Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable Rootkit, log says TBL4@MBR


  • This topic is locked This topic is locked
5 replies to this topic

#1 sideshowblah

sideshowblah

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 30 March 2012 - 01:02 PM

Hi,
I was trying to help speed up a slow Windows XP Pro PC and it looks like it is infected. I ran the Trial version of MalwareBytes and it popped up and told me that it was blocking access to several IPs. I ran the tools that were recommended on this site and have the logs here. The GMER log says : TDL4@MBR code has been found. Thanks for any help.

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 16:14:26 on 2012-03-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2213 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\THOMAS\Update\GSMsgSvc.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn2\ytbb.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmws
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe /lock
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [FRYMXINS] "c:\program files\ati technologies\fire gl 3d studio max\atiimxgl"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Mailstation Assistant] c:\program files\pitney bowes\mailstation 2\mailstationAssistant minimize
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1319647157046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/event/ieatgpc.cab
TCP: Interfaces\{A1A08A80-05E8-49B5-ACFD-60125D877839} : NameServer = 192.168.1.1
Filter: text/html - {60d3c308-f4fb-4376-9e4c-6fee9d97a202} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2010-11-4 188272]
R2 GSMsgProxy;GS Messaging Proxy Service;c:\thomas\update\GSMsgSvc.exe [2008-12-1 70144]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\hewlett-packard\hp skyroom\Hp.Skyroom.Windows.Service.exe [2009-9-3 116224]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-26 652360]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-10-14 623640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rgsender;Remote Graphics Sender;c:\program files\hewlett-packard\hp skyroom\remote graphics sender\rgsender.exe [2009-10-14 3843640]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-11-4 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-26 20464]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-3 136176]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2009-11-12 20600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-3 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-28 40776]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-9 1112560]
.
=============== Created Last 30 ================
.
2012-03-28 12:14:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-13 17:02:14 -------- d-----w- C:\e
2012-03-13 17:02:13 -------- d-----w- C:\Data
.
==================== Find3M ====================
.
2012-03-21 19:27:00 2516 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2012-02-24 18:12:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 16:16:47.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:58 AM

Posted 30 March 2012 - 03:32 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 sideshowblah

sideshowblah
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 03 April 2012 - 02:18 PM

Sorry , cannot keep the PC running to finish the scan, so will try it in Safe Mode next.

thanks

#4 sideshowblah

sideshowblah
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 04 April 2012 - 10:27 AM

I attached the report file, and like it says it had to be run from Safe Mode.

11:05:31.0062 1208 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
11:05:31.0093 1208 ============================================================
11:05:31.0093 1208 Current date / time: 2012/04/04 11:05:31.0093
11:05:31.0093 1208 SystemInfo:
11:05:31.0093 1208
11:05:31.0093 1208 OS Version: 5.1.2600 ServicePack: 3.0
11:05:31.0093 1208 Product type: Workstation
11:05:31.0093 1208 ComputerName: CPC
11:05:31.0093 1208 UserName: Administrator
11:05:31.0093 1208 Windows directory: C:\WINDOWS
11:05:31.0093 1208 System windows directory: C:\WINDOWS
11:05:31.0093 1208 Processor architecture: Intel x86
11:05:31.0093 1208 Number of processors: 2
11:05:31.0093 1208 Page size: 0x1000
11:05:31.0093 1208 Boot type: Safe boot
11:05:31.0093 1208 ============================================================
11:05:32.0562 1208 Drive \Device\Harddisk0\DR0 - Size: 0x2543100000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:05:32.0562 1208 \Device\Harddisk0\DR0:
11:05:32.0562 1208 MBR used
11:05:32.0562 1208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF211779
11:05:32.0562 1208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2117B8, BlocksNum 0x3803448
11:05:32.0750 1208 Initialize success
11:05:32.0750 1208 ============================================================
11:05:48.0609 1228 ============================================================
11:05:48.0609 1228 Scan started
11:05:48.0609 1228 Mode: Manual; SigCheck; TDLFS;
11:05:48.0609 1228 ============================================================
11:05:48.0906 1228 Abiosdsk - ok
11:05:49.0000 1228 abp480n5 - ok
11:05:49.0140 1228 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
11:05:50.0875 1228 ac97intc - ok
11:05:51.0062 1228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:05:51.0203 1228 ACPI - ok
11:05:51.0343 1228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:05:51.0421 1228 ACPIEC - ok
11:05:51.0531 1228 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:05:51.0546 1228 AdobeFlashPlayerUpdateSvc - ok
11:05:51.0625 1228 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:05:51.0718 1228 adpu160m - ok
11:05:51.0765 1228 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
11:05:51.0781 1228 adpu320 ( UnsignedFile.Multi.Generic ) - warning
11:05:51.0781 1228 adpu320 - detected UnsignedFile.Multi.Generic (1)
11:05:51.0843 1228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:05:51.0921 1228 aec - ok
11:05:51.0984 1228 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:05:52.0031 1228 AFD - ok
11:05:52.0046 1228 Aha154x - ok
11:05:52.0125 1228 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:05:52.0218 1228 aic78u2 - ok
11:05:52.0281 1228 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:05:52.0375 1228 aic78xx - ok
11:05:52.0406 1228 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:05:52.0500 1228 Alerter - ok
11:05:52.0515 1228 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:05:52.0609 1228 ALG - ok
11:05:52.0625 1228 AliIde - ok
11:05:52.0656 1228 amsint - ok
11:05:52.0796 1228 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
11:05:52.0859 1228 Amsp - ok
11:05:53.0015 1228 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:05:53.0109 1228 AppMgmt - ok
11:05:53.0125 1228 asc - ok
11:05:53.0140 1228 asc3350p - ok
11:05:53.0156 1228 asc3550 - ok
11:05:53.0312 1228 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:05:53.0390 1228 aspnet_state - ok
11:05:53.0484 1228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:05:53.0578 1228 AsyncMac - ok
11:05:53.0640 1228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:05:53.0718 1228 atapi - ok
11:05:53.0718 1228 Atdisk - ok
11:05:53.0875 1228 Ati HotKey Poller (3c513acc655d81a785da4965649fe651) C:\WINDOWS\system32\Ati2evxx.exe
11:05:53.0953 1228 Ati HotKey Poller - ok
11:05:54.0031 1228 ATI Smart (aaed5b889ab0fa4e15bbb15fefa45c7f) C:\WINDOWS\system32\ati2sgag.exe
11:05:54.0062 1228 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
11:05:54.0062 1228 ATI Smart - detected UnsignedFile.Multi.Generic (1)
11:05:54.0218 1228 ati2mtag (8fda4b67b817348ba912f80ccc25301f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:05:54.0437 1228 ati2mtag - ok
11:05:54.0578 1228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:05:54.0687 1228 Atmarpc - ok
11:05:54.0765 1228 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:05:54.0859 1228 AudioSrv - ok
11:05:55.0000 1228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:05:55.0062 1228 audstub - ok
11:05:55.0125 1228 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:05:55.0140 1228 b57w2k - ok
11:05:55.0187 1228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:05:55.0281 1228 Beep - ok
11:05:55.0343 1228 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:05:55.0468 1228 BITS - ok
11:05:55.0562 1228 Blfp (ea4b6baeeafbf901cb54f8321fa7be59) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
11:05:55.0609 1228 Blfp - ok
11:05:55.0625 1228 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:05:55.0734 1228 Browser - ok
11:05:55.0859 1228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:05:55.0953 1228 cbidf2k - ok
11:05:55.0984 1228 cd20xrnt - ok
11:05:56.0015 1228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:05:56.0109 1228 Cdaudio - ok
11:05:56.0156 1228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:05:56.0218 1228 Cdfs - ok
11:05:56.0250 1228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:05:56.0343 1228 Cdrom - ok
11:05:56.0343 1228 cerc6 - ok
11:05:56.0359 1228 Changer - ok
11:05:56.0406 1228 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:05:56.0484 1228 CiSvc - ok
11:05:56.0484 1228 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:05:56.0562 1228 ClipSrv - ok
11:05:56.0656 1228 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:56.0703 1228 clr_optimization_v2.0.50727_32 - ok
11:05:56.0718 1228 CmdIde - ok
11:05:56.0750 1228 COMSysApp - ok
11:05:56.0781 1228 Cpqarray - ok
11:05:56.0859 1228 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:05:56.0937 1228 CryptSvc - ok
11:05:56.0968 1228 dac2w2k - ok
11:05:56.0984 1228 dac960nt - ok
11:05:57.0062 1228 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:05:57.0109 1228 DcomLaunch - ok
11:05:57.0156 1228 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:05:57.0265 1228 Dhcp - ok
11:05:57.0296 1228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:05:57.0375 1228 Disk - ok
11:05:57.0406 1228 DM150Drv (5062ca00b96e7c3eb7c1a3ff01d03674) C:\WINDOWS\system32\DRIVERS\DM150Drv.sys
11:05:57.0421 1228 DM150Drv - ok
11:05:57.0421 1228 dmadmin - ok
11:05:57.0484 1228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:05:57.0593 1228 dmboot - ok
11:05:57.0703 1228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
11:05:57.0781 1228 dmio - ok
11:05:57.0843 1228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:05:57.0921 1228 dmload - ok
11:05:57.0984 1228 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:05:58.0046 1228 dmserver - ok
11:05:58.0125 1228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:05:58.0218 1228 DMusic - ok
11:05:58.0250 1228 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:05:58.0359 1228 Dnscache - ok
11:05:58.0421 1228 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:05:58.0531 1228 Dot3svc - ok
11:05:58.0578 1228 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:05:58.0656 1228 Dot4 - ok
11:05:58.0687 1228 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:05:58.0796 1228 Dot4Print - ok
11:05:58.0843 1228 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:05:58.0937 1228 dpti2o - ok
11:05:58.0968 1228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:05:59.0062 1228 drmkaud - ok
11:05:59.0109 1228 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:05:59.0187 1228 E100B - ok
11:05:59.0234 1228 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:05:59.0312 1228 EapHost - ok
11:05:59.0390 1228 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:05:59.0484 1228 ERSvc - ok
11:05:59.0531 1228 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:05:59.0546 1228 Eventlog - ok
11:05:59.0593 1228 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:05:59.0656 1228 EventSystem - ok
11:05:59.0687 1228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:05:59.0781 1228 Fastfat - ok
11:05:59.0843 1228 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:05:59.0906 1228 FastUserSwitchingCompatibility - ok
11:06:00.0031 1228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:06:00.0093 1228 Fdc - ok
11:06:00.0109 1228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:06:00.0187 1228 Fips - ok
11:06:00.0203 1228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:06:00.0281 1228 Flpydisk - ok
11:06:00.0312 1228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:06:00.0375 1228 FltMgr - ok
11:06:00.0515 1228 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:06:00.0515 1228 FontCache3.0.0.0 - ok
11:06:00.0578 1228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:06:00.0671 1228 Fs_Rec - ok
11:06:00.0718 1228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:06:00.0796 1228 Ftdisk - ok
11:06:00.0843 1228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:06:00.0953 1228 Gpc - ok
11:06:01.0046 1228 GSMsgProxy (863b758ed9edbf538bf616ea3b969b36) C:\THOMAS\Update\GSMsgSvc.exe
11:06:01.0109 1228 GSMsgProxy ( UnsignedFile.Multi.Generic ) - warning
11:06:01.0109 1228 GSMsgProxy - detected UnsignedFile.Multi.Generic (1)
11:06:01.0281 1228 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:06:01.0296 1228 gupdate - ok
11:06:01.0343 1228 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:06:01.0343 1228 gupdatem - ok
11:06:01.0468 1228 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:06:01.0484 1228 gusvc - ok
11:06:01.0546 1228 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:06:01.0625 1228 HDAudBus - ok
11:06:01.0671 1228 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:06:01.0750 1228 helpsvc - ok
11:06:01.0750 1228 HidServ - ok
11:06:01.0812 1228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:06:01.0875 1228 HidUsb - ok
11:06:01.0953 1228 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:06:02.0046 1228 hkmsvc - ok
11:06:02.0140 1228 Hp.Skyroom.Windows.Service (b11960a86c34e9632cbcc708f2460e4e) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
11:06:02.0171 1228 Hp.Skyroom.Windows.Service ( UnsignedFile.Multi.Generic ) - warning
11:06:02.0171 1228 Hp.Skyroom.Windows.Service - detected UnsignedFile.Multi.Generic (1)
11:06:02.0218 1228 hpn - ok
11:06:02.0312 1228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:06:02.0343 1228 HTTP - ok
11:06:02.0390 1228 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:06:02.0453 1228 HTTPFilter - ok
11:06:02.0468 1228 i2omgmt - ok
11:06:02.0484 1228 i2omp - ok
11:06:02.0531 1228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:06:02.0609 1228 i8042prt - ok
11:06:02.0656 1228 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
11:06:02.0718 1228 i81x - ok
11:06:02.0875 1228 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
11:06:02.0937 1228 iAimFP0 - ok
11:06:02.0953 1228 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
11:06:03.0015 1228 iAimFP1 - ok
11:06:03.0015 1228 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
11:06:03.0078 1228 iAimFP2 - ok
11:06:03.0109 1228 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
11:06:03.0171 1228 iAimFP3 - ok
11:06:03.0171 1228 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
11:06:03.0250 1228 iAimFP4 - ok
11:06:03.0375 1228 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
11:06:03.0453 1228 iAimFP5 - ok
11:06:03.0484 1228 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
11:06:03.0546 1228 iAimFP6 - ok
11:06:03.0640 1228 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
11:06:03.0703 1228 iAimFP7 - ok
11:06:03.0734 1228 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
11:06:03.0796 1228 iAimTV0 - ok
11:06:03.0812 1228 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
11:06:03.0875 1228 iAimTV1 - ok
11:06:03.0875 1228 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
11:06:03.0937 1228 iAimTV3 - ok
11:06:03.0953 1228 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
11:06:04.0031 1228 iAimTV4 - ok
11:06:04.0031 1228 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
11:06:04.0109 1228 iAimTV5 - ok
11:06:04.0125 1228 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
11:06:04.0171 1228 iAimTV6 - ok
11:06:04.0296 1228 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
11:06:04.0312 1228 iaStor - ok
11:06:04.0468 1228 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:06:04.0500 1228 idsvc - ok
11:06:04.0546 1228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:06:04.0687 1228 Imapi - ok
11:06:04.0765 1228 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:06:04.0843 1228 ImapiService - ok
11:06:04.0875 1228 ini910u - ok
11:06:05.0093 1228 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:06:05.0343 1228 IntcAzAudAddService - ok
11:06:05.0531 1228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:06:05.0609 1228 IntelIde - ok
11:06:05.0687 1228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:06:05.0765 1228 intelppm - ok
11:06:05.0875 1228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:06:05.0968 1228 Ip6Fw - ok
11:06:06.0015 1228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:06:06.0125 1228 IpFilterDriver - ok
11:06:06.0171 1228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:06:06.0265 1228 IpInIp - ok
11:06:06.0312 1228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:06:06.0390 1228 IpNat - ok
11:06:06.0406 1228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:06:06.0468 1228 IPSec - ok
11:06:06.0500 1228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:06:06.0593 1228 IRENUM - ok
11:06:06.0609 1228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:06:06.0687 1228 isapnp - ok
11:06:06.0734 1228 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
11:06:06.0734 1228 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
11:06:06.0734 1228 Iviaspi - detected UnsignedFile.Multi.Generic (1)
11:06:06.0828 1228 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:06:06.0875 1228 IviRegMgr - ok
11:06:07.0031 1228 JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) C:\Program Files\Java\jre6\bin\jqs.exe
11:06:07.0031 1228 JavaQuickStarterService - ok
11:06:07.0109 1228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:06:07.0171 1228 Kbdclass - ok
11:06:07.0203 1228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:06:07.0312 1228 kmixer - ok
11:06:07.0390 1228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:06:07.0453 1228 KSecDD - ok
11:06:07.0500 1228 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:06:07.0531 1228 LanmanServer - ok
11:06:07.0593 1228 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:06:07.0671 1228 lanmanworkstation - ok
11:06:07.0671 1228 lbrtfdc - ok
11:06:07.0828 1228 LightScribeService (e75adcfafdef3f4c3af3332928d59926) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:06:07.0859 1228 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:06:07.0859 1228 LightScribeService - detected UnsignedFile.Multi.Generic (1)
11:06:07.0906 1228 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:06:07.0968 1228 LmHosts - ok
11:06:08.0046 1228 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:06:08.0046 1228 MBAMProtector - ok
11:06:08.0140 1228 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:06:08.0156 1228 MBAMService - ok
11:06:08.0281 1228 MDM (b9fe64f554af6b87d4186262e9a1c5ef) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
11:06:08.0296 1228 MDM ( UnsignedFile.Multi.Generic ) - warning
11:06:08.0296 1228 MDM - detected UnsignedFile.Multi.Generic (1)
11:06:08.0359 1228 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:06:08.0453 1228 Messenger - ok
11:06:08.0546 1228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:06:08.0656 1228 mnmdd - ok
11:06:08.0687 1228 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:06:08.0750 1228 mnmsrvc - ok
11:06:08.0796 1228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:06:08.0875 1228 Modem - ok
11:06:08.0890 1228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:06:08.0968 1228 Mouclass - ok
11:06:09.0000 1228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:06:09.0078 1228 mouhid - ok
11:06:09.0140 1228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:06:09.0218 1228 MountMgr - ok
11:06:09.0218 1228 mraid35x - ok
11:06:09.0250 1228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:06:09.0328 1228 MRxDAV - ok
11:06:09.0375 1228 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:06:09.0437 1228 MRxSmb - ok
11:06:09.0468 1228 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:06:09.0546 1228 MSDTC - ok
11:06:09.0609 1228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:06:09.0687 1228 Msfs - ok
11:06:09.0687 1228 MSIServer - ok
11:06:09.0718 1228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:06:09.0796 1228 MSKSSRV - ok
11:06:09.0828 1228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:06:09.0921 1228 MSPCLOCK - ok
11:06:09.0937 1228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:06:10.0031 1228 MSPQM - ok
11:06:10.0062 1228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:06:10.0140 1228 mssmbios - ok
11:06:10.0281 1228 MSSQL$MSSMLBIZ - ok
11:06:10.0312 1228 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:06:10.0312 1228 MSSQLServerADHelper - ok
11:06:10.0437 1228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:06:10.0468 1228 Mup - ok
11:06:10.0562 1228 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:06:10.0640 1228 napagent - ok
11:06:10.0734 1228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:06:10.0796 1228 NDIS - ok
11:06:10.0828 1228 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:06:10.0906 1228 NdisTapi - ok
11:06:11.0000 1228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:06:11.0093 1228 Ndisuio - ok
11:06:11.0109 1228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:06:11.0171 1228 NdisWan - ok
11:06:11.0218 1228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:06:11.0312 1228 NDProxy - ok
11:06:11.0359 1228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:06:11.0437 1228 NetBIOS - ok
11:06:11.0468 1228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:06:11.0546 1228 NetBT - ok
11:06:11.0593 1228 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:06:11.0671 1228 NetDDE - ok
11:06:11.0671 1228 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:06:11.0734 1228 NetDDEdsdm - ok
11:06:11.0796 1228 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:11.0875 1228 Netlogon - ok
11:06:11.0953 1228 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:06:12.0031 1228 Netman - ok
11:06:12.0156 1228 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:06:12.0156 1228 NetTcpPortSharing - ok
11:06:12.0234 1228 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:06:12.0265 1228 Nla - ok
11:06:12.0328 1228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:06:12.0406 1228 Npfs - ok
11:06:12.0437 1228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:06:12.0531 1228 Ntfs - ok
11:06:12.0671 1228 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:12.0750 1228 NtLmSsp - ok
11:06:12.0906 1228 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:06:13.0031 1228 NtmsSvc - ok
11:06:13.0109 1228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:06:13.0187 1228 Null - ok
11:06:13.0296 1228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:06:13.0390 1228 NwlnkFlt - ok
11:06:13.0437 1228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:06:13.0531 1228 NwlnkFwd - ok
11:06:13.0625 1228 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:06:13.0625 1228 ose - ok
11:06:13.0703 1228 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
11:06:13.0812 1228 P3 - ok
11:06:13.0843 1228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:06:13.0921 1228 Parport - ok
11:06:13.0937 1228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:06:14.0015 1228 PartMgr - ok
11:06:14.0031 1228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:06:14.0109 1228 ParVdm - ok
11:06:14.0156 1228 PCA (2a42ddaeaae7743c55a3fa68a7ad9538) C:\WINDOWS\SMINST\PCAngel.exe
11:06:14.0218 1228 PCA ( UnsignedFile.Multi.Generic ) - warning
11:06:14.0218 1228 PCA - detected UnsignedFile.Multi.Generic (1)
11:06:14.0281 1228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:06:14.0359 1228 PCI - ok
11:06:14.0375 1228 PCIDump - ok
11:06:14.0453 1228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:06:14.0546 1228 PCIIde - ok
11:06:14.0609 1228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:06:14.0703 1228 Pcmcia - ok
11:06:14.0718 1228 PDCOMP - ok
11:06:14.0812 1228 pdfcDispatcher - ok
11:06:14.0812 1228 PDFRAME - ok
11:06:14.0828 1228 PDRELI - ok
11:06:14.0843 1228 PDRFRAME - ok
11:06:14.0859 1228 perc2 - ok
11:06:14.0875 1228 perc2hib - ok
11:06:14.0953 1228 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:06:14.0968 1228 PlugPlay - ok
11:06:15.0015 1228 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:15.0078 1228 PolicyAgent - ok
11:06:15.0125 1228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:06:15.0203 1228 PptpMiniport - ok
11:06:15.0203 1228 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:15.0265 1228 ProtectedStorage - ok
11:06:15.0296 1228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:06:15.0375 1228 PSched - ok
11:06:15.0484 1228 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
11:06:15.0500 1228 PSI_SVC_2 - ok
11:06:15.0562 1228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:06:15.0640 1228 Ptilink - ok
11:06:15.0687 1228 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:06:15.0703 1228 PxHelp20 - ok
11:06:15.0703 1228 ql1080 - ok
11:06:15.0718 1228 Ql10wnt - ok
11:06:15.0734 1228 ql12160 - ok
11:06:15.0734 1228 ql1240 - ok
11:06:15.0750 1228 ql1280 - ok
11:06:15.0812 1228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:06:15.0875 1228 RasAcd - ok
11:06:15.0937 1228 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:06:16.0031 1228 RasAuto - ok
11:06:16.0062 1228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:06:16.0140 1228 Rasl2tp - ok
11:06:16.0281 1228 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:06:16.0359 1228 RasMan - ok
11:06:16.0421 1228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:06:16.0484 1228 RasPppoe - ok
11:06:16.0531 1228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:06:16.0609 1228 Raspti - ok
11:06:16.0625 1228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:06:16.0687 1228 Rdbss - ok
11:06:16.0750 1228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:06:16.0812 1228 RDPCDD - ok
11:06:16.0875 1228 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:06:16.0984 1228 rdpdr - ok
11:06:17.0031 1228 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:06:17.0093 1228 RDPWD - ok
11:06:17.0140 1228 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:06:17.0203 1228 RDSessMgr - ok
11:06:17.0250 1228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:06:17.0359 1228 redbook - ok
11:06:17.0406 1228 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
11:06:17.0437 1228 regi - ok
11:06:17.0500 1228 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:06:17.0578 1228 RemoteAccess - ok
11:06:17.0640 1228 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:06:17.0718 1228 RemoteRegistry - ok
11:06:17.0921 1228 rgsender (fe76e0322316b274d589c1faaece42bb) c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
11:06:18.0062 1228 rgsender - ok
11:06:18.0265 1228 RoxMediaDB10 (5c13017fc008f8492d03143634a479ce) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:06:18.0343 1228 RoxMediaDB10 - ok
11:06:18.0468 1228 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:06:18.0531 1228 RpcLocator - ok
11:06:18.0625 1228 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:06:18.0656 1228 RpcSs - ok
11:06:18.0718 1228 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:06:18.0796 1228 RSVP - ok
11:06:18.0921 1228 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:18.0984 1228 SamSs - ok
11:06:19.0000 1228 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:06:19.0062 1228 SCardSvr - ok
11:06:19.0125 1228 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:06:19.0203 1228 Schedule - ok
11:06:19.0265 1228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:06:19.0343 1228 Secdrv - ok
11:06:19.0406 1228 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:06:19.0500 1228 seclogon - ok
11:06:19.0546 1228 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:06:19.0609 1228 SENS - ok
11:06:19.0625 1228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:06:19.0703 1228 serenum - ok
11:06:19.0718 1228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:06:19.0796 1228 Serial - ok
11:06:19.0843 1228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:06:19.0906 1228 Sfloppy - ok
11:06:19.0968 1228 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:06:20.0046 1228 SharedAccess - ok
11:06:20.0093 1228 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:06:20.0109 1228 ShellHWDetection - ok
11:06:20.0140 1228 Simbad - ok
11:06:20.0171 1228 Sparrow - ok
11:06:20.0218 1228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:06:20.0296 1228 splitter - ok
11:06:20.0437 1228 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:06:20.0500 1228 Spooler - ok
11:06:20.0625 1228 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:06:20.0625 1228 SQLBrowser - ok
11:06:20.0687 1228 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:06:20.0687 1228 SQLWriter - ok
11:06:20.0796 1228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:06:20.0906 1228 sr - ok
11:06:20.0953 1228 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:06:21.0031 1228 srservice - ok
11:06:21.0109 1228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:06:21.0171 1228 Srv - ok
11:06:21.0265 1228 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:06:21.0390 1228 SSDPSRV - ok
11:06:21.0406 1228 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:06:21.0500 1228 stisvc - ok
11:06:21.0593 1228 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:06:21.0593 1228 stllssvr - ok
11:06:21.0687 1228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:06:21.0781 1228 swenum - ok
11:06:21.0843 1228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:06:21.0921 1228 swmidi - ok
11:06:21.0937 1228 SwPrv - ok
11:06:21.0968 1228 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:06:22.0046 1228 symc810 - ok
11:06:22.0078 1228 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:06:22.0171 1228 symc8xx - ok
11:06:22.0234 1228 Symmpi (a42f863305943869ba00a613c8ee8c7e) C:\WINDOWS\system32\DRIVERS\symmpi.sys
11:06:22.0265 1228 Symmpi ( UnsignedFile.Multi.Generic ) - warning
11:06:22.0265 1228 Symmpi - detected UnsignedFile.Multi.Generic (1)
11:06:22.0281 1228 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:06:22.0375 1228 sym_hi - ok
11:06:22.0421 1228 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:06:22.0484 1228 sym_u3 - ok
11:06:22.0531 1228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:06:22.0609 1228 sysaudio - ok
11:06:22.0656 1228 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:06:22.0734 1228 SysmonLog - ok
11:06:22.0781 1228 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:06:22.0859 1228 TapiSrv - ok
11:06:22.0906 1228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:06:22.0937 1228 Tcpip - ok
11:06:22.0984 1228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:06:23.0062 1228 TDPIPE - ok
11:06:23.0093 1228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:06:23.0187 1228 TDTCP - ok
11:06:23.0218 1228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:06:23.0296 1228 TermDD - ok
11:06:23.0390 1228 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:06:23.0500 1228 TermService - ok
11:06:23.0593 1228 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:06:23.0593 1228 Themes - ok
11:06:23.0640 1228 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:06:23.0718 1228 TlntSvr - ok
11:06:23.0765 1228 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
11:06:23.0781 1228 tmactmon - ok
11:06:23.0796 1228 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
11:06:23.0796 1228 tmcomm - ok
11:06:23.0812 1228 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
11:06:23.0812 1228 tmevtmgr - ok
11:06:23.0859 1228 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
11:06:23.0875 1228 tmtdi - ok
11:06:23.0875 1228 TosIde - ok
11:06:23.0937 1228 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:06:24.0000 1228 TrkWks - ok
11:06:24.0031 1228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:06:24.0109 1228 Udfs - ok
11:06:24.0125 1228 ultra - ok
11:06:24.0156 1228 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
11:06:24.0218 1228 UMWdf - ok
11:06:24.0265 1228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:06:24.0343 1228 Update - ok
11:06:24.0421 1228 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:06:24.0531 1228 upnphost - ok
11:06:24.0593 1228 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:06:24.0671 1228 UPS - ok
11:06:24.0750 1228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:06:24.0828 1228 usbccgp - ok
11:06:24.0890 1228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:06:24.0968 1228 usbehci - ok
11:06:24.0984 1228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:06:25.0062 1228 usbhub - ok
11:06:25.0062 1228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:06:25.0140 1228 usbscan - ok
11:06:25.0156 1228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:06:25.0250 1228 USBSTOR - ok
11:06:25.0312 1228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:06:25.0390 1228 usbuhci - ok
11:06:25.0437 1228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:06:25.0515 1228 VgaSave - ok
11:06:25.0546 1228 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:06:25.0625 1228 ViaIde - ok
11:06:25.0671 1228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:06:25.0750 1228 VolSnap - ok
11:06:25.0796 1228 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:06:25.0875 1228 VSS - ok
11:06:25.0906 1228 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:06:25.0968 1228 W32Time - ok
11:06:26.0031 1228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:06:26.0093 1228 Wanarp - ok
11:06:26.0109 1228 WDICA - ok
11:06:26.0171 1228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:06:26.0265 1228 wdmaud - ok
11:06:26.0296 1228 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:06:26.0390 1228 WebClient - ok
11:06:26.0468 1228 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:06:26.0546 1228 winmgmt - ok
11:06:26.0609 1228 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
11:06:26.0656 1228 WmdmPmSN - ok
11:06:26.0718 1228 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:06:26.0750 1228 Wmi - ok
11:06:26.0859 1228 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:06:26.0937 1228 WmiAcpi - ok
11:06:27.0015 1228 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:06:27.0078 1228 WmiApSrv - ok
11:06:27.0140 1228 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:06:27.0250 1228 wscsvc - ok
11:06:27.0296 1228 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:06:27.0406 1228 wuauserv - ok
11:06:27.0546 1228 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:06:27.0625 1228 WZCSVC - ok
11:06:27.0671 1228 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:06:27.0750 1228 xmlprov - ok
11:06:27.0906 1228 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:06:27.0968 1228 YahooAUService - ok
11:06:28.0000 1228 MBR (0x1B8) (260b8f4a6c51271c138cc941088332f5) \Device\Harddisk0\DR0
11:06:28.0031 1228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:06:28.0031 1228 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:06:28.0078 1228 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:06:28.0078 1228 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:06:28.0078 1228 Boot (0x1200) (a09a38c95be35ee4feaf3bdab89d7d7d) \Device\Harddisk0\DR0\Partition0
11:06:28.0078 1228 \Device\Harddisk0\DR0\Partition0 - ok
11:06:28.0109 1228 Boot (0x1200) (0b77eb07b51dea09f005e77e00d025c5) \Device\Harddisk0\DR0\Partition1
11:06:28.0109 1228 \Device\Harddisk0\DR0\Partition1 - ok
11:06:28.0109 1228 ============================================================
11:06:28.0109 1228 Scan finished
11:06:28.0109 1228 ============================================================
11:06:28.0218 1220 Detected object count: 11
11:06:28.0218 1220 Actual detected object count: 11
11:07:41.0453 1220 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0453 1220 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0453 1220 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0453 1220 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0453 1220 GSMsgProxy ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0453 1220 GSMsgProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0453 1220 Hp.Skyroom.Windows.Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0453 1220 Hp.Skyroom.Windows.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0468 1220 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0468 1220 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0468 1220 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0468 1220 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0468 1220 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0468 1220 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0484 1220 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0484 1220 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0484 1220 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:41.0484 1220 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:07:41.0921 1220 \Device\Harddisk0\DR0\# - copied to quarantine
11:07:41.0921 1220 \Device\Harddisk0\DR0 - copied to quarantine
11:07:41.0937 1220 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:07:41.0984 1220 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:07:42.0000 1220 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:07:42.0031 1220 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:07:42.0031 1220 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:07:42.0046 1220 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:07:42.0046 1220 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:07:42.0046 1220 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:07:42.0046 1220 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:07:42.0046 1220 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:07:42.0046 1220 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:07:42.0046 1220 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:07:42.0078 1220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:07:42.0109 1220 \Device\Harddisk0\DR0 - ok
11:07:42.0125 1220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:07:42.0125 1220 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:07:42.0125 1220 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:07:52.0500 1200 Deinitialize success

Attached Files


Edited by Noviciate, 04 April 2012 - 01:56 PM.
Log added from attachment.


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:58 AM

Posted 04 April 2012 - 01:59 PM

Good evening. :)

Will you run TDSSKiller again and this time change one item - I want you to allow the tool to fix TDSS File System entries. Let me have the log as before, but also try to boot the PC into Normal Mode and tell me how that goes.

So long, and thanks for all the fish.

 

 


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:58 AM

Posted 09 April 2012 - 01:40 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users