Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/InstallCore.D application


  • Please log in to reply
10 replies to this topic

#1 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W


  • Members
  • 5,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 26 April 2012 - 07:57 PM

I used "swiss knife" to format a usb drive.
After approx 2 weeks I also downloaded a program called "bleachbit".....used it....wasn't impressed......uninstalled it.
At the end of the uninstall process (revo uninstaller) ....I noted that 'freespace' on my PC's 'C' drive actually diminished....by approx 1.5GB...from 230gb to 228gb (with system restore turned off).
I kept an eye on this for few days.....turned off system restore again (it can store quite a number of gb's)(yes...I do have a full back up just in case)....and this made zip difference.
This morning i ran Eset online scanner (with system restore turned off)
It found C:\Documents and Settings\HP_Administrator\Desktop\SPARE PARTS !!!\cnet2_swissknife_exe.exe
which according to Eset is :a variant of Win32/InstallCore.D application
and Eset cleaned by deleting - quarantined
I note that C drive is back to its usual 230Gb
I will wipe my current backup after i have full resolved this little hiccup, because the offending critter is probably on the backup drive as well.

My question is:
Do i need to look further?
Is there any other 'clean up' process I should undertake?
Anything that I have not given thought to...?

Windows XP, SP3, Avira Free, Malwarebytes (paid), Windows firewall, WinPatrol (paid)

Kind Regards,
Brian



Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:01 PM

Posted 26 April 2012 - 08:34 PM

Run this on the Flash drive
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



Where are your backups? A Full scan with MBAM will scann all connected drives. Or select that drive to scan it with Avira.


Virus Characteristics


You should run...

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Edited by boopme, 26 April 2012 - 08:41 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 5,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 26 April 2012 - 11:13 PM

Ran Flash Disinfector on the appropriate flash drives (2), and received the 'Done" sign at the end.
Ran both malwarebytes and Avira on the hard drive (external) which contains my backup...All clear.
Ran TDSS Killer...All clear.....log below::


19:27:08.0578 1336 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
19:27:09.0515 1336 ============================================================
19:27:09.0515 1336 Current date / time: 2012/01/23 19:27:09.0515
19:27:09.0515 1336 SystemInfo:
19:27:09.0515 1336
19:27:09.0515 1336 OS Version: 5.1.2600 ServicePack: 3.0
19:27:09.0515 1336 Product type: Workstation
19:27:09.0515 1336 ComputerName: BRIANS
19:27:09.0515 1336 UserName: HP_Administrator
19:27:09.0515 1336 Windows directory: C:\WINDOWS
19:27:09.0515 1336 System windows directory: C:\WINDOWS
19:27:09.0515 1336 Processor architecture: Intel x86
19:27:09.0515 1336 Number of processors: 2
19:27:09.0515 1336 Page size: 0x1000
19:27:09.0515 1336 Boot type: Normal boot
19:27:09.0515 1336 ============================================================
19:27:09.0953 1336 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:27:10.0015 1336 Initialize success
19:27:57.0953 2376 ============================================================
19:27:57.0953 2376 Scan started
19:27:57.0953 2376 Mode: Manual; SigCheck; TDLFS;
19:27:57.0953 2376 ============================================================
19:27:58.0359 2376 3xHybrid (daa56817eee5afd8f1ef608763d6fad9) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
19:27:58.0640 2376 3xHybrid - ok
19:27:58.0703 2376 Abiosdsk - ok
19:27:58.0718 2376 abp480n5 - ok
19:27:58.0765 2376 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:27:58.0906 2376 ACPI - ok
19:27:58.0921 2376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:27:59.0046 2376 ACPIEC - ok
19:27:59.0062 2376 adpu160m - ok
19:27:59.0093 2376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:27:59.0203 2376 aec - ok
19:27:59.0281 2376 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:27:59.0296 2376 AFD - ok
19:27:59.0312 2376 Aha154x - ok
19:27:59.0328 2376 aic78u2 - ok
19:27:59.0328 2376 aic78xx - ok
19:27:59.0359 2376 AliIde - ok
19:27:59.0375 2376 amsint - ok
19:27:59.0437 2376 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:27:59.0562 2376 Arp1394 - ok
19:27:59.0593 2376 asc - ok
19:27:59.0609 2376 asc3350p - ok
19:27:59.0625 2376 asc3550 - ok
19:27:59.0671 2376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:27:59.0796 2376 AsyncMac - ok
19:27:59.0859 2376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:27:59.0984 2376 atapi - ok
19:28:00.0031 2376 Atdisk - ok
19:28:00.0093 2376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:28:00.0218 2376 Atmarpc - ok
19:28:00.0265 2376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:28:00.0390 2376 audstub - ok
19:28:00.0453 2376 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:28:00.0484 2376 avgntflt - ok
19:28:00.0500 2376 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:28:00.0515 2376 avipbb - ok
19:28:00.0593 2376 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:28:00.0609 2376 avkmgr - ok
19:28:00.0656 2376 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
19:28:00.0703 2376 bb-run - ok
19:28:00.0734 2376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:28:00.0859 2376 Beep - ok
19:28:00.0937 2376 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:28:01.0062 2376 BthEnum - ok
19:28:01.0125 2376 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:28:01.0250 2376 BTHMODEM - ok
19:28:01.0296 2376 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:28:01.0421 2376 BthPan - ok
19:28:01.0484 2376 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
19:28:01.0500 2376 BTHPORT - ok
19:28:01.0531 2376 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:28:01.0640 2376 BTHUSB - ok
19:28:01.0687 2376 CA561 - ok
19:28:01.0750 2376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:28:01.0859 2376 cbidf2k - ok
19:28:01.0906 2376 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:28:02.0031 2376 CCDECODE - ok
19:28:02.0062 2376 cd20xrnt - ok
19:28:02.0109 2376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:28:02.0218 2376 Cdaudio - ok
19:28:02.0281 2376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:28:02.0390 2376 Cdfs - ok
19:28:02.0468 2376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:28:02.0578 2376 Cdrom - ok
19:28:02.0625 2376 CmdIde - ok
19:28:02.0687 2376 Cpqarray - ok
19:28:02.0718 2376 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:28:02.0734 2376 cpudrv - ok
19:28:02.0765 2376 cpuz132 - ok
19:28:02.0781 2376 dac2w2k - ok
19:28:02.0781 2376 dac960nt - ok
19:28:02.0828 2376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:28:02.0906 2376 Disk - ok
19:28:02.0968 2376 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:28:03.0078 2376 dmboot - ok
19:28:03.0156 2376 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:28:03.0265 2376 dmio - ok
19:28:03.0312 2376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:28:03.0390 2376 dmload - ok
19:28:03.0437 2376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:28:03.0531 2376 DMusic - ok
19:28:03.0546 2376 dpti2o - ok
19:28:03.0609 2376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:28:03.0687 2376 drmkaud - ok
19:28:03.0734 2376 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
19:28:03.0750 2376 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
19:28:03.0750 2376 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
19:28:03.0781 2376 e1express (1cd824a565dd4d3a33341f08a7ce44d9) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:28:03.0796 2376 e1express - ok
19:28:03.0828 2376 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
19:28:03.0843 2376 ELacpi - ok
19:28:03.0890 2376 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
19:28:03.0906 2376 ELhid ( UnsignedFile.Multi.Generic ) - warning
19:28:03.0906 2376 ELhid - detected UnsignedFile.Multi.Generic (1)
19:28:03.0937 2376 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
19:28:03.0953 2376 ELkbd ( UnsignedFile.Multi.Generic ) - warning
19:28:03.0953 2376 ELkbd - detected UnsignedFile.Multi.Generic (1)
19:28:03.0968 2376 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
19:28:03.0968 2376 ELmon ( UnsignedFile.Multi.Generic ) - warning
19:28:03.0968 2376 ELmon - detected UnsignedFile.Multi.Generic (1)
19:28:03.0984 2376 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
19:28:03.0984 2376 ELmou ( UnsignedFile.Multi.Generic ) - warning
19:28:03.0984 2376 ELmou - detected UnsignedFile.Multi.Generic (1)
19:28:04.0031 2376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:28:04.0125 2376 Fastfat - ok
19:28:04.0156 2376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:28:04.0234 2376 Fdc - ok
19:28:04.0296 2376 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:28:04.0406 2376 Fips - ok
19:28:04.0453 2376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:28:04.0531 2376 Flpydisk - ok
19:28:04.0578 2376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:28:04.0656 2376 FltMgr - ok
19:28:04.0718 2376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:28:04.0812 2376 Fs_Rec - ok
19:28:04.0843 2376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:28:04.0937 2376 Ftdisk - ok
19:28:05.0031 2376 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
19:28:05.0046 2376 ftsata2 - ok
19:28:05.0078 2376 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:28:05.0078 2376 GEARAspiWDM - ok
19:28:05.0109 2376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:28:05.0218 2376 Gpc - ok
19:28:05.0281 2376 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:28:05.0390 2376 HDAudBus - ok
19:28:05.0437 2376 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:28:05.0531 2376 HidUsb - ok
19:28:05.0578 2376 hpn - ok
19:28:05.0625 2376 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:28:05.0703 2376 HPZid412 - ok
19:28:05.0750 2376 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:28:05.0781 2376 HPZipr12 - ok
19:28:05.0812 2376 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:28:05.0859 2376 HPZius12 - ok
19:28:05.0906 2376 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
19:28:05.0906 2376 HssDrv - ok
19:28:05.0968 2376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:28:05.0984 2376 HTTP - ok
19:28:06.0015 2376 i2omgmt - ok
19:28:06.0031 2376 i2omp - ok
19:28:06.0046 2376 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:28:06.0156 2376 i8042prt - ok
19:28:06.0203 2376 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iastor.sys
19:28:06.0234 2376 iaStor - ok
19:28:06.0281 2376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:28:06.0375 2376 Imapi - ok
19:28:06.0437 2376 ini910u - ok
19:28:06.0546 2376 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:28:06.0875 2376 IntcAzAudAddService - ok
19:28:06.0937 2376 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:28:07.0031 2376 IntelIde - ok
19:28:07.0078 2376 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:28:07.0156 2376 intelppm - ok
19:28:07.0218 2376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:28:07.0328 2376 Ip6Fw - ok
19:28:07.0375 2376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:28:07.0453 2376 IpFilterDriver - ok
19:28:07.0531 2376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:28:07.0609 2376 IpInIp - ok
19:28:07.0656 2376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:28:07.0750 2376 IpNat - ok
19:28:07.0812 2376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:28:07.0906 2376 IPSec - ok
19:28:07.0953 2376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:28:08.0000 2376 IRENUM - ok
19:28:08.0046 2376 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:28:08.0156 2376 isapnp - ok
19:28:08.0218 2376 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:28:08.0312 2376 Kbdclass - ok
19:28:08.0390 2376 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:28:08.0484 2376 kbdhid - ok
19:28:08.0515 2376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:28:08.0609 2376 kmixer - ok
19:28:08.0671 2376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:28:08.0687 2376 KSecDD - ok
19:28:08.0718 2376 L8042Kbd (151d8c22a57025d0619d9ed452a4f1ff) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
19:28:08.0734 2376 L8042Kbd - ok
19:28:08.0781 2376 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:28:08.0796 2376 LBeepKE - ok
19:28:08.0812 2376 lbrtfdc - ok
19:28:08.0843 2376 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:28:08.0859 2376 LHidFilt - ok
19:28:08.0906 2376 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\WINDOWS\system32\drivers\libusb0.sys
19:28:08.0921 2376 libusb0 ( UnsignedFile.Multi.Generic ) - warning
19:28:08.0921 2376 libusb0 - detected UnsignedFile.Multi.Generic (1)
19:28:08.0953 2376 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:28:08.0953 2376 LMouFilt - ok
19:28:08.0984 2376 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:28:09.0000 2376 MBAMProtector - ok
19:28:09.0031 2376 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:28:09.0046 2376 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
19:28:09.0046 2376 MHNDRV - detected UnsignedFile.Multi.Generic (1)
19:28:09.0078 2376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:28:09.0187 2376 mnmdd - ok
19:28:09.0250 2376 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:28:09.0375 2376 Modem - ok
19:28:09.0421 2376 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:28:09.0531 2376 Mouclass - ok
19:28:09.0609 2376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:28:09.0734 2376 mouhid - ok
19:28:09.0796 2376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:28:09.0906 2376 MountMgr - ok
19:28:09.0937 2376 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:28:10.0046 2376 MPE - ok
19:28:10.0062 2376 MpKsl2342df69 - ok
19:28:10.0078 2376 MpKsl58985992 - ok
19:28:10.0109 2376 MpKsl60bc085d - ok
19:28:10.0140 2376 MpKsl701c9bdc - ok
19:28:10.0203 2376 MpKsl7ee84b91 - ok
19:28:10.0250 2376 MpKslea911972 - ok
19:28:10.0296 2376 MpKslfd27adf7 - ok
19:28:10.0343 2376 mraid35x - ok
19:28:10.0421 2376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:28:10.0546 2376 MRxDAV - ok
19:28:10.0578 2376 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:28:10.0609 2376 MRxSmb - ok
19:28:10.0640 2376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:28:10.0765 2376 Msfs - ok
19:28:10.0828 2376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:28:10.0953 2376 MSKSSRV - ok
19:28:11.0000 2376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:28:11.0125 2376 MSPCLOCK - ok
19:28:11.0187 2376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:28:11.0296 2376 MSPQM - ok
19:28:11.0359 2376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:28:11.0484 2376 mssmbios - ok
19:28:11.0515 2376 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:28:11.0640 2376 MSTEE - ok
19:28:11.0703 2376 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:28:11.0718 2376 Mup - ok
19:28:11.0750 2376 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:28:11.0875 2376 NABTSFEC - ok
19:28:11.0921 2376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:28:12.0015 2376 NDIS - ok
19:28:12.0078 2376 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:28:12.0187 2376 NdisIP - ok
19:28:12.0234 2376 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:28:12.0234 2376 NdisTapi - ok
19:28:12.0281 2376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:28:12.0375 2376 Ndisuio - ok
19:28:12.0437 2376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:28:12.0531 2376 NdisWan - ok
19:28:12.0578 2376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:28:12.0578 2376 NDProxy - ok
19:28:12.0609 2376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:28:12.0703 2376 NetBIOS - ok
19:28:12.0750 2376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:28:12.0843 2376 NetBT - ok
19:28:12.0890 2376 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:28:12.0968 2376 NIC1394 - ok
19:28:13.0046 2376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:28:13.0140 2376 Npfs - ok
19:28:13.0203 2376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:28:13.0296 2376 Ntfs - ok
19:28:13.0359 2376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:28:13.0437 2376 Null - ok
19:28:13.0703 2376 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:28:13.0953 2376 nv - ok
19:28:14.0031 2376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:28:14.0125 2376 NwlnkFlt - ok
19:28:14.0156 2376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:28:14.0234 2376 NwlnkFwd - ok
19:28:14.0265 2376 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:28:14.0375 2376 ohci1394 - ok
19:28:14.0390 2376 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:28:14.0484 2376 Parport - ok
19:28:14.0562 2376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:28:14.0640 2376 PartMgr - ok
19:28:14.0718 2376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:28:14.0812 2376 ParVdm - ok
19:28:14.0875 2376 PCAMPR5 - ok
19:28:14.0921 2376 pccsmcfd - ok
19:28:14.0953 2376 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:28:15.0046 2376 PCI - ok
19:28:15.0078 2376 PCIDump - ok
19:28:15.0093 2376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:28:15.0203 2376 PCIIde - ok
19:28:15.0265 2376 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:28:15.0343 2376 Pcmcia - ok
19:28:15.0390 2376 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
19:28:15.0390 2376 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:28:15.0390 2376 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:28:15.0406 2376 PDCOMP - ok
19:28:15.0421 2376 PDFRAME - ok
19:28:15.0421 2376 PDRELI - ok
19:28:15.0437 2376 PDRFRAME - ok
19:28:15.0453 2376 perc2 - ok
19:28:15.0468 2376 perc2hib - ok
19:28:15.0515 2376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:28:15.0609 2376 PptpMiniport - ok
19:28:15.0671 2376 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:28:15.0703 2376 Ps2 - ok
19:28:15.0734 2376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:28:15.0828 2376 PSched - ok
19:28:15.0859 2376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:28:15.0953 2376 Ptilink - ok
19:28:15.0984 2376 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:28:16.0000 2376 PxHelp20 - ok
19:28:16.0000 2376 ql1080 - ok
19:28:16.0015 2376 Ql10wnt - ok
19:28:16.0062 2376 ql12160 - ok
19:28:16.0125 2376 ql1240 - ok
19:28:16.0140 2376 ql1280 - ok
19:28:16.0156 2376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:28:16.0265 2376 RasAcd - ok
19:28:16.0328 2376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:28:16.0421 2376 Rasl2tp - ok
19:28:16.0453 2376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:28:16.0531 2376 RasPppoe - ok
19:28:16.0609 2376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:28:16.0703 2376 Raspti - ok
19:28:16.0765 2376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:28:16.0859 2376 Rdbss - ok
19:28:16.0921 2376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:28:17.0015 2376 RDPCDD - ok
19:28:17.0093 2376 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:28:17.0187 2376 rdpdr - ok
19:28:17.0265 2376 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:28:17.0281 2376 RDPWD - ok
19:28:17.0296 2376 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:28:17.0390 2376 redbook - ok
19:28:17.0406 2376 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:28:17.0515 2376 RFCOMM - ok
19:28:17.0531 2376 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:28:17.0625 2376 ROOTMODEM - ok
19:28:17.0656 2376 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:28:17.0765 2376 rtl8139 - ok
19:28:17.0796 2376 SASDIFSV - ok
19:28:17.0843 2376 SASENUM - ok
19:28:17.0890 2376 SASKUTIL - ok
19:28:17.0984 2376 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
19:28:18.0000 2376 SBKUPNT ( UnsignedFile.Multi.Generic ) - warning
19:28:18.0000 2376 SBKUPNT - detected UnsignedFile.Multi.Generic (1)
19:28:18.0031 2376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:28:18.0078 2376 Secdrv - ok
19:28:18.0140 2376 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:28:18.0218 2376 Serenum - ok
19:28:18.0312 2376 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:28:18.0390 2376 Serial - ok
19:28:18.0421 2376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:28:18.0500 2376 Sfloppy - ok
19:28:18.0546 2376 Simbad - ok
19:28:18.0562 2376 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:28:18.0656 2376 SLIP - ok
19:28:18.0734 2376 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
19:28:18.0734 2376 SMBios ( UnsignedFile.Multi.Generic ) - warning
19:28:18.0734 2376 SMBios - detected UnsignedFile.Multi.Generic (1)
19:28:18.0750 2376 Sparrow - ok
19:28:18.0781 2376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:28:18.0875 2376 splitter - ok
19:28:18.0953 2376 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:28:19.0000 2376 sr - ok
19:28:19.0062 2376 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:28:19.0062 2376 Srv - ok
19:28:19.0125 2376 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:28:19.0125 2376 ssmdrv - ok
19:28:19.0140 2376 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:28:19.0234 2376 StillCam - ok
19:28:19.0296 2376 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:28:19.0406 2376 streamip - ok
19:28:19.0468 2376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:28:19.0593 2376 swenum - ok
19:28:19.0656 2376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:28:19.0781 2376 swmidi - ok
19:28:19.0796 2376 symc810 - ok
19:28:19.0812 2376 symc8xx - ok
19:28:19.0812 2376 sym_hi - ok
19:28:19.0828 2376 sym_u3 - ok
19:28:19.0875 2376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:28:19.0984 2376 sysaudio - ok
19:28:20.0062 2376 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
19:28:20.0078 2376 taphss - ok
19:28:20.0140 2376 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
19:28:20.0156 2376 tbhsd - ok
19:28:20.0203 2376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:28:20.0234 2376 Tcpip - ok
19:28:20.0281 2376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:28:20.0390 2376 TDPIPE - ok
19:28:20.0421 2376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:28:20.0531 2376 TDTCP - ok
19:28:20.0593 2376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:28:20.0718 2376 TermDD - ok
19:28:20.0765 2376 TosIde - ok
19:28:20.0843 2376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:28:20.0953 2376 Udfs - ok
19:28:20.0984 2376 ultra - ok
19:28:21.0062 2376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:28:21.0171 2376 Update - ok
19:28:21.0218 2376 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:28:21.0343 2376 usbaudio - ok
19:28:21.0390 2376 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:28:21.0500 2376 usbccgp - ok
19:28:21.0531 2376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:28:21.0609 2376 usbehci - ok
19:28:21.0625 2376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:28:21.0718 2376 usbhub - ok
19:28:21.0765 2376 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:28:21.0859 2376 usbprint - ok
19:28:21.0921 2376 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:28:22.0015 2376 usbscan - ok
19:28:22.0062 2376 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
19:28:22.0171 2376 usbser - ok
19:28:22.0234 2376 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:28:22.0328 2376 usbstor - ok
19:28:22.0406 2376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:28:22.0484 2376 usbuhci - ok
19:28:22.0531 2376 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:28:22.0625 2376 usbvideo - ok
19:28:22.0671 2376 VComm - ok
19:28:22.0703 2376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:28:22.0828 2376 VgaSave - ok
19:28:22.0875 2376 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:28:22.0984 2376 ViaIde - ok
19:28:23.0078 2376 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:28:23.0171 2376 VolSnap - ok
19:28:23.0234 2376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:28:23.0359 2376 Wanarp - ok
19:28:23.0437 2376 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:28:23.0453 2376 Wdf01000 - ok
19:28:23.0468 2376 WDICA - ok
19:28:23.0500 2376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:28:23.0625 2376 wdmaud - ok
19:28:23.0671 2376 WinUSB - ok
19:28:23.0765 2376 WN5301 (b72d232e46ff5ee2bd8f61498b748df7) C:\WINDOWS\system32\DRIVERS\wn5301.sys
19:28:23.0843 2376 WN5301 - ok
19:28:23.0890 2376 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:28:23.0921 2376 WpdUsb - ok
19:28:24.0000 2376 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
19:28:24.0015 2376 WsAudio_DeviceS(1) - ok
19:28:24.0031 2376 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
19:28:24.0046 2376 WsAudio_DeviceS(2) - ok
19:28:24.0078 2376 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
19:28:24.0093 2376 WsAudio_DeviceS(3) - ok
19:28:24.0125 2376 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
19:28:24.0140 2376 WsAudio_DeviceS(4) - ok
19:28:24.0156 2376 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
19:28:24.0171 2376 WsAudio_DeviceS(5) - ok
19:28:24.0203 2376 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:28:24.0328 2376 WSTCODEC - ok
19:28:24.0421 2376 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:28:24.0453 2376 WudfPf - ok
19:28:24.0515 2376 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:28:24.0531 2376 WudfRd - ok
19:28:24.0593 2376 ZCinema_TSHD (8df1397d04fd64653d58c19b56b0615b) C:\WINDOWS\system32\drivers\ZCinema_SRS_i386.sys
19:28:24.0593 2376 ZCinema_TSHD - ok
19:28:24.0656 2376 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:28:24.0875 2376 \Device\Harddisk0\DR0 - ok
19:28:24.0875 2376 Boot (0x1200) (bd29380b4e72cebee762defb8950dcb4) \Device\Harddisk0\DR0\Partition0
19:28:24.0875 2376 \Device\Harddisk0\DR0\Partition0 - ok
19:28:24.0906 2376 Boot (0x1200) (e8562368ff1583b3bd1d3fa7ecfa9d2e) \Device\Harddisk0\DR0\Partition1
19:28:24.0906 2376 \Device\Harddisk0\DR0\Partition1 - ok
19:28:24.0906 2376 ============================================================
19:28:24.0906 2376 Scan finished
19:28:24.0906 2376 ============================================================
19:28:25.0015 2064 Detected object count: 10
19:28:25.0015 2064 Actual detected object count: 10
19:28:57.0375 2064 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0375 2064 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0375 2064 ELhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0375 2064 ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0375 2064 ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0375 2064 ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0375 2064 ELmon ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0375 2064 ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0375 2064 ELmou ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0375 2064 ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0375 2064 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0375 2064 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0390 2064 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0390 2064 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0390 2064 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0390 2064 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0390 2064 SBKUPNT ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0390 2064 SBKUPNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:57.0390 2064 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user
19:28:57.0390 2064 SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:33.0171 3952 Deinitialize success


The tool did not require a Reboot.
Question: I read the link you provided to 'Virus Characteristics'. Is it necessary to restore the MBR as part of the "fix" ?
I also note that the 'free' space on my C drive has increased again !....to 232 Gb......apart from the instructions i have followed here, I have not made any other changes since posting the original at 11.57am.

Kind Regards,
Brian.
Outback Australia

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 5,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 26 April 2012 - 11:14 PM

ps. Yes, I did reboot after running Flash Disinfector.

Brian

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:01 PM

Posted 27 April 2012 - 09:23 PM

Looks good lets just check the MBR and see if we need to FIX it.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
You do not heed to install the Avast definitions.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 5,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 27 April 2012 - 09:42 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 12:38:11
-----------------------------
12:38:11.796 OS Version: Windows 5.1.2600 Service Pack 3
12:38:11.796 Number of processors: 2 586 0xF06
12:38:11.796 ComputerName: BRIANS UserName:
12:38:12.531 Initialize success
12:38:43.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:38:43.250 Disk 0 Vendor: ST330082 3.AH Size: 286168MB BusType: 3
12:38:43.265 Disk 0 MBR read successfully
12:38:43.265 Disk 0 MBR scan
12:38:43.281 Disk 0 Windows XP default MBR code
12:38:43.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 270147 MB offset 63
12:38:43.312 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 16017 MB offset 553262535
12:38:43.328 Disk 0 scanning sectors +586067263
12:38:43.421 Disk 0 scanning C:\WINDOWS\system32\drivers
12:38:50.906 Service scanning
12:39:00.750 Modules scanning
12:39:10.078 Disk 0 trace - called modules:
12:39:10.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:39:10.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b430030]
12:39:10.125 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b45d030]
12:39:10.140 Scan finished successfully
12:39:26.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
12:39:26.703 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"


Regards,
Brian

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#7 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 5,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 27 April 2012 - 09:46 PM

ps...again !
My pc is a HP, running a core 2 processor w/- 3.5Gb of ram
(just in case this is pertinent)

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:01 PM

Posted 27 April 2012 - 09:49 PM

Looks clear Brian,,, Everything else is OK?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 5,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 27 April 2012 - 09:53 PM

Running like a dream !
The 'free'space on C is staying at 132 Gb consistently......I view this as a good sign....as well as clear logs of course !
Kind Regards,
Brian

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:01 PM

Posted 27 April 2012 - 09:56 PM

You're welcome and thanks for dropping by!

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 5,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 27 April 2012 - 10:46 PM

Boopme, Thank you for your help !
I had already deleted all my restore points and turned system restore off........So the RP I have just created NOW, will be nice and clean.
I know I was "taking a chance" with it turned off completely.......but if everything had for some reason gone 'pear shaped' then i had my Macrium back up to fall back on.
I had already disabled autorun some time ago....but i went to the registry and changed the default value there to 0....just to be sure !

Again....thank you for your help and patience...it IS appreciated.
Kind Regards,
Brian.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users