Think Point Virus - Malwarebytes

See the below scan of the SystemLook.txt


SystemLook 04.09.10 by jpshortstuff
Log created at 20:53 on 09/11/2010 by Tricia
Administrator - Elevation successful

========== filefind ==========

Searching for "spoolsv.exe"
C:\Windows\ERDNT\cache\spoolsv.exe --a---- 128000 bytes [01:39 02/11/2010] [14:11 17/08/2010] 8554097E5136C3BF9F69FE578A1B35F4
C:\Windows\System32\spoolsv.exe --a---- 128000 bytes [12:22 17/09/2010] [14:11 17/08/2010] 8554097E5136C3BF9F69FE578A1B35F4
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe --a---- 124928 bytes [09:15 02/11/2006] [09:45 02/11/2006] DA612EF2556776DF2630B68BF2D48935
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe --a---- 125952 bytes [22:28 29/11/2009] [07:33 19/01/2008] 846CDF9A3CF4DA9B306ADFB7D55EE4C2
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe --a---- 126464 bytes [12:22 17/09/2010] [13:32 17/08/2010] 3665F79026A3F91FBCA63F2C65A09B19
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe --a---- 128000 bytes [12:22 17/09/2010] [13:27 17/08/2010] E807FC542C295BA256CE3567829E02A6
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe --a---- 127488 bytes [14:54 22/12/2009] [06:28 11/04/2009] 524BFBEA40E6E404737CCBC754647A2E
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe --a---- 128000 bytes [12:22 17/09/2010] [14:11 17/08/2010] 8554097E5136C3BF9F69FE578A1B35F4
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe --a---- 128000 bytes [12:22 17/09/2010] [14:20 17/08/2010] AAE98B295E88D439A6E0F6E8929424FB

-= EOF =-

Are you still having problems?

It appears the home computer is running normal, however I have not re-connected to the internet. Do I need to perform the steps in Post 9? If I perform the Post 9 steps, do I need to type in svchost/uninstall in the run box?

Yes please, run the instructions in post #9.

I typed in the ComboFix /uninstall in the run box. A pop-up appeared and stated Windows could not find ComboFix /uninstall. I then decided to connect the home computer to the internet in safe mode with networking. When I entered www.GeekPolice.net, the web page stated the site was not available. It appeared the web page had been redirected to << SNIP >> At this time, I am not able to run the ComboFix/uninstall or to perform the ESAT online scan. It also appears some type of virus is in control of the home computer when I connect to the internet.


PLEASE DO NOT POST LIVE MALWARE LINKS ON THE FORUM ~DragonMaster Jay

Last edited by DragonMaster Jay on 13th November 2010, 10:43 am; edited 1 time in total (Reason for editing : Removed link)

I was able to get to the GeekPolice site and ran the ESAT online scan. It did not detect anything. Does this mean my home computer is free of the ThinkPoint virus?

Hello.

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
  
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.
  

---

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

See the below MBRCheckxxxx.txt log report and the TDSSKiller log report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell XPS420
Logical Drives Mask: 0x000000bc

Kernel Drivers (total 80):
0x8220E000 \SystemRoot\system32\ntkrnlpa.exe
0x825C7000 \SystemRoot\system32\hal.dll
0x80605000 \SystemRoot\system32\kdcom.dll
0x8060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067C000 \SystemRoot\system32\PSHED.dll
0x8068D000 \SystemRoot\system32\BOOTVID.dll
0x80695000 \SystemRoot\system32\CLFS.SYS
0x806D6000 \SystemRoot\system32\CI.dll
0x8A208000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A284000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A291000 \SystemRoot\system32\drivers\acpi.sys
0x8A2D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8A2E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A2E8000 \SystemRoot\system32\drivers\pci.sys
0x8A30F000 \SystemRoot\System32\drivers\partmgr.sys
0x8A31E000 \SystemRoot\system32\drivers\volmgr.sys
0x8A32D000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A377000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A40B000 \SystemRoot\system32\drivers\iastor.sys
0x8A4D3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A505000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A572000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A57B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A607000 \SystemRoot\system32\drivers\ndis.sys
0x8A712000 \SystemRoot\system32\drivers\msrpc.sys
0x8A73D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80F000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB15000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB56000 \SystemRoot\System32\Drivers\mup.sys
0x8AB65000 \SystemRoot\System32\drivers\ecache.sys
0x8AB8C000 \SystemRoot\system32\drivers\disk.sys
0x8AB9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABBE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E40B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E498000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E4A3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E4E1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E4F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E500000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E50E000 \SystemRoot\system32\drivers\Afc.sys
0x8E516000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E52E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E55D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E59E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E5A9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E5B9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E5C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E5CF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E5D1000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ABD4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A778000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ABE1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ABEA000 \SystemRoot\System32\Drivers\Null.SYS
0x8ABF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A9DC000 \SystemRoot\System32\drivers\vga.sys
0x8A7AD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A9E8000 \SystemRoot\System32\drivers\watchdog.sys
0x8A9F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A7CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8A7D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ABF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E5FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AB4E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8A7E7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A7F0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8ABC7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A914000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x94C60000 \SystemRoot\System32\win32k.sys
0x8A5EC000 \SystemRoot\System32\drivers\Dxapi.sys
0x94E70000 \SystemRoot\System32\drivers\dxg.sys
0x94EA0000 \SystemRoot\System32\TSDDD.dll
0x94F20000 \SystemRoot\System32\framebuf.dll
0x8A515000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8A52B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8A540000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76F60000 \Windows\System32\ntdll.dll

Processes (total 18):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
360 csrss.exe
396 csrss.exe
404 C:\Windows\System32\wininit.exe
440 C:\Windows\System32\winlogon.exe
480 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
1224 C:\Windows\explorer.exe
1624 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1900 H:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

2010/11/13 09:05:38.0516 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 09:05:38.0516 ================================================================================
2010/11/13 09:05:38.0516 SystemInfo:
2010/11/13 09:05:38.0516
2010/11/13 09:05:38.0516 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/13 09:05:38.0516 Product type: Workstation
2010/11/13 09:05:38.0516 ComputerName: HOME-PC
2010/11/13 09:05:38.0516 UserName: Tricia
2010/11/13 09:05:38.0516 Windows directory: C:\Windows
2010/11/13 09:05:38.0516 System windows directory: C:\Windows
2010/11/13 09:05:38.0516 Processor architecture: Intel x86
2010/11/13 09:05:38.0516 Number of processors: 4
2010/11/13 09:05:38.0516 Page size: 0x1000
2010/11/13 09:05:38.0516 Boot type: Safe boot
2010/11/13 09:05:38.0516 ================================================================================
2010/11/13 09:05:38.0797 Initialize success
2010/11/13 09:05:45.0645 ================================================================================
2010/11/13 09:05:45.0645 Scan started
2010/11/13 09:05:45.0645 Mode: Manual;
2010/11/13 09:05:45.0645 ================================================================================
2010/11/13 09:05:46.0488 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/13 09:05:46.0597 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/13 09:05:46.0644 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/13 09:05:46.0691 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/13 09:05:46.0769 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/13 09:05:46.0847 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2010/11/13 09:05:46.0925 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/13 09:05:47.0003 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/11/13 09:05:47.0049 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/13 09:05:47.0159 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2010/11/13 09:05:47.0190 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/11/13 09:05:47.0221 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2010/11/13 09:05:47.0315 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/13 09:05:47.0361 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/11/13 09:05:47.0455 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/13 09:05:47.0517 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/13 09:05:47.0580 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/13 09:05:47.0642 atapi (61ca2c1e145809813c28752298cf9843) C:\Windows\system32\drivers\atapi.sys
2010/11/13 09:05:47.0767 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/13 09:05:47.0907 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/13 09:05:47.0970 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/13 09:05:48.0032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/13 09:05:48.0079 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/13 09:05:48.0126 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/13 09:05:48.0173 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/13 09:05:48.0204 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/13 09:05:48.0235 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/13 09:05:48.0282 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/13 09:05:48.0469 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/13 09:05:48.0547 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/13 09:05:48.0625 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\Windows\system32\drivers\cfwids.sys
2010/11/13 09:05:48.0687 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/13 09:05:48.0750 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/13 09:05:48.0781 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2010/11/13 09:05:48.0828 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2010/11/13 09:05:48.0875 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/13 09:05:48.0906 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/13 09:05:48.0953 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/13 09:05:49.0077 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/13 09:05:49.0155 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/13 09:05:49.0202 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/13 09:05:49.0296 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/11/13 09:05:49.0374 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/13 09:05:49.0452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/13 09:05:49.0530 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/13 09:05:49.0608 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/13 09:05:49.0639 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/13 09:05:49.0670 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/13 09:05:49.0764 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/13 09:05:49.0811 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/13 09:05:49.0842 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/13 09:05:49.0904 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/13 09:05:49.0998 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/13 09:05:50.0029 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/13 09:05:50.0138 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/11/13 09:05:50.0201 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/13 09:05:50.0263 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/13 09:05:50.0294 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/13 09:05:50.0325 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/13 09:05:50.0372 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/13 09:05:50.0435 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/13 09:05:50.0481 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/11/13 09:05:50.0528 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/13 09:05:50.0559 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/13 09:05:50.0622 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/13 09:05:50.0684 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2010/11/13 09:05:50.0700 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/13 09:05:50.0747 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/13 09:05:50.0778 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
2010/11/13 09:05:50.0825 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/13 09:05:50.0871 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/13 09:05:50.0949 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/13 09:05:50.0981 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/13 09:05:51.0012 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/13 09:05:51.0043 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/11/13 09:05:51.0090 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/13 09:05:51.0137 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/13 09:05:51.0199 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/13 09:05:51.0246 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/13 09:05:51.0339 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/13 09:05:51.0371 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/13 09:05:51.0449 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/13 09:05:51.0511 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/13 09:05:51.0558 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/13 09:05:51.0589 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/13 09:05:51.0636 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/13 09:05:51.0714 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys
2010/11/13 09:05:51.0839 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/13 09:05:51.0901 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/13 09:05:51.0948 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\Windows\system32\drivers\mfeapfk.sys
2010/11/13 09:05:51.0979 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\Windows\system32\drivers\mfeavfk.sys
2010/11/13 09:05:52.0010 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\Windows\system32\drivers\mfebopk.sys
2010/11/13 09:05:52.0088 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\Windows\system32\drivers\mfefirek.sys
2010/11/13 09:05:52.0166 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\Windows\system32\drivers\mfehidk.sys
2010/11/13 09:05:52.0213 mfenlfk (738ea065c00112c46a64ecf7f6d81902) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/11/13 09:05:52.0275 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\Windows\system32\drivers\mferkdet.sys
2010/11/13 09:05:52.0369 mfewfpk (53ed75f57e87831d3651ff32cb3d5648) C:\Windows\system32\drivers\mfewfpk.sys
2010/11/13 09:05:52.0416 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/13 09:05:52.0494 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/13 09:05:52.0541 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/13 09:05:52.0572 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/13 09:05:52.0619 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/13 09:05:52.0650 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/13 09:05:52.0681 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/13 09:05:52.0712 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/13 09:05:52.0743 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/13 09:05:52.0790 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/13 09:05:52.0806 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/13 09:05:52.0837 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/13 09:05:52.0868 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2010/11/13 09:05:52.0899 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/13 09:05:52.0977 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/13 09:05:53.0040 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/13 09:05:53.0133 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/13 09:05:53.0196 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/13 09:05:53.0258 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/13 09:05:53.0305 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/13 09:05:53.0352 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/13 09:05:53.0383 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/13 09:05:53.0430 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/13 09:05:53.0523 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/13 09:05:53.0601 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/13 09:05:53.0695 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/13 09:05:53.0742 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/13 09:05:53.0789 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/13 09:05:53.0820 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/13 09:05:53.0835 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/13 09:05:53.0882 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/13 09:05:53.0945 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/13 09:05:54.0023 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
2010/11/13 09:05:54.0054 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/13 09:05:54.0101 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/13 09:05:54.0163 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/13 09:05:54.0225 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/13 09:05:54.0272 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/13 09:05:54.0319 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/11/13 09:05:54.0366 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/11/13 09:05:54.0413 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/11/13 09:05:54.0522 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/13 09:05:54.0553 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/13 09:05:54.0600 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/13 09:05:54.0615 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/13 09:05:54.0693 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/11/13 09:05:54.0756 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/13 09:05:54.0771 pciide (eb03c52c1cc6ffc31757e0a69fffd5b6) C:\Windows\system32\drivers\pciide.sys
2010/11/13 09:05:54.0803 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/13 09:05:54.0896 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/13 09:05:54.0974 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/13 09:05:55.0005 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/13 09:05:55.0052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/13 09:05:55.0115 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/11/13 09:05:55.0239 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/13 09:05:55.0317 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/13 09:05:55.0380 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/13 09:05:55.0489 R300 (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/13 09:05:55.0551 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/13 09:05:55.0598 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/13 09:05:55.0645 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/13 09:05:55.0676 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/13 09:05:55.0723 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/13 09:05:55.0754 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/13 09:05:55.0817 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/11/13 09:05:55.0848 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/13 09:05:55.0895 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/13 09:05:55.0973 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/13 09:05:56.0019 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/13 09:05:56.0066 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/13 09:05:56.0097 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/13 09:05:56.0113 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/13 09:05:56.0160 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/13 09:05:56.0222 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/11/13 09:05:56.0253 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/13 09:05:56.0269 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/13 09:05:56.0300 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/13 09:05:56.0347 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/11/13 09:05:56.0394 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/11/13 09:05:56.0425 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/13 09:05:56.0487 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/13 09:05:56.0550 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/13 09:05:56.0628 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/11/13 09:05:56.0659 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/13 09:05:56.0675 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/13 09:05:56.0721 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2010/11/13 09:05:56.0799 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/13 09:05:56.0846 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/13 09:05:56.0877 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/13 09:05:56.0909 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/13 09:05:56.0971 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/13 09:05:57.0033 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/13 09:05:57.0065 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/13 09:05:57.0111 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/13 09:05:57.0143 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/13 09:05:57.0174 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/13 09:05:57.0221 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/13 09:05:57.0283 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/13 09:05:57.0330 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/13 09:05:57.0361 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/13 09:05:57.0408 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/11/13 09:05:57.0439 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/13 09:05:57.0486 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/13 09:05:57.0517 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/13 09:05:57.0548 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/13 09:05:57.0579 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/13 09:05:57.0595 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/13 09:05:57.0673 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2010/11/13 09:05:57.0720 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/13 09:05:57.0751 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/13 09:05:57.0798 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/13 09:05:57.0829 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/13 09:05:57.0860 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/13 09:05:57.0891 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/13 09:05:57.0985 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/13 09:05:58.0001 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2010/11/13 09:05:58.0047 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/13 09:05:58.0094 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/13 09:05:58.0125 USB_RNDIS_XP (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
2010/11/13 09:05:58.0219 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/13 09:05:58.0250 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/13 09:05:58.0297 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/11/13 09:05:58.0328 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/13 09:05:58.0359 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2010/11/13 09:05:58.0406 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/13 09:05:58.0453 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/13 09:05:58.0515 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/13 09:05:58.0547 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/13 09:05:58.0609 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/13 09:05:58.0640 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/13 09:05:58.0687 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/13 09:05:58.0734 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2010/11/13 09:05:58.0765 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/13 09:05:58.0827 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/13 09:05:58.0905 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/13 09:05:58.0952 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/11/13 09:05:59.0015 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/13 09:05:59.0061 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/13 09:05:59.0124 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/13 09:05:59.0186 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/13 09:05:59.0342 ================================================================================
2010/11/13 09:05:59.0342 Scan finished
2010/11/13 09:05:59.0342 ================================================================================

Still having problems now?

I do not believe the home computer is back to normal. When I started it in normal mode, here are the abnormalities:

a) It took 2-3 minutes for it to boot up in normal mode.
b) There are two Internet Explorer icons on the desk top. Origninally, there was only one. The new one has .lnk after Internet Explorer.
c) The computer would not allow me to turn on the McAfee Real Time Scanning. A window would pop-up for me to turn it on. When I clicked on the turn it on button, it directed me to scan the computer now. When I clicked on this button, it went back to the pop-up that the Real Time Scanning was turned off.
d) I also noticed in the task bar that Windows was performing updates. When I clicked on the icon, it would not show me what it was downloading.

Please review and advise.

Access to ComboFix was denied as it had expired. I drug the CFScript.txt into the svchost.exe, however no log was produced.

Okay, please delete your copy of Combofix and download a copy of it again.

See the below ComboFix.txt log:

ComboFix 10-11-16.02 - Tricia 11/16/2010 20:14:30.2.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2569 [GMT -5:00]
Running from: c:\users\Tricia\Documents\ComboFix.exe
Command switches used :: c:\users\Tricia\Documents\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 01:09 . 2010-11-17 01:10 -------- d-----w- C:\32788R22FWJFW
2010-11-14 16:06 . 2010-10-18 13:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{787B05BA-AE3C-4D89-B6DA-CB157A85F858}\mpengine.dll
2010-11-12 02:54 . 2010-11-12 02:54 -------- d-----w- c:\program files\ESET
2010-11-12 02:02 . 2010-11-12 02:02 -------- d-----w- c:\users\Mel\AppData\Roaming\Malwarebytes
2010-11-05 13:41 . 2010-11-05 13:41 -------- d-----w- c:\users\Tricia\AppData\Local\Apps
2010-10-24 17:12 . 2010-10-24 17:12 -------- d-----w- c:\users\Tricia\AppData\Roaming\Malwarebytes
2010-10-24 17:12 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-24 17:12 . 2010-10-28 00:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-24 17:12 . 2010-10-24 17:12 -------- d-----w- c:\programdata\Malwarebytes
2010-10-24 17:12 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-12 00:43 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-19 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-27 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"HostManager"="c:\program files\Common Files\AOL\1206299303\ee\AOLSoftware.exe" [2008-06-24 41824]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-19 50688]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-3-24 57344]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://broadband.zoomtown.com
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 20:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,bb,af,21,30,ab,43,42,a8,0f,dd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,bb,af,21,30,ab,43,42,a8,0f,dd,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-16 20:24:47
ComboFix-quarantined-files.txt 2010-11-17 01:24
ComboFix2.txt 2010-11-09 01:43
ComboFix3.txt 2010-11-02 01:40

Pre-Run: 364,963,762,176 bytes free
Post-Run: 364,901,093,376 bytes free

- - End Of File - - 6D2B2C0E1F563C055E3B86C2BDCC2E68

I think that may have fixed it, any change now?

Everything seems normal except for my McAfee Real Time Scanning. I turn it on, but am not able to perform a scan. Also, I keep getting a pop-up box from McAfee saying my computer is at risk and that the Real Time Scanning is turned off.

Does it not turn back on? is it a licensed version of Mcafee?

I get a pop-up from Mcafee that says my computer is at risk. When I open Mcafee, it says the real time scanning is turned off. When I turn the real time scanning on and try to perform a scan, I get another pop-up window that says an unexpected error has ocurred and to click the OK button to go back to the home page. When I go back to the home page, the real time scanning is turned off. I have a licensed version of Mcafee Security Center, Virus Scan, Personal Firewall, Site Advisor, Anti-Spam, and Parental Controls that expire in March, 2011.

Hmm.
I am gonna talk to a colleague and get some theories on it, hold on.

Bump.

Sorry about that, couldn't find your topic after a few days.

Did you try uninstall/re-installing Mcafee?

I removed and re-installed McAfee. Everything is back to normal and is working. Great help with expert advice.