Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit


  • This topic is locked This topic is locked
5 replies to this topic

#1 sideshowblah

sideshowblah

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 09 April 2012 - 04:07 PM

The owner of the PC went out of town so I had no access to it, so the original Topic was closed a couple of hours ago. Sorry. But I am still trying to clean up an infected PC.

the PC will boot normally, and even runs for a couple of hours until it freezes up. But if I run any type of malware scan on it, it will lockup in just a few minutes. this is the log from running the scan in normal mode. But the PC has to be powered off with the power button as everything is frozen after this tool is run. thanks.

16:02:10.0468 0924 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
16:02:16.0625 0924 ============================================================
16:02:16.0625 0924 Current date / time: 2012/04/09 16:02:16.0625
16:02:16.0625 0924 SystemInfo:
16:02:16.0625 0924
16:02:16.0625 0924 OS Version: 5.1.2600 ServicePack: 3.0
16:02:16.0625 0924 Product type: Workstation
16:02:16.0625 0924 ComputerName: CHIROPC
16:02:16.0625 0924 UserName: Administrator
16:02:16.0625 0924 Windows directory: C:\WINDOWS
16:02:16.0625 0924 System windows directory: C:\WINDOWS
16:02:16.0625 0924 Processor architecture: Intel x86
16:02:16.0625 0924 Number of processors: 2
16:02:16.0625 0924 Page size: 0x1000
16:02:16.0625 0924 Boot type: Normal boot
16:02:16.0625 0924 ============================================================
16:02:17.0203 0924 Drive \Device\Harddisk0\DR0 - Size: 0x2543100000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:02:17.0203 0924 \Device\Harddisk0\DR0:
16:02:17.0203 0924 MBR used
16:02:17.0203 0924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF211779
16:02:17.0203 0924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2117B8, BlocksNum 0x3803448
16:02:17.0296 0924 Initialize success
16:02:17.0296 0924 ============================================================
16:04:09.0062 0928 ============================================================
16:04:09.0062 0928 Scan started
16:04:09.0062 0928 Mode: Manual; SigCheck; TDLFS;
16:04:09.0062 0928 ============================================================
16:04:09.0281 0928 Abiosdsk - ok
16:04:09.0296 0928 abp480n5 - ok
16:04:09.0343 0928 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
16:04:09.0734 0928 ac97intc - ok
16:04:09.0921 0928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:04:10.0031 0928 ACPI - ok
16:04:10.0062 0928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:04:10.0156 0928 ACPIEC - ok
16:04:10.0250 0928 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:10.0281 0928 AdobeFlashPlayerUpdateSvc - ok
16:04:10.0312 0928 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:04:10.0437 0928 adpu160m - ok
16:04:10.0500 0928 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
16:04:10.0546 0928 adpu320 ( UnsignedFile.Multi.Generic ) - warning
16:04:10.0546 0928 adpu320 - detected UnsignedFile.Multi.Generic (1)
16:04:10.0609 0928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:04:10.0734 0928 aec - ok
16:04:10.0812 0928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:04:10.0875 0928 AFD - ok
16:04:10.0906 0928 Aha154x - ok
16:04:10.0968 0928 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:04:11.0093 0928 aic78u2 - ok
16:04:11.0140 0928 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:04:11.0265 0928 aic78xx - ok
16:04:11.0296 0928 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:04:11.0671 0928 Alerter - ok
16:04:11.0718 0928 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:04:11.0843 0928 ALG - ok
16:04:11.0859 0928 AliIde - ok
16:04:11.0859 0928 amsint - ok
16:04:11.0984 0928 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
16:04:12.0078 0928 Amsp - ok
16:04:12.0140 0928 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:04:12.0546 0928 AppMgmt - ok
16:04:12.0562 0928 asc - ok
16:04:12.0625 0928 asc3350p - ok
16:04:12.0640 0928 asc3550 - ok
16:04:12.0734 0928 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:04:12.0765 0928 aspnet_state - ok
16:04:12.0843 0928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:04:12.0968 0928 AsyncMac - ok
16:04:12.0984 0928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:04:13.0093 0928 atapi - ok
16:04:13.0093 0928 Atdisk - ok
16:04:13.0171 0928 Ati HotKey Poller (3c513acc655d81a785da4965649fe651) C:\WINDOWS\system32\Ati2evxx.exe
16:04:13.0250 0928 Ati HotKey Poller - ok
16:04:13.0281 0928 ATI Smart (aaed5b889ab0fa4e15bbb15fefa45c7f) C:\WINDOWS\system32\ati2sgag.exe
16:04:13.0343 0928 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
16:04:13.0343 0928 ATI Smart - detected UnsignedFile.Multi.Generic (1)
16:04:13.0546 0928 ati2mtag (8fda4b67b817348ba912f80ccc25301f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:04:13.0687 0928 ati2mtag - ok
16:04:13.0812 0928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:04:13.0921 0928 Atmarpc - ok
16:04:13.0968 0928 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:04:14.0078 0928 AudioSrv - ok
16:04:14.0171 0928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:04:14.0281 0928 audstub - ok
16:04:14.0328 0928 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:04:14.0375 0928 b57w2k - ok
16:04:14.0437 0928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:04:14.0562 0928 Beep - ok
16:04:14.0625 0928 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:04:14.0812 0928 BITS - ok
16:04:14.0984 0928 Blfp (ea4b6baeeafbf901cb54f8321fa7be59) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
16:04:15.0093 0928 Blfp - ok
16:04:15.0187 0928 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:04:15.0312 0928 Browser - ok
16:04:15.0375 0928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:04:15.0515 0928 cbidf2k - ok
16:04:15.0531 0928 cd20xrnt - ok
16:04:15.0578 0928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:04:15.0703 0928 Cdaudio - ok
16:04:15.0750 0928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:04:15.0859 0928 Cdfs - ok
16:04:15.0890 0928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:04:15.0984 0928 Cdrom - ok
16:04:15.0984 0928 cerc6 - ok
16:04:16.0000 0928 Changer - ok
16:04:16.0046 0928 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:04:16.0156 0928 CiSvc - ok
16:04:16.0156 0928 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:04:16.0265 0928 ClipSrv - ok
16:04:16.0390 0928 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:04:16.0468 0928 clr_optimization_v2.0.50727_32 - ok
16:04:16.0468 0928 CmdIde - ok
16:04:16.0484 0928 COMSysApp - ok
16:04:16.0500 0928 Cpqarray - ok
16:04:16.0562 0928 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:04:16.0718 0928 CryptSvc - ok
16:04:16.0718 0928 dac2w2k - ok
16:04:16.0734 0928 dac960nt - ok
16:04:16.0781 0928 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:04:16.0828 0928 DcomLaunch - ok
16:04:16.0875 0928 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:04:16.0984 0928 Dhcp - ok
16:04:17.0031 0928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:04:17.0140 0928 Disk - ok
16:04:17.0187 0928 DM150Drv (5062ca00b96e7c3eb7c1a3ff01d03674) C:\WINDOWS\system32\DRIVERS\DM150Drv.sys
16:04:17.0203 0928 DM150Drv - ok
16:04:17.0203 0928 dmadmin - ok
16:04:17.0265 0928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:04:17.0437 0928 dmboot - ok
16:04:17.0531 0928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
16:04:17.0703 0928 dmio - ok
16:04:17.0750 0928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:04:17.0859 0928 dmload - ok
16:04:17.0906 0928 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:04:18.0250 0928 dmserver - ok
16:04:18.0296 0928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:04:18.0406 0928 DMusic - ok
16:04:18.0437 0928 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:04:18.0515 0928 Dnscache - ok
16:04:18.0640 0928 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:04:18.0812 0928 Dot3svc - ok
16:04:18.0906 0928 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:04:19.0000 0928 Dot4 - ok
16:04:19.0031 0928 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:04:19.0140 0928 Dot4Print - ok
16:04:19.0187 0928 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:04:19.0296 0928 dpti2o - ok
16:04:19.0328 0928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:04:19.0421 0928 drmkaud - ok
16:04:19.0453 0928 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:04:19.0578 0928 E100B - ok
16:04:19.0609 0928 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:04:19.0718 0928 EapHost - ok
16:04:19.0765 0928 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:04:19.0875 0928 ERSvc - ok
16:04:19.0937 0928 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:04:20.0000 0928 Eventlog - ok
16:04:20.0031 0928 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:04:20.0093 0928 EventSystem - ok
16:04:20.0140 0928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:04:20.0250 0928 Fastfat - ok
16:04:20.0296 0928 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:04:20.0359 0928 FastUserSwitchingCompatibility - ok
16:04:20.0406 0928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:04:20.0546 0928 Fdc - ok
16:04:20.0562 0928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:04:20.0671 0928 Fips - ok
16:04:20.0750 0928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:04:20.0843 0928 Flpydisk - ok
16:04:20.0906 0928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:04:21.0000 0928 FltMgr - ok
16:04:21.0140 0928 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:04:21.0140 0928 FontCache3.0.0.0 - ok
16:04:21.0203 0928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:04:21.0312 0928 Fs_Rec - ok
16:04:21.0375 0928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:04:21.0500 0928 Ftdisk - ok
16:04:21.0562 0928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:04:21.0687 0928 Gpc - ok
16:04:21.0796 0928 GSMsgProxy (863b758ed9edbf538bf616ea3b969b36) C:\THOMAS\Update\GSMsgSvc.exe
16:04:21.0843 0928 GSMsgProxy ( UnsignedFile.Multi.Generic ) - warning
16:04:21.0843 0928 GSMsgProxy - detected UnsignedFile.Multi.Generic (1)
16:04:21.0984 0928 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:04:22.0000 0928 gupdate - ok
16:04:22.0046 0928 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:04:22.0046 0928 gupdatem - ok
16:04:22.0203 0928 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:04:22.0203 0928 gusvc - ok
16:04:22.0328 0928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:04:22.0421 0928 HDAudBus - ok
16:04:22.0484 0928 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:04:22.0593 0928 helpsvc - ok
16:04:22.0625 0928 HidServ - ok
16:04:22.0703 0928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:04:22.0828 0928 HidUsb - ok
16:04:22.0875 0928 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:04:23.0000 0928 hkmsvc - ok
16:04:23.0125 0928 Hp.Skyroom.Windows.Service (b11960a86c34e9632cbcc708f2460e4e) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
16:04:23.0156 0928 Hp.Skyroom.Windows.Service ( UnsignedFile.Multi.Generic ) - warning
16:04:23.0156 0928 Hp.Skyroom.Windows.Service - detected UnsignedFile.Multi.Generic (1)
16:04:23.0187 0928 hpn - ok
16:04:23.0281 0928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:04:23.0312 0928 HTTP - ok
16:04:23.0375 0928 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:04:23.0500 0928 HTTPFilter - ok
16:04:23.0562 0928 i2omgmt - ok
16:04:23.0593 0928 i2omp - ok
16:04:23.0671 0928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:04:23.0781 0928 i8042prt - ok
16:04:23.0828 0928 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
16:04:23.0953 0928 i81x - ok
16:04:23.0984 0928 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
16:04:24.0093 0928 iAimFP0 - ok
16:04:24.0109 0928 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
16:04:24.0187 0928 iAimFP1 - ok
16:04:24.0203 0928 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
16:04:24.0281 0928 iAimFP2 - ok
16:04:24.0296 0928 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
16:04:24.0375 0928 iAimFP3 - ok
16:04:24.0421 0928 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
16:04:24.0515 0928 iAimFP4 - ok
16:04:24.0546 0928 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
16:04:24.0671 0928 iAimFP5 - ok
16:04:24.0687 0928 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
16:04:24.0781 0928 iAimFP6 - ok
16:04:24.0796 0928 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
16:04:24.0921 0928 iAimFP7 - ok
16:04:24.0984 0928 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
16:04:25.0078 0928 iAimTV0 - ok
16:04:25.0125 0928 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
16:04:25.0218 0928 iAimTV1 - ok
16:04:25.0250 0928 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
16:04:25.0359 0928 iAimTV3 - ok
16:04:25.0375 0928 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
16:04:25.0484 0928 iAimTV4 - ok
16:04:25.0578 0928 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
16:04:25.0703 0928 iAimTV5 - ok
16:04:25.0703 0928 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
16:04:25.0796 0928 iAimTV6 - ok
16:04:25.0859 0928 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
16:04:25.0859 0928 iaStor - ok
16:04:25.0968 0928 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:04:26.0015 0928 idsvc - ok
16:04:26.0109 0928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:04:26.0234 0928 Imapi - ok
16:04:26.0296 0928 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:04:26.0406 0928 ImapiService - ok
16:04:26.0421 0928 ini910u - ok
16:04:26.0593 0928 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:04:26.0781 0928 IntcAzAudAddService - ok
16:04:26.0953 0928 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:04:27.0062 0928 IntelIde - ok
16:04:27.0093 0928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:04:27.0187 0928 intelppm - ok
16:04:27.0234 0928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:04:27.0343 0928 Ip6Fw - ok
16:04:27.0421 0928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:04:27.0531 0928 IpFilterDriver - ok
16:04:27.0593 0928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:04:27.0718 0928 IpInIp - ok
16:04:27.0796 0928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:04:27.0906 0928 IpNat - ok
16:04:27.0906 0928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:04:28.0296 0928 IPSec - ok
16:04:28.0328 0928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:04:28.0406 0928 IRENUM - ok
16:04:28.0484 0928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:04:28.0625 0928 isapnp - ok
16:04:28.0656 0928 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
16:04:28.0687 0928 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
16:04:28.0687 0928 Iviaspi - detected UnsignedFile.Multi.Generic (1)
16:04:28.0781 0928 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:04:28.0796 0928 IviRegMgr - ok
16:04:28.0921 0928 JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) C:\Program Files\Java\jre6\bin\jqs.exe
16:04:28.0937 0928 JavaQuickStarterService - ok
16:04:29.0000 0928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:04:29.0093 0928 Kbdclass - ok
16:04:29.0125 0928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:04:29.0234 0928 kmixer - ok
16:04:29.0281 0928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:04:29.0359 0928 KSecDD - ok
16:04:29.0453 0928 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:04:29.0500 0928 LanmanServer - ok
16:04:29.0609 0928 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:04:29.0703 0928 lanmanworkstation - ok
16:04:29.0765 0928 lbrtfdc - ok
16:04:29.0859 0928 LightScribeService (e75adcfafdef3f4c3af3332928d59926) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:04:29.0921 0928 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:04:29.0921 0928 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:04:30.0000 0928 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:04:30.0140 0928 LmHosts - ok
16:04:30.0218 0928 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
16:04:30.0250 0928 MBAMProtector - ok
16:04:30.0343 0928 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:04:30.0406 0928 MBAMService - ok
16:04:30.0531 0928 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:04:30.0562 0928 MBAMSwissArmy - ok
16:04:30.0703 0928 MDM (b9fe64f554af6b87d4186262e9a1c5ef) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
16:04:30.0765 0928 MDM ( UnsignedFile.Multi.Generic ) - warning
16:04:30.0765 0928 MDM - detected UnsignedFile.Multi.Generic (1)
16:04:30.0796 0928 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:04:30.0906 0928 Messenger - ok
16:04:30.0953 0928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:04:31.0062 0928 mnmdd - ok
16:04:31.0109 0928 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:04:31.0203 0928 mnmsrvc - ok
16:04:31.0234 0928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:04:31.0343 0928 Modem - ok
16:04:31.0375 0928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:04:31.0515 0928 Mouclass - ok
16:04:31.0609 0928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:04:31.0734 0928 mouhid - ok
16:04:31.0843 0928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:04:31.0953 0928 MountMgr - ok
16:04:31.0953 0928 mraid35x - ok
16:04:31.0984 0928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:04:32.0093 0928 MRxDAV - ok
16:04:32.0140 0928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:04:32.0234 0928 MRxSmb - ok
16:04:32.0265 0928 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:04:32.0375 0928 MSDTC - ok
16:04:32.0437 0928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:04:32.0531 0928 Msfs - ok
16:04:32.0546 0928 MSIServer - ok
16:04:32.0578 0928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:04:32.0656 0928 MSKSSRV - ok
16:04:32.0687 0928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:04:32.0796 0928 MSPCLOCK - ok
16:04:32.0828 0928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:04:32.0937 0928 MSPQM - ok
16:04:33.0015 0928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:04:33.0093 0928 mssmbios - ok
16:04:33.0218 0928 MSSQL$MSSMLBIZ - ok
16:04:33.0234 0928 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:04:33.0250 0928 MSSQLServerADHelper - ok
16:04:33.0312 0928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:04:33.0359 0928 Mup - ok
16:04:33.0390 0928 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:04:33.0515 0928 napagent - ok
16:04:33.0593 0928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:04:33.0703 0928 NDIS - ok
16:04:33.0734 0928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:04:33.0812 0928 NdisTapi - ok
16:04:33.0890 0928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:04:34.0000 0928 Ndisuio - ok
16:04:34.0015 0928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:04:34.0125 0928 NdisWan - ok
16:04:34.0171 0928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:04:34.0218 0928 NDProxy - ok
16:04:34.0265 0928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:04:34.0375 0928 NetBIOS - ok
16:04:34.0468 0928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:04:34.0609 0928 NetBT - ok
16:04:34.0687 0928 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:04:34.0812 0928 NetDDE - ok
16:04:34.0812 0928 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:04:34.0906 0928 NetDDEdsdm - ok
16:04:34.0968 0928 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:04:35.0093 0928 Netlogon - ok
16:04:35.0109 0928 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:04:35.0218 0928 Netman - ok
16:04:35.0328 0928 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:04:35.0343 0928 NetTcpPortSharing - ok
16:04:35.0406 0928 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:04:35.0437 0928 Nla - ok
16:04:35.0546 0928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:04:35.0671 0928 Npfs - ok
16:04:35.0718 0928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:04:35.0843 0928 Ntfs - ok
16:04:35.0875 0928 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:04:35.0968 0928 NtLmSsp - ok
16:04:36.0062 0928 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:04:36.0218 0928 NtmsSvc - ok
16:04:36.0265 0928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:04:36.0390 0928 Null - ok
16:04:36.0453 0928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:04:36.0562 0928 NwlnkFlt - ok
16:04:36.0671 0928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:04:36.0796 0928 NwlnkFwd - ok
16:04:36.0921 0928 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:04:36.0937 0928 ose - ok
16:04:37.0046 0928 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
16:04:37.0156 0928 P3 - ok
16:04:37.0218 0928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:04:37.0312 0928 Parport - ok
16:04:37.0328 0928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:04:37.0421 0928 PartMgr - ok
16:04:37.0453 0928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:04:37.0562 0928 ParVdm - ok
16:04:37.0656 0928 PCA (2a42ddaeaae7743c55a3fa68a7ad9538) C:\WINDOWS\SMINST\PCAngel.exe
16:04:37.0843 0928 PCA ( UnsignedFile.Multi.Generic ) - warning
16:04:37.0843 0928 PCA - detected UnsignedFile.Multi.Generic (1)
16:04:37.0937 0928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:04:38.0046 0928 PCI - ok
16:04:38.0046 0928 PCIDump - ok
16:04:38.0125 0928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:04:38.0234 0928 PCIIde - ok
16:04:38.0296 0928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:04:38.0406 0928 Pcmcia - ok
16:04:38.0500 0928 PDCOMP - ok
16:04:38.0578 0928 pdfcDispatcher - ok
16:04:38.0640 0928 PDFRAME - ok
16:04:38.0656 0928 PDRELI - ok
16:04:38.0671 0928 PDRFRAME - ok
16:04:38.0687 0928 perc2 - ok
16:04:38.0687 0928 perc2hib - ok
16:04:38.0765 0928 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:04:38.0781 0928 PlugPlay - ok
16:04:38.0828 0928 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:04:38.0906 0928 PolicyAgent - ok
16:04:38.0953 0928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:04:39.0046 0928 PptpMiniport - ok
16:04:39.0109 0928 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:04:39.0187 0928 ProtectedStorage - ok
16:04:39.0234 0928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:04:39.0343 0928 PSched - ok
16:04:39.0453 0928 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:04:39.0468 0928 PSI_SVC_2 - ok
16:04:39.0562 0928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:04:39.0703 0928 Ptilink - ok
16:04:39.0734 0928 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:04:39.0734 0928 PxHelp20 - ok
16:04:39.0750 0928 ql1080 - ok
16:04:39.0750 0928 Ql10wnt - ok
16:04:39.0765 0928 ql12160 - ok
16:04:39.0781 0928 ql1240 - ok
16:04:39.0781 0928 ql1280 - ok
16:04:39.0843 0928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:04:39.0953 0928 RasAcd - ok
16:04:39.0984 0928 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:04:40.0093 0928 RasAuto - ok
16:04:40.0140 0928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:04:40.0250 0928 Rasl2tp - ok
16:04:40.0296 0928 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:04:40.0406 0928 RasMan - ok
16:04:40.0421 0928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:04:40.0515 0928 RasPppoe - ok
16:04:40.0562 0928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:04:40.0703 0928 Raspti - ok
16:04:40.0718 0928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:04:40.0828 0928 Rdbss - ok
16:04:40.0875 0928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:04:40.0984 0928 RDPCDD - ok
16:04:41.0000 0928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:04:41.0109 0928 rdpdr - ok
16:04:41.0156 0928 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:04:41.0187 0928 RDPWD - ok
16:04:41.0281 0928 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:04:41.0390 0928 RDSessMgr - ok
16:04:41.0421 0928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:04:41.0812 0928 redbook - ok
16:04:41.0843 0928 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
16:04:41.0859 0928 regi - ok
16:04:41.0906 0928 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:04:42.0015 0928 RemoteAccess - ok
16:04:42.0046 0928 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:04:42.0140 0928 RemoteRegistry - ok
16:04:42.0390 0928 rgsender (fe76e0322316b274d589c1faaece42bb) c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
16:04:42.0515 0928 rgsender - ok
16:04:42.0734 0928 RoxMediaDB10 (5c13017fc008f8492d03143634a479ce) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
16:04:42.0781 0928 RoxMediaDB10 - ok
16:04:42.0921 0928 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:04:43.0015 0928 RpcLocator - ok
16:04:43.0125 0928 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:04:43.0140 0928 RpcSs - ok
16:04:43.0218 0928 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:04:43.0328 0928 RSVP - ok
16:04:43.0375 0928 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:04:43.0453 0928 SamSs - ok
16:04:43.0484 0928 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:04:43.0609 0928 SCardSvr - ok
16:04:43.0671 0928 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:04:43.0781 0928 Schedule - ok
16:04:43.0828 0928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:04:43.0921 0928 Secdrv - ok
16:04:43.0937 0928 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:04:44.0046 0928 seclogon - ok
16:04:44.0046 0928 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:04:44.0156 0928 SENS - ok
16:04:44.0171 0928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:04:44.0265 0928 serenum - ok
16:04:44.0281 0928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:04:44.0375 0928 Serial - ok
16:04:44.0484 0928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:04:44.0609 0928 Sfloppy - ok
16:04:44.0671 0928 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:04:44.0781 0928 SharedAccess - ok
16:04:44.0875 0928 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:04:44.0875 0928 ShellHWDetection - ok
16:04:44.0906 0928 Simbad - ok
16:04:44.0921 0928 Sparrow - ok
16:04:44.0953 0928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:04:45.0093 0928 splitter - ok
16:04:45.0140 0928 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:04:45.0171 0928 Spooler - ok
16:04:45.0312 0928 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:04:45.0328 0928 SQLBrowser - ok
16:04:45.0375 0928 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:04:45.0390 0928 SQLWriter - ok
16:04:45.0437 0928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:04:45.0562 0928 sr - ok
16:04:45.0656 0928 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:04:45.0750 0928 srservice - ok
16:04:45.0781 0928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:04:45.0843 0928 Srv - ok
16:04:45.0890 0928 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:04:46.0015 0928 SSDPSRV - ok
16:04:46.0031 0928 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:04:46.0156 0928 stisvc - ok
16:04:46.0265 0928 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:04:46.0296 0928 stllssvr - ok
16:04:46.0375 0928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:04:46.0515 0928 swenum - ok
16:04:46.0562 0928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:04:46.0703 0928 swmidi - ok
16:04:46.0718 0928 SwPrv - ok
16:04:46.0765 0928 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:04:46.0859 0928 symc810 - ok
16:04:46.0890 0928 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:04:47.0015 0928 symc8xx - ok
16:04:47.0046 0928 Symmpi (a42f863305943869ba00a613c8ee8c7e) C:\WINDOWS\system32\DRIVERS\symmpi.sys
16:04:47.0093 0928 Symmpi ( UnsignedFile.Multi.Generic ) - warning
16:04:47.0093 0928 Symmpi - detected UnsignedFile.Multi.Generic (1)
16:04:47.0125 0928 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:04:47.0234 0928 sym_hi - ok
16:04:47.0281 0928 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:04:47.0390 0928 sym_u3 - ok
16:04:47.0468 0928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:04:47.0593 0928 sysaudio - ok
16:04:47.0671 0928 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:04:47.0765 0928 SysmonLog - ok
16:04:47.0828 0928 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:04:47.0921 0928 TapiSrv - ok
16:04:48.0000 0928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:04:48.0046 0928 Tcpip - ok
16:04:48.0093 0928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:04:48.0187 0928 TDPIPE - ok
16:04:48.0234 0928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:04:48.0343 0928 TDTCP - ok
16:04:48.0359 0928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:04:48.0484 0928 TermDD - ok
16:04:48.0531 0928 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:04:48.0640 0928 TermService - ok
16:04:48.0687 0928 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:04:48.0703 0928 Themes - ok
16:04:48.0750 0928 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:04:48.0859 0928 TlntSvr - ok
16:04:48.0906 0928 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
16:04:48.0921 0928 tmactmon - ok
16:04:49.0015 0928 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
16:04:49.0031 0928 tmcomm - ok
16:04:49.0031 0928 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
16:04:49.0046 0928 tmevtmgr - ok
16:04:49.0109 0928 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
16:04:49.0125 0928 tmtdi - ok
16:04:49.0125 0928 TosIde - ok
16:04:49.0187 0928 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:04:49.0281 0928 TrkWks - ok
16:04:49.0343 0928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:04:49.0437 0928 Udfs - ok
16:04:49.0453 0928 ultra - ok
16:04:49.0484 0928 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:04:49.0531 0928 UMWdf - ok
16:04:49.0609 0928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:04:49.0750 0928 Update - ok
16:04:49.0812 0928 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:04:49.0953 0928 upnphost - ok
16:04:50.0015 0928 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:04:50.0125 0928 UPS - ok
16:04:50.0187 0928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:04:50.0296 0928 usbccgp - ok
16:04:50.0359 0928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:04:50.0453 0928 usbehci - ok
16:04:50.0468 0928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:04:50.0687 0928 usbhub - ok
16:04:50.0687 0928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:04:50.0796 0928 usbscan - ok
16:04:50.0843 0928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:04:50.0953 0928 USBSTOR - ok
16:04:51.0015 0928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:04:51.0109 0928 usbuhci - ok
16:04:51.0125 0928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:04:51.0234 0928 VgaSave - ok
16:04:51.0250 0928 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:04:51.0359 0928 ViaIde - ok
16:04:51.0406 0928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:04:51.0546 0928 VolSnap - ok
16:04:51.0609 0928 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:04:51.0718 0928 VSS - ok
16:04:51.0812 0928 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:04:51.0906 0928 W32Time - ok
16:04:51.0968 0928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:04:52.0062 0928 Wanarp - ok
16:04:52.0078 0928 WDICA - ok
16:04:52.0125 0928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:04:52.0234 0928 wdmaud - ok
16:04:52.0296 0928 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:04:52.0406 0928 WebClient - ok
16:04:52.0468 0928 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:04:52.0578 0928 winmgmt - ok
16:04:52.0625 0928 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
16:04:52.0656 0928 WmdmPmSN - ok
16:04:52.0718 0928 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:04:52.0750 0928 Wmi - ok
16:04:52.0890 0928 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:04:52.0968 0928 WmiAcpi - ok
16:04:53.0046 0928 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:04:53.0171 0928 WmiApSrv - ok
16:04:53.0218 0928 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:04:53.0328 0928 wscsvc - ok
16:04:53.0406 0928 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:04:53.0531 0928 wuauserv - ok
16:04:53.0625 0928 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:04:53.0718 0928 WZCSVC - ok
16:04:53.0750 0928 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:04:53.0859 0928 xmlprov - ok
16:04:53.0984 0928 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:04:54.0015 0928 YahooAUService - ok
16:04:54.0062 0928 MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
16:04:54.0312 0928 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:04:54.0312 0928 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:04:54.0312 0928 Boot (0x1200) (a09a38c95be35ee4feaf3bdab89d7d7d) \Device\Harddisk0\DR0\Partition0
16:04:54.0312 0928 \Device\Harddisk0\DR0\Partition0 - ok
16:04:54.0343 0928 Boot (0x1200) (0b77eb07b51dea09f005e77e00d025c5) \Device\Harddisk0\DR0\Partition1
16:04:54.0343 0928 \Device\Harddisk0\DR0\Partition1 - ok
16:04:54.0343 0928 ============================================================
16:04:54.0343 0928 Scan finished
16:04:54.0343 0928 ============================================================
16:04:54.0453 3628 Detected object count: 10
16:04:54.0453 3628 Actual detected object count: 10
16:08:18.0031 3628 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0062 3628 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0062 3628 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0062 3628 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0062 3628 GSMsgProxy ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0062 3628 GSMsgProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0062 3628 Hp.Skyroom.Windows.Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0078 3628 Hp.Skyroom.Windows.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0078 3628 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0078 3628 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0078 3628 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0078 3628 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0078 3628 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0078 3628 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0093 3628 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0093 3628 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0109 3628 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:18.0109 3628 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:08:18.0968 3628 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:08:19.0046 3628 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:08:42.0218 3628 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 14 April 2012 - 08:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators...

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

===

Please run the TDSSKiller tool again and post a fresh log.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs for my review.

#3 sideshowblah

sideshowblah
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 18 April 2012 - 09:07 AM

Thanks for the steps. I am having a problem getting the PC running right now. I will post the results once I get this thing up and running.

#4 sideshowblah

sideshowblah
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 23 April 2012 - 08:28 AM

Tried to run these things remotely this morning and failed miserably. I will drive over there Wed and run them in person. Thanks.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 29 April 2012 - 07:49 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:09 PM

Posted 05 May 2012 - 09:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users