125 4708 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:57:10.0234 4708 CiSvc - ok
18:57:10.0250 4708 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:57:10.0359 4708 ClipSrv - ok
18:57:10.0421 4708 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:10.0453 4708 clr_optimization_v4.0.30319_32 - ok
18:57:10.0515 4708 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:57:10.0625 4708 CmBatt - ok
18:57:10.0640 4708 CmdIde - ok
18:57:10.0671 4708 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:57:10.0765 4708 Compbatt - ok
18:57:10.0781 4708 COMSysApp - ok
18:57:10.0812 4708 Cpqarray - ok
18:57:10.0859 4708 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:57:10.0968 4708 CryptSvc - ok
18:57:10.0984 4708 dac2w2k - ok
18:57:11.0000 4708 dac960nt - ok
18:57:11.0046 4708 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:57:11.0171 4708 DcomLaunch - ok
18:57:11.0265 4708 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:57:11.0375 4708 Dhcp - ok
18:57:11.0406 4708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:57:11.0515 4708 Disk - ok
18:57:11.0531 4708 dmadmin - ok
18:57:11.0593 4708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:57:11.0718 4708 dmboot - ok
18:57:11.0796 4708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:57:11.0906 4708 dmio - ok
18:57:11.0953 4708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:57:12.0046 4708 dmload - ok
18:57:12.0078 4708 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:57:12.0171 4708 dmserver - ok
18:57:12.0203 4708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:57:12.0312 4708 DMusic - ok
18:57:12.0375 4708 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:57:12.0468 4708 Dnscache - ok
18:57:12.0515 4708 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:57:12.0625 4708 Dot3svc - ok
18:57:12.0671 4708 dpti2o - ok
18:57:12.0718 4708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:57:12.0812 4708 drmkaud - ok
18:57:12.0828 4708 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:57:12.0937 4708 EapHost - ok
18:57:13.0031 4708 Emproxy (db415bb143cd8ae0bcd62e3448667c43) C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
18:57:13.0062 4708 Emproxy - ok
18:57:13.0140 4708 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:57:13.0250 4708 ERSvc - ok
18:57:13.0296 4708 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:57:13.0328 4708 Eventlog - ok
18:57:13.0375 4708 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:57:13.0437 4708 EventSystem - ok
18:57:13.0500 4708 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
18:57:13.0578 4708 EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:57:13.0578 4708 EvtEng - detected UnsignedFile.Multi.Generic (1)
18:57:13.0671 4708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:57:13.0812 4708 Fastfat - ok
18:57:13.0859 4708 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:57:13.0937 4708 FastUserSwitchingCompatibility - ok
18:57:13.0968 4708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:57:14.0125 4708 Fdc - ok
18:57:14.0203 4708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:57:14.0296 4708 Fips - ok
18:57:14.0343 4708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:57:14.0453 4708 Flpydisk - ok
18:57:14.0468 4708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:57:14.0578 4708 FltMgr - ok
18:57:14.0640 4708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:57:14.0765 4708 Fs_Rec - ok
18:57:14.0781 4708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:57:14.0906 4708 Ftdisk - ok
18:57:14.0937 4708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:57:15.0046 4708 Gpc - ok
18:57:15.0078 4708 hcmon (fef4c8cb7412c644c36074cd7596df2a) C:\WINDOWS\system32\drivers\hcmon.sys
18:57:15.0140 4708 hcmon - ok
18:57:15.0218 4708 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:57:15.0328 4708 HDAudBus - ok
18:57:15.0375 4708 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:57:15.0468 4708 helpsvc - ok
18:57:15.0500 4708 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:57:15.0609 4708 HidServ - ok
18:57:15.0703 4708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:57:15.0812 4708 hidusb - ok
18:57:15.0859 4708 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:57:15.0968 4708 hkmsvc - ok
18:57:15.0984 4708 hpn - ok
18:57:16.0031 4708 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:57:16.0093 4708 HSFHWAZL - ok
18:57:16.0187 4708 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:57:16.0281 4708 HSF_DPV - ok
18:57:16.0328 4708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:57:16.0390 4708 HTTP - ok
18:57:16.0453 4708 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:57:16.0562 4708 HTTPFilter - ok
18:57:16.0593 4708 i2omgmt - ok
18:57:16.0609 4708 i2omp - ok
18:57:16.0640 4708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:57:16.0750 4708 i8042prt - ok
18:57:16.0781 4708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:57:16.0890 4708 Imapi - ok
18:57:16.0968 4708 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:57:17.0062 4708 ImapiService - ok
18:57:17.0093 4708 ini910u - ok
18:57:17.0125 4708 IntelIde - ok
18:57:17.0171 4708 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:57:17.0250 4708 intelppm - ok
18:57:17.0281 4708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:57:17.0390 4708 Ip6Fw - ok
18:57:17.0468 4708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:57:17.0578 4708 IpFilterDriver - ok
18:57:17.0609 4708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:57:17.0718 4708 IpInIp - ok
18:57:17.0750 4708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:57:17.0859 4708 IpNat - ok
18:57:17.0921 4708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:57:18.0031 4708 IPSec - ok
18:57:18.0062 4708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:57:18.0171 4708 IRENUM - ok
18:57:18.0218 4708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:57:18.0312 4708 isapnp - ok
18:57:18.0375 4708 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:57:18.0406 4708 JavaQuickStarterService - ok
18:57:18.0484 4708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:57:18.0593 4708 Kbdclass - ok
18:57:18.0625 4708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:57:18.0734 4708 kmixer - ok
18:57:18.0765 4708 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:57:18.0875 4708 KSecDD - ok
18:57:18.0953 4708 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:57:19.0000 4708 lanmanserver - ok
18:57:19.0031 4708 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:57:19.0093 4708 lanmanworkstation - ok
18:57:19.0125 4708 lbrtfdc - ok
18:57:19.0234 4708 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:57:19.0343 4708 LmHosts - ok
18:57:19.0406 4708 McAfee HackerWatch Service (359b5c5cab0ca31061506e51ccbaf4b1) C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
18:57:19.0437 4708 McAfee HackerWatch Service - ok
18:57:19.0484 4708 mcmispupdmgr (993582ec1cf765206cf9d4d5ca22589f) C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
18:57:19.0515 4708 mcmispupdmgr - ok
18:57:19.0546 4708 mcmscsvc (bb8a45e65be310996a201f8a75646a8d) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
18:57:19.0562 4708 mcmscsvc - ok
18:57:19.0671 4708 McNASvc (4c5b97b76c13d9154aa91d0c754e79e3) c:\program files\common files\mcafee\mna\mcnasvc.exe
18:57:19.0750 4708 McNASvc - ok
18:57:19.0812 4708 McODS (d984faf698966aa360c1702ef623c3f9) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
18:57:19.0828 4708 McODS - ok
18:57:19.0890 4708 mcpromgr (14313ff5203df7cb53e8d2f18f59d4d2) C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
18:57:19.0906 4708 mcpromgr - ok
18:57:19.0937 4708 McProxy (76e4b69de7a2d725877d0cbf23d52f2b) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
18:57:19.0968 4708 McProxy - ok
18:57:19.0984 4708 McRedirector (825040724ca09837719022d7181c555c) c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
18:57:20.0000 4708 McRedirector - ok
18:57:20.0031 4708 McShield (b74cebef7f2126f68cdc060c855e5aab) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
18:57:20.0046 4708 McShield - ok
18:57:20.0093 4708 McSysmon (9770a8706bba3c4cbea998d2a6bf2d08) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
18:57:20.0125 4708 McSysmon - ok
18:57:20.0203 4708 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:57:20.0234 4708 mdmxsdk - ok
18:57:20.0281 4708 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:57:20.0390 4708 Messenger - ok
18:57:20.0421 4708 mfeavfk (f5250976c1334c1e4feceddcdf02353e) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:57:20.0437 4708 mfeavfk - ok
18:57:20.0484 4708 mfebopk (787702627cc0770f45206f4034390580) C:\WINDOWS\system32\drivers\mfebopk.sys
18:57:20.0484 4708 mfebopk - ok
18:57:20.0546 4708 mfehidk (241c09c7d8c589ea1d72a36e6578e42c) C:\WINDOWS\system32\drivers\mfehidk.sys
18:57:20.0562 4708 mfehidk - ok
18:57:20.0578 4708 mferkdk (a321c17fadad2665c455c6d39e465fe0) C:\WINDOWS\system32\drivers\mferkdk.sys
18:57:20.0593 4708 mferkdk - ok
18:57:20.0625 4708 mfesmfk (1fbdd2eb37ce910d6cee60140c400b6a) C:\WINDOWS\system32\drivers\mfesmfk.sys
18:57:20.0734 4708 mfesmfk - ok
18:57:20.0765 4708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:57:20.0921 4708 mnmdd - ok
18:57:20.0984 4708 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:57:21.0093 4708 mnmsrvc - ok
18:57:21.0140 4708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:57:21.0265 4708 Modem - ok
18:57:21.0281 4708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:57:21.0375 4708 Mouclass - ok
18:57:21.0406 4708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:57:21.0515 4708 mouhid - ok
18:57:21.0562 4708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:57:21.0656 4708 MountMgr - ok
18:57:21.0734 4708 MPFP (8c5842de130c8920050ea80dbe8f746b) C:\WINDOWS\system32\Drivers\Mpfp.sys
18:57:21.0750 4708 MPFP - ok
18:57:21.0843 4708 MpfService (0928b5dbbf198340d5ff7eda01922791) C:\Program Files\McAfee\MPF\MPFSrv.exe
18:57:21.0859 4708 MpfService - ok
18:57:21.0921 4708 MPS9 (12b87c8f9614c26c58488be8610a9b67) C:\PROGRA~1\McAfee\MPS\mps.exe
18:57:22.0046 4708 MPS9 - ok
18:57:22.0093 4708 mraid35x - ok
18:57:22.0140 4708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:57:22.0265 4708 MRxDAV - ok
18:57:22.0312 4708 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:57:22.0406 4708 MRxSmb - ok
18:57:22.0484 4708 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:57:22.0640 4708 MSDTC - ok
18:57:22.0703 4708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:57:22.0843 4708 Msfs - ok
18:57:22.0859 4708 MSIServer - ok
18:57:22.0953 4708 MSK80Service (10be560bb16f1a926246c7eab94a47ff) C:\Program Files\McAfee\MSK\MskSrver.exe
18:57:22.0968 4708 MSK80Service - ok
18:57:23.0031 4708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:57:23.0187 4708 MSKSSRV - ok
18:57:23.0234 4708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:57:23.0328 4708 MSPCLOCK - ok
18:57:23.0359 4708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:57:23.0468 4708 MSPQM - ok
18:57:23.0500 4708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:57:23.0578 4708 mssmbios - ok
18:57:23.0671 4708 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:57:23.0734 4708 Mup - ok
18:57:23.0781 4708 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:57:23.0906 4708 napagent - ok
18:57:23.0921 4708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:57:24.0031 4708 NDIS - ok
18:57:24.0109 4708 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:57:24.0156 4708 NdisTapi - ok
18:57:24.0203 4708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:57:24.0296 4708 Ndisuio - ok
18:57:24.0343 4708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:57:24.0437 4708 NdisWan - ok
18:57:24.0515 4708 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:57:24.0562 4708 NDProxy - ok
18:57:24.0640 4708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:57:24.0750 4708 NetBIOS - ok
18:57:24.0796 4708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:57:24.0906 4708 NetBT - ok
18:57:24.0968 4708 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:57:25.0078 4708 NetDDE - ok
18:57:25.0093 4708 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:57:25.0171 4708 NetDDEdsdm - ok
18:57:25.0203 4708 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:57:25.0328 4708 Netlogon - ok
18:57:25.0359 4708 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:57:25.0468 4708 Netman - ok
18:57:25.0562 4708 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:57:25.0609 4708 NetTcpPortSharing - ok
18:57:25.0765 4708 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
18:57:25.0937 4708 NETw4x32 - ok
18:57:26.0046 4708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:57:26.0156 4708 NIC1394 - ok
18:57:26.0234 4708 NICCONFIGSVC (173c750946a08c776daa6bded59a1db5) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
18:57:26.0312 4708 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
18:57:26.0312 4708 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
18:57:26.0390 4708 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:57:26.0453 4708 Nla - ok
18:57:26.0500 4708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:57:26.0656 4708 Npfs - ok
18:57:26.0718 4708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:57:26.0843 4708 Ntfs - ok
18:57:26.0921 4708 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:57:27.0015 4708 NtLmSsp - ok
18:57:27.0062 4708 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:57:27.0203 4708 NtmsSvc - ok
18:57:27.0234 4708 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:57:27.0265 4708 NuidFltr - ok
18:57:27.0312 4708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:57:27.0421 4708 Null - ok
18:57:27.0468 4708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:57:27.0578 4708 NwlnkFlt - ok
18:57:27.0609 4708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:57:27.0718 4708 NwlnkFwd - ok
18:57:27.0843 4708 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:57:27.0890 4708 odserv - ok
18:57:27.0968 4708 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:57:28.0062 4708 ohci1394 - ok
18:57:28.0093 4708 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:28.0125 4708 ose - ok
18:57:28.0187 4708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:57:28.0281 4708 Parport - ok
18:57:28.0296 4708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:57:28.0437 4708 PartMgr - ok
18:57:28.0500 4708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:57:28.0609 4708 ParVdm - ok
18:57:28.0671 4708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:57:28.0765 4708 PCI - ok
18:57:28.0781 4708 PCIDump - ok
18:57:28.0812 4708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:57:28.0921 4708 PCIIde - ok
18:57:28.0953 4708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:57:29.0062 4708 Pcmcia - ok
18:57:29.0062 4708 PDCOMP - ok
18:57:29.0078 4708 PDFRAME - ok
18:57:29.0109 4708 PDRELI - ok
18:57:29.0125 4708 PDRFRAME - ok
18:57:29.0140 4708 perc2 - ok
18:57:29.0156 4708 perc2hib - ok
18:57:29.0234 4708 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:57:29.0281 4708 PlugPlay - ok
18:57:29.0328 4708 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:57:29.0421 4708 PolicyAgent - ok
18:57:29.0453 4708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:57:29.0562 4708 PptpMiniport - ok
18:57:29.0593 4708 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:57:29.0687 4708 ProtectedStorage - ok
18:57:29.0718 4708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:57:29.0828 4708 PSched - ok
18:57:29.0859 4708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:57:29.0953 4708 Ptilink - ok
18:57:29.0984 4708 ql1080 - ok
18:57:30.0000 4708 Ql10wnt - ok
18:57:30.0015 4708 ql12160 - ok
18:57:30.0031 4708 ql1240 - ok
18:57:30.0062 4708 ql1280 - ok
18:57:30.0078 4708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:57:30.0171 4708 RasAcd - ok
18:57:30.0218 4708 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:57:30.0328 4708 RasAuto - ok
18:57:30.0406 4708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:57:30.0515 4708 Rasl2tp - ok
18:57:30.0578 4708 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:57:30.0671 4708 RasMan - ok
18:57:30.0718 4708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:57:30.0828 4708 RasPppoe - ok
18:57:30.0843 4708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:57:30.0953 4708 Raspti - ok
18:57:31.0031 4708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:57:31.0140 4708 Rdbss - ok
18:57:31.0171 4708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:57:31.0296 4708 RDPCDD - ok
18:57:31.0328 4708 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:57:31.0437 4708 rdpdr - ok
18:57:31.0531 4708 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:57:31.0593 4708 RDPWD - ok
18:57:31.0671 4708 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:57:31.0765 4708 RDSessMgr - ok
18:57:31.0796 4708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:57:31.0906 4708 redbook - ok
18:57:31.0968 4708 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
18:57:32.0015 4708 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:57:32.0015 4708 RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:57:32.0093 4708 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:57:32.0203 4708 RemoteAccess - ok
18:57:32.0234 4708 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:57:32.0343 4708 RemoteRegistry - ok
18:57:32.0390 4708 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:57:32.0484 4708 RpcLocator - ok
18:57:32.0531 4708 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:57:32.0609 4708 RpcSs - ok
18:57:32.0687 4708 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:57:32.0796 4708 RSVP - ok
18:57:32.0875 4708 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
18:57:32.0984 4708 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
18:57:32.0984 4708 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
18:57:33.0046 4708 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:57:33.0078 4708 s24trans ( UnsignedFile.Multi.Generic ) - warning
18:57:33.0078 4708 s24trans - detected UnsignedFile.Multi.Generic (1)
18:57:33.0109 4708 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:57:33.0250 4708 SamSs - ok
18:57:33.0281 4708 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:57:33.0390 4708 SCardSvr - ok
18:57:33.0421 4708 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:57:33.0531 4708 Schedule - ok
18:57:33.0656 4708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:57:33.0765 4708 Secdrv - ok
18:57:33.0796 4708 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:57:33.0890 4708 seclogon - ok
18:57:33.0921 4708 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:57:34.0015 4708 SENS - ok
18:57:34.0046 4708 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:57:34.0156 4708 serenum - ok
18:57:34.0218 4708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:57:34.0328 4708 Serial - ok
18:57:34.0359 4708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:57:34.0453 4708 Sfloppy - ok
18:57:34.0500 4708 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:57:34.0625 4708 SharedAccess - ok
18:57:34.0656 4708 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:57:34.0687 4708 ShellHWDetection - ok
18:57:34.0750 4708 Simbad - ok
18:57:34.0765 4708 Sparrow - ok
18:57:34.0812 4708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:57:34.0906 4708 splitter - ok
18:57:34.0937 4708 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:57:34.0968 4708 Spooler - ok
18:57:35.0000 4708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:57:35.0093 4708 sr - ok
18:57:35.0171 4708 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:57:35.0281 4708 srservice - ok
18:57:35.0328 4708 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:57:35.0421 4708 Srv - ok
18:57:35.0500 4708 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:57:35.0609 4708 SSDPSRV - ok
18:57:35.0671 4708 STacSV (686fa4acfdcb4e16b7f0230b88f6d17e) C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
18:57:35.0703 4708 STacSV ( UnsignedFile.Multi.Generic ) - warning
18:57:35.0703 4708 STacSV - detected UnsignedFile.Multi.Generic (1)
18:57:35.0781 4708 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
18:57:35.0906 4708 STHDA - ok
18:57:36.0000 4708 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:57:36.0812 4708 stisvc - ok
18:57:36.0890 4708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:57:37.0093 4708 swenum - ok
18:57:37.0125 4708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:57:37.0234 4708 swmidi - ok
18:57:37.0265 4708 SwPrv - ok
18:57:37.0296 4708 symc810 - ok
18:57:37.0312 4708 symc8xx - ok
18:57:37.0328 4708 sym_hi - ok
18:57:37.0343 4708 sym_u3 - ok
18:57:37.0375 4708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:57:37.0484 4708 sysaudio - ok
18:57:37.0546 4708 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:57:37.0656 4708 SysmonLog - ok
18:57:37.0687 4708 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:57:37.0812 4708 TapiSrv - ok
18:57:37.0875 4708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:37.0921 4708 Tcpip - ok
18:57:37.0984 4708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:38.0078 4708 TDPIPE - ok
18:57:38.0109 4708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:38.0203 4708 TDTCP - ok
18:57:38.0281 4708 TegSrv (5814663e16486858b4e2b7bd984cf92c) C:\Program Files\Tegrity\Recorder\TegSrv.exe
18:57:38.0296 4708 TegSrv - ok
18:57:38.0390 4708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:38.0484 4708 TermDD - ok
18:57:38.0515 4708 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:57:38.0625 4708 TermService - ok
18:57:38.0656 4708 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:57:38.0671 4708 Themes - ok
18:57:38.0750 4708 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:57:38.0859 4708 TlntSvr - ok
18:57:38.0890 4708 TosIde - ok
18:57:38.0921 4708 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:57:39.0031 4708 TrkWks - ok
18:57:39.0093 4708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:57:39.0203 4708 Udfs - ok
18:57:39.0265 4708 ufad-ws60 (27fedeaf9d646b9d001a5e27a18bd437) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
18:57:39.0296 4708 ufad-ws60 - ok
18:57:39.0359 4708 ultra - ok
18:57:39.0406 4708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:57:39.0531 4708 Update - ok
18:57:39.0593 4708 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:57:39.0703 4708 upnphost - ok
18:57:39.0781 4708 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:57:39.0906 4708 UPS - ok
18:57:39.0968 4708 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
18:57:40.0046 4708 USBCCID - ok
18:57:40.0093 4708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:57:40.0250 4708 usbehci - ok
18:57:40.0312 4708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:40.0468 4708 usbhub - ok
18:57:40.0515 4708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:40.0625 4708 USBSTOR - ok
18:57:40.0640 4708 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:57:40.0734 4708 usbuhci - ok
18:57:40.0750 4708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:57:40.0843 4708 VgaSave - ok
18:57:40.0843 4708 ViaIde - ok
18:57:40.0921 4708 VMAuthdService (4d45f1f1637e53455e407dfcb4e0d459) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
18:57:40.0937 4708 VMAuthdService - ok
18:57:41.0015 4708 vmci (a032c61cf37f5ec1e254348686a1b9f7) C:\WINDOWS\system32\Drivers\vmci.sys
18:57:41.0046 4708 vmci - ok
18:57:41.0062 4708 vmkbd (0ff56144a95abe14c87a20bcc63d6ae1) C:\WINDOWS\system32\drivers\VMkbd.sys
18:57:41.0093 4708 vmkbd - ok
18:57:41.0125 4708 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
18:57:41.0140 4708 VMnetAdapter - ok
18:57:41.0171 4708 VMnetBridge (e44ecd0d2caa7ac3d7cb9d06e78963a0) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
18:57:41.0187 4708 VMnetBridge - ok
18:57:41.0234 4708 VMnetDHCP (3231287f43eac069dd5a635250820eb6) C:\WINDOWS\system32\vmnetdhcp.exe
18:57:41.0250 4708 VMnetDHCP - ok
18:57:41.0312 4708 VMnetuserif (b26da84d8d5c654b107972397a89fb46) C:\WINDOWS\system32\drivers\vmnetuserif.sys
18:57:41.0343 4708 VMnetuserif - ok
18:57:41.0390 4708 VMUSBArbService (26bd025b6d74d1c345d13ff9c509e893) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
18:57:41.0406 4708 VMUSBArbService - ok
18:57:41.0484 4708 VMware NAT Service (96dd61e7e665c35d2d22c2ff280e71d9) C:\WINDOWS\system32\vmnat.exe
18:57:41.0500 4708 VMware NAT Service - ok
18:57:41.0609 4708 vmx86 (97c1f1803e208d5e95a60e789a7e070a) C:\WINDOWS\system32\Drivers\vmx86.sys
18:57:41.0671 4708 vmx86 - ok
18:57:41.0703 4708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:57:41.0812 4708 VolSnap - ok
18:57:41.0859 4708 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:57:42.0015 4708 VSS - ok
18:57:42.0078 4708 vstor2-ws60 (c40598b7708c6af55a629a4d349e33bb) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
18:57:42.0093 4708 vstor2-ws60 - ok
18:57:42.0171 4708 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:57:42.0265 4708 W32Time - ok
18:57:42.0312 4708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:42.0421 4708 Wanarp - ok
18:57:42.0484 4708 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:57:42.0531 4708 Wdf01000 - ok
18:57:42.0578 4708 WDICA - ok
18:57:42.0625 4708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:42.0718 4708 wdmaud - ok
18:57:42.0750 4708 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:57:42.0859 4708 WebClient - ok
18:57:42.0921 4708 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:57:43.0015 4708 winachsf - ok
18:57:43.0093 4708 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\WINDOWS\system32\drivers\windrvr6.sys
18:57:43.0234 4708 WinDriver6 - ok
18:57:43.0296 4708 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:57:43.0390 4708 winmgmt - ok
18:57:43.0484 4708 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
18:57:43.0546 4708 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
18:57:43.0546 4708 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
18:57:43.0625 4708 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:57:43.0671 4708 WmdmPmSN - ok
18:57:43.0750 4708 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:57:43.0843 4708 Wmi - ok
18:57:43.0875 4708 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:57:44.0015 4708 WmiAcpi - ok
18:57:44.0125 4708 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:57:44.0234 4708 WmiApSrv - ok
18:57:44.0359 4708 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:57:44.0421 4708 WPFFontCache_v0400 - ok
18:57:44.0515 4708 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:57:44.0671 4708 WS2IFSL - ok
18:57:44.0703 4708 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:57:44.0812 4708 wscsvc - ok
18:57:44.0828 4708 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:57:44.0937 4708 wuauserv - ok
18:57:44.0984 4708 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:45.0046 4708 WudfPf - ok
18:57:45.0109 4708 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:45.0140 4708 WudfRd - ok
18:57:45.0171 4708 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:57:45.0218 4708 WudfSvc - ok
18:57:45.0281 4708 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:57:45.0406 4708 WZCSVC - ok
18:57:45.0453 4708 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:57:45.0578 4708 xmlprov - ok
18:57:45.0625 4708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:57:45.0875 4708 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:57:45.0875 4708 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:57:45.0875 4708 Boot (0x1200) (d89fd2108ab8280d4b39385d3566f0a7) \Device\Harddisk0\DR0\Partition0
18:57:45.0875 4708 \Device\Harddisk0\DR0\Partition0 - ok
18:57:45.0890 4708 ============================================================
18:57:45.0890 4708 Scan finished
18:57:45.0890 4708 ============================================================
18:57:46.0015 2256 Detected object count: 11
18:57:46.0015 2256 Actual detected object count: 11
18:58:38.0843 2256 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0843 2256 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0843 2256 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0843 2256 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0843 2256 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0843 2256 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0843 2256 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0843 2256 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0859 2256 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0875 2256 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0890 2256 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0890 2256 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0906 2256 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0906 2256 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0921 2256 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0921 2256 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0937 2256 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0937 2256 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0953 2256 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:38.0953 2256 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:38.0984 2256 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:58:39.0000 2256 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:58:39.0031 2256 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:58:39.0046 2256 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:58:39.0078 2256 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:58:39.0093 2256 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:58:39.0125 2256 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:58:39.0187 2256 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:58:39.0187 2256 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:58:39.0187 2256 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:58:39.0203 2256 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:58:39.0203 2256 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:58:39.0218 2256 \Device\Harddisk0\DR0\TDLFS - deleted
18:58:39.0218 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
18:58:45.0140 4136 Deinitialize success
Hi,
Go ahead and run ComboFix again and continue past the warnings that ComboFix is showing. There should not be any problem. :)
Leepo136
2012-04-08, 01:11
Ran Combofix. Here's the log.
ComboFix 12-04-06.03 - Lee 04/07/2012 18:04:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1437 [GMT -7:00]
Running from: c:\documents and settings\Lee\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-06 19:02 . 2012-04-06 19:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 18:00 . 2012-04-05 18:00 -------- d-----w- c:\documents and settings\Lee\Application Data\Malwarebytes
2012-04-05 18:00 . 2012-04-05 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-05 18:00 . 2012-04-05 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 18:00 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 16:46 . 2012-04-02 16:46 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 16:46 . 2011-05-19 17:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 19:36 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-08-29 03:04 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-21 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-18 152144]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-05-21 129584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Tegrity Recorder"="c:\program files\Tegrity\Recorder\TegrityTray.exe" [2011-12-14 948064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Lee\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Lee\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Documents and Settings\\Lee\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R2 TegSrv;TegSrv;c:\program files\Tegrity\Recorder\TegSrv.exe [12/14/2011 8:30 AM 157536]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [5/21/2010 12:56 AM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [5/20/2010 11:40 PM 539184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 9:46 AM 253600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:46]
.
2012-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-484763869-682003330-1003Core.job
- c:\documents and settings\Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-16 02:01]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-484763869-682003330-1003UA.job
- c:\documents and settings\Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-16 02:01]
.
2010-08-29 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-08-29 01:02]
.
2010-08-29 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-08-29 01:02]
.
2012-04-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 205.152.150.23 205.152.132.23
DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB} - hxxp://tegrity2.wku.edu/tegrity/_instructor/RecInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-07 18:14:03
ComboFix-quarantined-files.txt 2012-04-08 01:13
.
Pre-Run: 63,426,084,864 bytes free
Post-Run: 65,452,367,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3E59748218647A81340EF90F71E7F392
Hi,
I see that you have Malwarebytes on your computer. Please open Malwarebytes, update it and then run a Quick Scan. There will be a log created that I will need in your next reply.
----------
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.htmll).
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
[quote]Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
----------
In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)
Leepo136
2012-04-08, 04:20
Ran Malwarebytes, and the log is below. I'm hesitant about running the ESET online scanner, because I still cannot disable McAfee SecurityCenter.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.07.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lee :: FREDRICK [administrator]
4/7/2012 9:18:19 PM
mbam-log-2012-04-07 (21-18-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178289
Time elapsed: 4 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Hi,
You should be able to disable enough of it by doing the following:
Double-click the taskbar icon to open SecurityCenter
Click Advanced Menu (bottom)
Click Configure (left)
Click Computer & Files (top left)
You can disable VirusScan and tell it for how long over at the right.
If you click the Advanced button at the right you can then go to Active Protection on the left and uncheck it. Don't forget to click Apply and OK.
Once that is complete go ahead and run ESET. :)
Leepo136
2012-04-08, 19:31
Ran ESET. It couldn't clean any of these problems it found. Far more trojans and rootkits than I ever would've guessed were found.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=469bf1ce08b31140b219bec957771d1c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-08 07:34:02
# local_time=2012-04-08 12:34:02 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776549 100 85 50713067 166998341 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=71607
# found=58
# cleaned=0
# scan_time=3972
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-347250de Java/Exploit.CVE-2011-3544.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\20\6f8bd594-2f16cd73 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-2609dc27 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\23\36785497-64d39c7b a variant of Java/TrojanDownloader.OpenConnection.AQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-706410db multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\1e1bd3df-149dff6a multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4fdedfcf a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\70e83d9f-6e8e41e7 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-53cc4dac a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-7ce38a79 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-7cf5cb8c multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\34\57ca5a62-241eb8a3 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-4bc3a7b1 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\35\625b3763-5a092eb3 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-41c172f6 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-6f6b8b99 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-74b2dffd multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\4\9dfafc4-4becf4e7 a variant of Java/Exploit.CVE-2011-3544.C trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\40\7a0ff328-4686f149 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\40\7a0ff328-6723bc96 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\154d9fe9-6e9b9b72 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\29b4c469-408cc103 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\3d3fb229-2ca4a111 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\3d3fb229-735367ed multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-672523c8 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-70fb5a99 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\46\1d0f2fae-5c119f0a Java/Exploit.CVE-2011-3544.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\6fd04eaf-7927e894 a variant of Java/TrojanDownloader.OpenStream.NBY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-42e62fea multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-5b359ca3 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-16bb673e a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-48b18b46 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-4d17341d a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\15e51fb5-69e93f02 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\28c00235-1ad67c2f multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\3a249fb5-46b5e7ef multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\6eee1e35-44476ac9 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-7340fc3b a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-3a12e901 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-41f42c33 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\7\139f3c7-43a6a042 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\9\64a5ca89-6ae96a14 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_12.00.30\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\06.04.2012_18.56.46\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I
Hi,
Looks like there are many infections regarding Java and some of the entries that are showing are already quarantined by TDSSKiller so they are ok. :)
--------
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
File::
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-347250de
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\20\6f8bd594-2f16cd73
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-2609dc27
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\23\36785497-64d39c7b
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-706410db
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\1e1bd3df-149dff6a
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4fdedfcf
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\70e83d9f-6e8e41e7
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-53cc4dac
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-7ce38a79
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-7cf5cb8c
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\34\57ca5a62-241eb8a3
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-4bc3a7b1
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\35\625b3763-5a092eb3
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-41c172f6
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-6f6b8b99
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-74b2dffd
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\4\9dfafc4-4becf4e7
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\40\7a0ff328-4686f149
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\40\7a0ff328-6723bc96
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\154d9fe9-6e9b9b72
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\29b4c469-408cc103
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\3d3fb229-2ca4a111
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\3d3fb229-735367ed
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-672523c8
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-70fb5a99
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\46\1d0f2fae-5c119f0a
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\6fd04eaf-7927e894
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-42e62fea
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-5b359ca3
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-16bb673e
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-48b18b46
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-4d17341d
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\15e51fb5-69e93f02
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\28c00235-1ad67c2f
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\3a249fb5-46b5e7ef
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\6eee1e35-44476ac9
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-7340fc3b
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-3a12e901
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-41f42c33
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\7\139f3c7-43a6a042
C:\Documents and Settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\9\64a5ca89-6ae96a14
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Leepo136
2012-04-09, 01:09
ComboFix 12-04-06.03 - Lee 04/08/2012 18:07:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1467 [GMT -7:00]
Running from: c:\documents and settings\Lee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lee\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\10\7bec11ca-347250de"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\20\6f8bd594-2f16cd73"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-2609dc27"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\23\36785497-64d39c7b"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-706410db"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\1e1bd3df-149dff6a"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\70e83d9f-4fdedfcf"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\31\70e83d9f-6e8e41e7"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-53cc4dac"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-7ce38a79"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-7cf5cb8c"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\34\57ca5a62-241eb8a3"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-4bc3a7b1"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\35\625b3763-5a092eb3"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-41c172f6"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-6f6b8b99"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-74b2dffd"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\4\9dfafc4-4becf4e7"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\40\7a0ff328-4686f149"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\40\7a0ff328-6723bc96"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\154d9fe9-6e9b9b72"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\29b4c469-408cc103"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\3d3fb229-2ca4a111"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\41\3d3fb229-735367ed"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-672523c8"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-70fb5a99"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\46\1d0f2fae-5c119f0a"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\6fd04eaf-7927e894"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-42e62fea"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-5b359ca3"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-16bb673e"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-48b18b46"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-4d17341d"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\15e51fb5-69e93f02"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\28c00235-1ad67c2f"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\3a249fb5-46b5e7ef"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\53\6eee1e35-44476ac9"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-7340fc3b"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-3a12e901"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-41f42c33"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\7\139f3c7-43a6a042"
"c:\documents and settings\Lee\Application Data\Sun\Java\Deployment\cache\6.0\9\64a5ca89-6ae96a14"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-08 18:18 . 2012-04-08 18:18 -------- d-----w- c:\program files\ESET
2012-04-08 04:30 . 2012-04-08 04:30 -------- d-----w- c:\program files\Common Files\Java
2012-04-08 04:30 . 2012-04-08 04:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-06 19:02 . 2012-04-06 19:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 18:00 . 2012-04-05 18:00 -------- d-----w- c:\documents and settings\Lee\Application Data\Malwarebytes
2012-04-05 18:00 . 2012-04-05 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-05 18:00 . 2012-04-05 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 18:00 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 16:46 . 2012-04-02 16:46 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 04:30 . 2011-03-05 22:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-02 16:46 . 2011-05-19 17:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 19:36 3072 ------w- c:\windows\system32\iacenc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_01.12.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-09 01:01 . 2012-04-09 01:01 16384 c:\windows\Temp\Perflib_Perfdata_bf4.dat
+ 2012-04-09 01:01 . 2012-04-09 01:01 16384 c:\windows\Temp\Perflib_Perfdata_4b8.dat
+ 2012-04-08 04:30 . 2012-04-08 04:30 157472 c:\windows\system32\javaws.exe
- 2011-10-20 16:09 . 2011-10-03 12:06 157472 c:\windows\system32\javaws.exe
+ 2012-04-08 04:30 . 2012-04-08 04:30 149280 c:\windows\system32\javaw.exe
+ 2012-04-08 04:30 . 2012-04-08 04:30 149280 c:\windows\system32\java.exe
+ 2012-04-08 04:30 . 2012-04-08 04:30 203776 c:\windows\Installer\dc94e.msi
+ 2012-04-08 04:30 . 2012-04-08 04:30 901120 c:\windows\Installer\dc940.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-21 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-18 152144]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-05-21 129584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Tegrity Recorder"="c:\program files\Tegrity\Recorder\TegrityTray.exe" [2011-12-14 948064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Lee\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Lee\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Documents and Settings\\Lee\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R2 TegSrv;TegSrv;c:\program files\Tegrity\Recorder\TegSrv.exe [12/14/2011 8:30 AM 157536]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [5/21/2010 12:56 AM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [5/20/2010 11:40 PM 539184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 9:46 AM 253600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:46]
.
2012-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-484763869-682003330-1003Core.job
- c:\documents and settings\Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-16 02:01]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-484763869-682003330-1003UA.job
- c:\documents and settings\Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-16 02:01]
.
2010-08-29 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-08-29 01:02]
.
2010-08-29 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2010-08-29 01:02]
.
2012-04-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 205.152.150.23 205.152.132.23
DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB} - hxxp://tegrity2.wku.edu/tegrity/_instructor/RecInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(512)
c:\windows\system32\WININET.dll
c:\program files\McAfee\MSK\mskoeplg.dll
c:\documents and settings\Lee\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-08 18:13:31
ComboFix-quarantined-files.txt 2012-04-09 01:13
ComboFix2.txt 2012-04-08 01:14
.
Pre-Run: 65,152,765,952 bytes free
Post-Run: 65,173,237,760 bytes free
.
- - End Of File - - 9BE9F58CE082BB45846CC891856E8272
Hi,
How is your system running? :)
Leepo136
2012-04-09, 14:09
The system seems to be running smoothly now. Thank you for your help.
I would now like to uninstall McAfee and install a new antivirus. There are a few free ones that I'm considering. Which one would you personally suggest?
Hi,
The system seems to be running smoothly now:bigthumb:
----------
Ok...if you are wanting to try a new antivirus I would recommend either
Microsoft Security Essentials (http://www.microsoft.com/security/pc-security/mse.aspx)
Avast (http://www.avast.com/en-au/free-antivirus-download)
They are both very good and free.
Be sure to remove McAfee before installing your new antivirus program. It is ok to download the new program but remove McAfee prior to the new installation.
----------
You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)
You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.
Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)
In either case you should uninstall Adobe Reader 9.5.0 first. Be sure to move any PDF documents to another folder first though.
----------
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own
folder
Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.
----------
Now run a new scan with DDS and post both of the logs into your next reply. :)
Leepo136
2012-04-09, 18:09
Alright. Thank you for your advice. Here are the DDS logs.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by Lee at 11:09:30 on 2012-04-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1344 [GMT -7:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Tegrity\Recorder\TegSrv.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Tegrity\Recorder\TegrityTray.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Lee\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Tegrity Recorder] c:\program files\tegrity\recorder\TegrityTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\lee\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\lee\application data\dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB} - hxxp://tegrity2.wku.edu/tegrity/_instructor/RecInstaller.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 205.152.150.23 205.152.132.23
TCP: Interfaces\{7BAE8CF8-D574-4116-B62F-FC564F0F4C03} : DhcpNameServer = 205.152.150.23 205.152.132.23
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2010-8-29 540776]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2010-8-29 493144]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-8-29 352856]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2010-8-29 248416]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-8-29 144960]
R2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-8-29 643664]
R2 TegSrv;TegSrv;c:\program files\tegrity\recorder\TegSrv.exe [2011-12-14 157536]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-5-21 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-5-20 539184]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-8-29 71496]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-8-29 34184]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-8-29 170408]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2010-8-29 37480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2010-8-29 32008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-09 18:06:02 -------- d-----w- c:\program files\Oracle
2012-04-09 18:05:44 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-09 17:59:42 -------- d-----w- C:\JavaRa
2012-04-08 18:18:58 -------- d-----w- c:\program files\ESET
2012-04-08 04:30:44 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 01:02:26 -------- d-sha-r- C:\cmdcons
2012-04-08 01:00:22 98816 ----a-w- c:\windows\sed.exe
2012-04-08 01:00:22 518144 ----a-w- c:\windows\SWREG.exe
2012-04-08 01:00:22 256000 ----a-w- c:\windows\PEV.exe
2012-04-08 01:00:22 208896 ----a-w- c:\windows\MBR.exe
2012-04-06 19:02:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 18:00:49 -------- d-----w- c:\documents and settings\lee\application data\Malwarebytes
2012-04-05 18:00:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-05 18:00:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 18:00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-02 16:46:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-02 16:46:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-10 20:57:10 567696 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 11:10:19.03 ===============
Be sure to get Adobe Reader updated....out of date software is a sure way to get infected. :)
----------
Providing there are no other malware related problems...
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
---------
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)
http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Leepo136
2012-04-09, 20:59
Yeah, I just updated Adobe Reader.
Thanks again for your awesome assistance. :bigthumb:
By the way, this place used to be much busier, with plenty of malware removal topics. Now, it seems kind of bare. Why the huge shift in traffic?
Hi,
Glad that I was able to help. As for why it is not as busy, I tend to believe that it is because many of the newer software is more secure and I like to think people are being more security savvy. :)
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
----------