Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tdsskiller additional options


  • Please log in to reply
8 replies to this topic

#1 4on4off

4on4off

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 AM

Posted 08 May 2012 - 01:31 PM

Hello,

I recently ran tdsskiller on my kids computer and found nothing to worry about. For the heck of it I changed the parameters to include the additional options to verify file digital signatures and detect tdlfs file system.

Upon running the scan again it found 9 files as unsigned. Marked them as supsicious and classified as medium risk.

Is this anything to be concerned about?

Thank you for your time.

4

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 08 May 2012 - 04:03 PM

Hello,probably OK, but post the log..
Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 AM

Posted 08 May 2012 - 06:18 PM

Boopme,

Here is the only log I could find on my pc. I found in on the C drive but it was not in a root folder just there under a series of folders by itself. The only root folder I could find said systemroot and nothing was in there.

I hope it is the right one and thank you for your assistance.

16:02:51.0906 1164 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:02:52.0468 1164 ============================================================
16:02:52.0468 1164 Current date / time: 2012/05/08 16:02:52.0468
16:02:52.0468 1164 SystemInfo:
16:02:52.0468 1164
16:02:52.0468 1164 OS Version: 5.1.2600 ServicePack: 3.0
16:02:52.0468 1164 Product type: Workstation
16:02:52.0468 1164 ComputerName: KIDS
16:02:52.0468 1164 UserName: HP_Administrator
16:02:52.0468 1164 Windows directory: C:\WINDOWS
16:02:52.0468 1164 System windows directory: C:\WINDOWS
16:02:52.0468 1164 Processor architecture: Intel x86
16:02:52.0468 1164 Number of processors: 2
16:02:52.0468 1164 Page size: 0x1000
16:02:52.0468 1164 Boot type: Normal boot
16:02:52.0468 1164 ============================================================
16:02:53.0656 1164 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:02:53.0781 1164 ============================================================
16:02:53.0781 1164 \Device\Harddisk0\DR0:

Thank you for your assistance.

4

#4 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 AM

Posted 08 May 2012 - 06:57 PM

Boopme,

I think I found the one you are asking for:

16:53:51.0171 3368 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:53:51.0640 3368 ============================================================
16:53:51.0640 3368 Current date / time: 2012/05/08 16:53:51.0640
16:53:51.0640 3368 SystemInfo:
16:53:51.0640 3368
16:53:51.0640 3368 OS Version: 5.1.2600 ServicePack: 3.0
16:53:51.0640 3368 Product type: Workstation
16:53:51.0640 3368 ComputerName: KIDS
16:53:51.0640 3368 UserName: HP_Administrator
16:53:51.0640 3368 Windows directory: C:\WINDOWS
16:53:51.0640 3368 System windows directory: C:\WINDOWS
16:53:51.0640 3368 Processor architecture: Intel x86
16:53:51.0640 3368 Number of processors: 2
16:53:51.0640 3368 Page size: 0x1000
16:53:51.0640 3368 Boot type: Normal boot
16:53:51.0640 3368 ============================================================
16:53:53.0015 3368 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:53:53.0156 3368 ============================================================
16:53:53.0156 3368 \Device\Harddisk0\DR0:
16:53:53.0156 3368 MBR partitions:
16:53:53.0156 3368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1006857
16:53:53.0156 3368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1006896, BlocksNum 0x1C1B9E2A
16:53:53.0156 3368 ============================================================
16:53:53.0187 3368 C: <-> \Device\Harddisk0\DR0\Partition1
16:53:53.0187 3368 D: <-> \Device\Harddisk0\DR0\Partition0
16:53:53.0187 3368 ============================================================
16:53:53.0187 3368 Initialize success
16:53:53.0187 3368 ============================================================
16:53:58.0765 2492 ============================================================
16:53:58.0765 2492 Scan started
16:53:58.0765 2492 Mode: Manual; SigCheck; TDLFS;
16:53:58.0765 2492 ============================================================
16:53:59.0187 2492 Abiosdsk - ok
16:53:59.0203 2492 abp480n5 - ok
16:53:59.0250 2492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:53:59.0765 2492 ACPI - ok
16:53:59.0781 2492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:53:59.0953 2492 ACPIEC - ok
16:54:00.0093 2492 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:54:00.0109 2492 AdobeFlashPlayerUpdateSvc - ok
16:54:00.0109 2492 adpu160m - ok
16:54:00.0125 2492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:54:00.0312 2492 aec - ok
16:54:00.0359 2492 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:54:00.0375 2492 AegisP ( UnsignedFile.Multi.Generic ) - warning
16:54:00.0375 2492 AegisP - detected UnsignedFile.Multi.Generic (1)
16:54:00.0421 2492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:54:00.0453 2492 AFD - ok
16:54:00.0500 2492 afw (71c3fa8104d2ec22edafb277c0592136) C:\WINDOWS\system32\DRIVERS\afw.sys
16:54:00.0593 2492 afw - ok
16:54:00.0609 2492 AfwCore (45de00dc7b1ec0d599dd232967976f09) C:\WINDOWS\system32\Drivers\AfwCore.sys
16:54:00.0640 2492 AfwCore - ok
16:54:00.0703 2492 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
16:54:00.0750 2492 AgereModemAudio - ok
16:54:00.0828 2492 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:54:00.0890 2492 AgereSoftModem - ok
16:54:01.0046 2492 Aha154x - ok
16:54:01.0046 2492 aic78u2 - ok
16:54:01.0062 2492 aic78xx - ok
16:54:01.0109 2492 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:54:01.0312 2492 Alerter - ok
16:54:01.0343 2492 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:54:01.0515 2492 ALG - ok
16:54:01.0531 2492 AliIde - ok
16:54:01.0531 2492 amsint - ok
16:54:01.0718 2492 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:54:01.0734 2492 Apple Mobile Device - ok
16:54:01.0781 2492 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:54:01.0984 2492 AppMgmt - ok
16:54:02.0015 2492 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
16:54:02.0031 2492 aracpi - ok
16:54:02.0046 2492 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
16:54:02.0062 2492 arhidfltr - ok
16:54:02.0078 2492 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
16:54:02.0093 2492 arkbcfltr - ok
16:54:02.0109 2492 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
16:54:02.0140 2492 armoucfltr - ok
16:54:02.0187 2492 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:54:02.0359 2492 Arp1394 - ok
16:54:02.0406 2492 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
16:54:02.0421 2492 ARPolicy - ok
16:54:02.0468 2492 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
16:54:02.0500 2492 ARSVC - ok
16:54:02.0500 2492 asc - ok
16:54:02.0515 2492 asc3350p - ok
16:54:02.0515 2492 asc3550 - ok
16:54:02.0656 2492 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:54:02.0671 2492 aspnet_state - ok
16:54:02.0703 2492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:54:02.0875 2492 AsyncMac - ok
16:54:02.0890 2492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:54:03.0093 2492 atapi - ok
16:54:03.0093 2492 Atdisk - ok
16:54:03.0109 2492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:54:03.0296 2492 Atmarpc - ok
16:54:03.0343 2492 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:54:03.0515 2492 AudioSrv - ok
16:54:03.0546 2492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:54:03.0734 2492 audstub - ok
16:54:03.0765 2492 BdSpy (42175a3b56922a8c9a294fa6f0b18344) C:\WINDOWS\system32\DRIVERS\BdSpy.sys
16:54:03.0781 2492 BdSpy - ok
16:54:03.0812 2492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:54:04.0000 2492 Beep - ok
16:54:04.0062 2492 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:54:04.0234 2492 BITS - ok
16:54:04.0328 2492 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
16:54:04.0343 2492 Bonjour Service - ok
16:54:04.0390 2492 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:54:04.0578 2492 Browser - ok
16:54:04.0656 2492 BsBackup (ae7fbbf94cbd143904a798dd65b0ebc1) C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
16:54:04.0671 2492 BsBackup - ok
16:54:04.0687 2492 BsBhvScan (e80647e8fcf1029147101244c4d4cffa) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
16:54:04.0718 2492 BsBhvScan - ok
16:54:04.0734 2492 BsFileScan (50dcb6b393f0cac9106b90a5c6f51ded) C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
16:54:04.0750 2492 BsFileScan - ok
16:54:04.0781 2492 BsFire (7faff308bada7231f1a95915dd736b28) C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
16:54:04.0812 2492 BsFire - ok
16:54:04.0890 2492 BsMailProxy (c6e4532045be1d369bd0088bc39d94dd) C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll
16:54:04.0906 2492 BsMailProxy - ok
16:54:04.0968 2492 BsMain (880d112b59a8a29a620026ed7478cc4d) C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
16:54:04.0984 2492 BsMain - ok
16:54:05.0015 2492 BsScanner (5f0782d10c48f6acbafd2ad3a7164e28) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
16:54:05.0031 2492 BsScanner - ok
16:54:05.0078 2492 BsUpdate (54e6ff75c44993091a3c375aab33f280) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
16:54:05.0109 2492 BsUpdate - ok
16:54:05.0281 2492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:54:05.0468 2492 cbidf2k - ok
16:54:05.0484 2492 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:54:05.0671 2492 CCDECODE - ok
16:54:05.0671 2492 cd20xrnt - ok
16:54:05.0687 2492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:54:05.0859 2492 Cdaudio - ok
16:54:05.0890 2492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:54:06.0062 2492 Cdfs - ok
16:54:06.0078 2492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:54:06.0265 2492 Cdrom - ok
16:54:06.0265 2492 Changer - ok
16:54:06.0312 2492 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:54:06.0500 2492 CiSvc - ok
16:54:06.0515 2492 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:54:06.0687 2492 ClipSrv - ok
16:54:06.0828 2492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:54:06.0843 2492 clr_optimization_v2.0.50727_32 - ok
16:54:06.0937 2492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:54:06.0953 2492 clr_optimization_v4.0.30319_32 - ok
16:54:06.0953 2492 CmdIde - ok
16:54:06.0968 2492 COMSysApp - ok
16:54:06.0968 2492 Cpqarray - ok
16:54:07.0000 2492 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:54:07.0187 2492 CryptSvc - ok
16:54:07.0234 2492 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
16:54:07.0250 2492 ctxusbm - ok
16:54:07.0250 2492 dac2w2k - ok
16:54:07.0265 2492 dac960nt - ok
16:54:07.0312 2492 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:54:07.0343 2492 DcomLaunch - ok
16:54:07.0390 2492 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:54:07.0562 2492 Dhcp - ok
16:54:07.0593 2492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:54:07.0781 2492 Disk - ok
16:54:07.0781 2492 dmadmin - ok
16:54:07.0875 2492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:54:08.0062 2492 dmboot - ok
16:54:08.0078 2492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:54:08.0265 2492 dmio - ok
16:54:08.0281 2492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:54:08.0468 2492 dmload - ok
16:54:08.0515 2492 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:54:08.0671 2492 dmserver - ok
16:54:08.0687 2492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:54:08.0921 2492 DMusic - ok
16:54:09.0000 2492 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:54:09.0031 2492 Dnscache - ok
16:54:09.0078 2492 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:54:09.0281 2492 Dot3svc - ok
16:54:09.0281 2492 dpti2o - ok
16:54:09.0328 2492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:54:09.0484 2492 drmkaud - ok
16:54:09.0531 2492 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:54:09.0546 2492 E100B - ok
16:54:09.0593 2492 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:54:09.0765 2492 EapHost - ok
16:54:09.0875 2492 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
16:54:09.0890 2492 ehRecvr - ok
16:54:09.0937 2492 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
16:54:09.0984 2492 ehSched - ok
16:54:10.0031 2492 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:54:10.0203 2492 ERSvc - ok
16:54:10.0250 2492 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:54:10.0281 2492 Eventlog - ok
16:54:10.0343 2492 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:54:10.0359 2492 EventSystem - ok
16:54:10.0421 2492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:54:10.0593 2492 Fastfat - ok
16:54:10.0609 2492 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
16:54:10.0656 2492 fasttx2k - ok
16:54:10.0703 2492 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:54:10.0750 2492 FastUserSwitchingCompatibility - ok
16:54:10.0812 2492 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
16:54:11.0000 2492 Fax - ok
16:54:11.0046 2492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:54:11.0203 2492 Fdc - ok
16:54:11.0234 2492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:54:11.0390 2492 Fips - ok
16:54:11.0406 2492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:54:11.0593 2492 Flpydisk - ok
16:54:11.0640 2492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:54:11.0828 2492 FltMgr - ok
16:54:11.0968 2492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:54:11.0984 2492 FontCache3.0.0.0 - ok
16:54:12.0031 2492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:54:12.0203 2492 Fs_Rec - ok
16:54:12.0218 2492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:54:12.0406 2492 Ftdisk - ok
16:54:12.0421 2492 ftsata2 - ok
16:54:12.0453 2492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:54:12.0468 2492 GEARAspiWDM - ok
16:54:12.0515 2492 getPlus® Installer - ok
16:54:12.0515 2492 getPlusHelper - ok
16:54:12.0562 2492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:54:12.0734 2492 Gpc - ok
16:54:12.0859 2492 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:54:12.0875 2492 gupdate - ok
16:54:12.0875 2492 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:54:12.0890 2492 gupdatem - ok
16:54:12.0968 2492 gusvc (5467f1ff0af264566740f67e8b810735) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:54:12.0984 2492 gusvc - ok
16:54:13.0031 2492 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
16:54:13.0046 2492 hcwPP2 - ok
16:54:13.0109 2492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:54:13.0281 2492 HDAudBus - ok
16:54:13.0406 2492 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:54:13.0593 2492 helpsvc - ok
16:54:13.0625 2492 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
16:54:13.0796 2492 HidIr - ok
16:54:13.0828 2492 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:54:14.0000 2492 HidServ - ok
16:54:14.0015 2492 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:54:14.0187 2492 HidUsb - ok
16:54:14.0218 2492 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:54:14.0421 2492 hkmsvc - ok
16:54:14.0437 2492 hpn - ok
16:54:14.0484 2492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:54:14.0515 2492 HTTP - ok
16:54:14.0531 2492 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:54:14.0687 2492 HTTPFilter - ok
16:54:14.0703 2492 i2omgmt - ok
16:54:14.0703 2492 i2omp - ok
16:54:14.0718 2492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:54:14.0890 2492 i8042prt - ok
16:54:14.0984 2492 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:54:15.0031 2492 ialm - ok
16:54:15.0234 2492 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:54:15.0250 2492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:54:15.0250 2492 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:54:15.0453 2492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:54:15.0500 2492 idsvc - ok
16:54:15.0609 2492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:54:15.0812 2492 Imapi - ok
16:54:15.0859 2492 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:54:16.0015 2492 ImapiService - ok
16:54:16.0031 2492 ini910u - ok
16:54:16.0281 2492 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:54:16.0437 2492 IntcAzAudAddService - ok
16:54:16.0562 2492 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:54:16.0734 2492 IntelIde - ok
16:54:16.0781 2492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:54:16.0937 2492 intelppm - ok
16:54:16.0968 2492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:54:17.0140 2492 Ip6Fw - ok
16:54:17.0156 2492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:54:17.0359 2492 IpFilterDriver - ok
16:54:17.0390 2492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:54:17.0578 2492 IpInIp - ok
16:54:17.0609 2492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:54:17.0796 2492 IpNat - ok
16:54:17.0906 2492 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
16:54:17.0937 2492 iPod Service - ok
16:54:17.0984 2492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:54:18.0156 2492 IPSec - ok
16:54:18.0203 2492 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
16:54:18.0390 2492 IrBus - ok
16:54:18.0421 2492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:54:18.0593 2492 IRENUM - ok
16:54:18.0609 2492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:54:18.0781 2492 isapnp - ok
16:54:18.0984 2492 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
16:54:19.0000 2492 JavaQuickStarterService - ok
16:54:19.0015 2492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:54:19.0203 2492 Kbdclass - ok
16:54:19.0218 2492 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:54:19.0375 2492 kbdhid - ok
16:54:19.0406 2492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:54:19.0578 2492 kmixer - ok
16:54:19.0640 2492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:54:19.0656 2492 KSecDD - ok
16:54:19.0703 2492 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:54:19.0718 2492 lanmanserver - ok
16:54:19.0765 2492 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:54:19.0781 2492 lanmanworkstation - ok
16:54:19.0796 2492 lbrtfdc - ok
16:54:19.0937 2492 LightScribeService (575ed0f5dcb34e5c243d2a7ebc860484) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:54:19.0937 2492 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:54:19.0937 2492 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:54:20.0000 2492 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:54:20.0171 2492 LmHosts - ok
16:54:20.0265 2492 lxecCATSCustConnectService (6311f8863d898ce60c048779f9d86e74) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe
16:54:20.0281 2492 lxecCATSCustConnectService - ok
16:54:20.0296 2492 lxec_device - ok
16:54:20.0375 2492 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
16:54:20.0421 2492 McrdSvc - ok
16:54:20.0515 2492 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:54:20.0531 2492 MDM - ok
16:54:20.0578 2492 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:54:20.0765 2492 Messenger - ok
16:54:20.0796 2492 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
16:54:20.0828 2492 MHN ( UnsignedFile.Multi.Generic ) - warning
16:54:20.0828 2492 MHN - detected UnsignedFile.Multi.Generic (1)
16:54:20.0875 2492 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:54:20.0890 2492 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
16:54:20.0890 2492 MHNDRV - detected UnsignedFile.Multi.Generic


Sorry for the confusion on my part.

4

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 08 May 2012 - 08:33 PM

Thanks,were you having redirects that prompted you to run it?

Lets run it again to be sure its clean.

Please download TDSSKiller.zip and and extract it.
OR just open it and
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 AM

Posted 08 May 2012 - 08:53 PM

Boopme,

I just ran it because this is my childrens pc and I clean it up once in awhile because I know they don't. I have seen the unsigned file warning before but always just let it go until now.

Here is the tdsskiller scan with the parameters set to include tdlfs system file:

18:37:16.0469 0140 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:37:17.0156 0140 ============================================================
18:37:17.0156 0140 Current date / time: 2012/05/08 18:37:17.0156
18:37:17.0156 0140 SystemInfo:
18:37:17.0156 0140
18:37:17.0156 0140 OS Version: 5.1.2600 ServicePack: 3.0
18:37:17.0156 0140 Product type: Workstation
18:37:17.0156 0140 ComputerName: KIDS
18:37:17.0156 0140 UserName: HP_Administrator
18:37:17.0156 0140 Windows directory: C:\WINDOWS
18:37:17.0156 0140 System windows directory: C:\WINDOWS
18:37:17.0156 0140 Processor architecture: Intel x86
18:37:17.0156 0140 Number of processors: 2
18:37:17.0172 0140 Page size: 0x1000
18:37:17.0172 0140 Boot type: Normal boot
18:37:17.0172 0140 ============================================================
18:37:18.0687 0140 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:37:18.0844 0140 ============================================================
18:37:18.0844 0140 \Device\Harddisk0\DR0:
18:37:18.0844 0140 MBR partitions:
18:37:18.0844 0140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1006857
18:37:18.0844 0140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1006896, BlocksNum 0x1C1B9E2A
18:37:18.0844 0140 ============================================================
18:37:18.0875 0140 C: <-> \Device\Harddisk0\DR0\Partition1
18:37:18.0875 0140 D: <-> \Device\Harddisk0\DR0\Partition0
18:37:18.0875 0140 ============================================================
18:37:18.0875 0140 Initialize success
18:37:18.0875 0140 ============================================================
18:37:37.0172 1144 ============================================================
18:37:37.0172 1144 Scan started
18:37:37.0172 1144 Mode: Manual; TDLFS;
18:37:37.0172 1144 ============================================================
18:37:37.0562 1144 Abiosdsk - ok
18:37:37.0562 1144 abp480n5 - ok
18:37:37.0609 1144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:37:37.0641 1144 ACPI - ok
18:37:37.0641 1144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:37:37.0656 1144 ACPIEC - ok
18:37:37.0781 1144 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:37:37.0844 1144 AdobeFlashPlayerUpdateSvc - ok
18:37:37.0859 1144 adpu160m - ok
18:37:37.0875 1144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:37:37.0891 1144 aec - ok
18:37:37.0937 1144 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:37:37.0953 1144 AegisP - ok
18:37:38.0016 1144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:37:38.0031 1144 AFD - ok
18:37:38.0094 1144 afw (71c3fa8104d2ec22edafb277c0592136) C:\WINDOWS\system32\DRIVERS\afw.sys
18:37:38.0109 1144 afw - ok
18:37:38.0125 1144 AfwCore (45de00dc7b1ec0d599dd232967976f09) C:\WINDOWS\system32\Drivers\AfwCore.sys
18:37:38.0156 1144 AfwCore - ok
18:37:38.0234 1144 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
18:37:38.0250 1144 AgereModemAudio - ok
18:37:38.0328 1144 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:37:38.0375 1144 AgereSoftModem - ok
18:37:38.0516 1144 Aha154x - ok
18:37:38.0516 1144 aic78u2 - ok
18:37:38.0531 1144 aic78xx - ok
18:37:38.0562 1144 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:37:38.0562 1144 Alerter - ok
18:37:38.0594 1144 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:37:38.0609 1144 ALG - ok
18:37:38.0625 1144 AliIde - ok
18:37:38.0625 1144 amsint - ok
18:37:38.0797 1144 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:37:38.0828 1144 Apple Mobile Device - ok
18:37:38.0875 1144 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:37:38.0891 1144 AppMgmt - ok
18:37:38.0937 1144 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
18:37:38.0953 1144 aracpi - ok
18:37:38.0969 1144 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
18:37:38.0984 1144 arhidfltr - ok
18:37:39.0031 1144 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
18:37:39.0047 1144 arkbcfltr - ok
18:37:39.0047 1144 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
18:37:39.0062 1144 armoucfltr - ok
18:37:39.0109 1144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:37:39.0125 1144 Arp1394 - ok
18:37:39.0141 1144 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
18:37:39.0156 1144 ARPolicy - ok
18:37:39.0203 1144 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
18:37:39.0234 1144 ARSVC - ok
18:37:39.0234 1144 asc - ok
18:37:39.0234 1144 asc3350p - ok
18:37:39.0250 1144 asc3550 - ok
18:37:39.0391 1144 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:37:39.0437 1144 aspnet_state - ok
18:37:39.0453 1144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:37:39.0453 1144 AsyncMac - ok
18:37:39.0484 1144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:37:39.0484 1144 atapi - ok
18:37:39.0484 1144 Atdisk - ok
18:37:39.0516 1144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:37:39.0531 1144 Atmarpc - ok
18:37:39.0578 1144 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:37:39.0594 1144 AudioSrv - ok
18:37:39.0625 1144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:37:39.0656 1144 audstub - ok
18:37:39.0687 1144 BdSpy (42175a3b56922a8c9a294fa6f0b18344) C:\WINDOWS\system32\DRIVERS\BdSpy.sys
18:37:39.0703 1144 BdSpy - ok
18:37:39.0719 1144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:37:39.0750 1144 Beep - ok
18:37:39.0812 1144 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:37:39.0844 1144 BITS - ok
18:37:39.0984 1144 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
18:37:40.0016 1144 Bonjour Service - ok
18:37:40.0062 1144 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:37:40.0094 1144 Browser - ok
18:37:40.0172 1144 BsBackup (ae7fbbf94cbd143904a798dd65b0ebc1) C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
18:37:40.0203 1144 BsBackup - ok
18:37:40.0250 1144 BsBhvScan (e80647e8fcf1029147101244c4d4cffa) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
18:37:40.0281 1144 BsBhvScan - ok
18:37:40.0312 1144 BsFileScan (50dcb6b393f0cac9106b90a5c6f51ded) C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
18:37:40.0344 1144 BsFileScan - ok
18:37:40.0375 1144 BsFire (7faff308bada7231f1a95915dd736b28) C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
18:37:40.0391 1144 BsFire - ok
18:37:40.0453 1144 BsMailProxy (c6e4532045be1d369bd0088bc39d94dd) C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll
18:37:40.0484 1144 BsMailProxy - ok
18:37:40.0531 1144 BsMain (880d112b59a8a29a620026ed7478cc4d) C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
18:37:40.0562 1144 BsMain - ok
18:37:40.0578 1144 BsScanner (5f0782d10c48f6acbafd2ad3a7164e28) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
18:37:40.0609 1144 BsScanner - ok
18:37:40.0672 1144 BsUpdate (54e6ff75c44993091a3c375aab33f280) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
18:37:40.0703 1144 BsUpdate - ok
18:37:40.0875 1144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:37:40.0875 1144 cbidf2k - ok
18:37:40.0906 1144 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:37:40.0922 1144 CCDECODE - ok
18:37:40.0922 1144 cd20xrnt - ok
18:37:40.0953 1144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:37:41.0031 1144 Cdaudio - ok
18:37:41.0078 1144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:37:41.0094 1144 Cdfs - ok
18:37:41.0141 1144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:37:41.0156 1144 Cdrom - ok
18:37:41.0156 1144 Changer - ok
18:37:41.0203 1144 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:37:41.0203 1144 CiSvc - ok
18:37:41.0234 1144 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:37:41.0250 1144 ClipSrv - ok
18:37:41.0406 1144 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:37:41.0437 1144 clr_optimization_v2.0.50727_32 - ok
18:37:41.0516 1144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:37:41.0547 1144 clr_optimization_v4.0.30319_32 - ok
18:37:41.0547 1144 CmdIde - ok
18:37:41.0547 1144 COMSysApp - ok
18:37:41.0562 1144 Cpqarray - ok
18:37:41.0578 1144 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:37:41.0594 1144 CryptSvc - ok
18:37:41.0641 1144 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
18:37:41.0656 1144 ctxusbm - ok
18:37:41.0656 1144 dac2w2k - ok
18:37:41.0672 1144 dac960nt - ok
18:37:41.0687 1144 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:37:41.0703 1144 DcomLaunch - ok
18:37:41.0750 1144 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:37:41.0750 1144 Dhcp - ok
18:37:41.0766 1144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:37:41.0781 1144 Disk - ok
18:37:41.0781 1144 dmadmin - ok
18:37:41.0844 1144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:37:41.0859 1144 dmboot - ok
18:37:41.0875 1144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:37:41.0891 1144 dmio - ok
18:37:41.0906 1144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:37:41.0922 1144 dmload - ok
18:37:41.0953 1144 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:37:42.0016 1144 dmserver - ok
18:37:42.0031 1144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:37:42.0047 1144 DMusic - ok
18:37:42.0109 1144 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:37:42.0125 1144 Dnscache - ok
18:37:42.0172 1144 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:37:42.0187 1144 Dot3svc - ok
18:37:42.0187 1144 dpti2o - ok
18:37:42.0234 1144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:37:42.0234 1144 drmkaud - ok
18:37:42.0297 1144 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:37:42.0312 1144 E100B - ok
18:37:42.0344 1144 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:37:42.0359 1144 EapHost - ok
18:37:42.0453 1144 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
18:37:42.0484 1144 ehRecvr - ok
18:37:42.0531 1144 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
18:37:42.0547 1144 ehSched - ok
18:37:42.0594 1144 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:37:42.0609 1144 ERSvc - ok
18:37:42.0656 1144 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:37:42.0672 1144 Eventlog - ok
18:37:42.0734 1144 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:37:42.0766 1144 EventSystem - ok
18:37:42.0781 1144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:37:42.0797 1144 Fastfat - ok
18:37:42.0828 1144 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
18:37:42.0859 1144 fasttx2k - ok
18:37:42.0906 1144 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:42.0922 1144 FastUserSwitchingCompatibility - ok
18:37:42.0984 1144 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:37:43.0000 1144 Fax - ok
18:37:43.0047 1144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:37:43.0062 1144 Fdc - ok
18:37:43.0109 1144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:37:43.0125 1144 Fips - ok
18:37:43.0141 1144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:37:43.0156 1144 Flpydisk - ok
18:37:43.0187 1144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:37:43.0219 1144 FltMgr - ok
18:37:43.0359 1144 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:37:43.0375 1144 FontCache3.0.0.0 - ok
18:37:43.0422 1144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:37:43.0437 1144 Fs_Rec - ok
18:37:43.0453 1144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:37:43.0484 1144 Ftdisk - ok
18:37:43.0484 1144 ftsata2 - ok
18:37:43.0531 1144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:37:43.0547 1144 GEARAspiWDM - ok
18:37:43.0578 1144 getPlus® Installer - ok
18:37:43.0594 1144 getPlusHelper - ok
18:37:43.0641 1144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:37:43.0656 1144 Gpc - ok
18:37:43.0750 1144 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:37:43.0750 1144 gupdate - ok
18:37:43.0750 1144 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:37:43.0750 1144 gupdatem - ok
18:37:43.0812 1144 gusvc (5467f1ff0af264566740f67e8b810735) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:37:43.0859 1144 gusvc - ok
18:37:43.0891 1144 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
18:37:43.0922 1144 hcwPP2 - ok
18:37:43.0969 1144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:37:44.0000 1144 HDAudBus - ok
18:37:44.0125 1144 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:37:44.0141 1144 helpsvc - ok
18:37:44.0172 1144 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
18:37:44.0187 1144 HidIr - ok
18:37:44.0219 1144 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:37:44.0234 1144 HidServ - ok
18:37:44.0234 1144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:37:44.0250 1144 HidUsb - ok
18:37:44.0297 1144 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:37:44.0312 1144 hkmsvc - ok
18:37:44.0312 1144 hpn - ok
18:37:44.0359 1144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:37:44.0375 1144 HTTP - ok
18:37:44.0422 1144 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:37:44.0437 1144 HTTPFilter - ok
18:37:44.0453 1144 i2omgmt - ok
18:37:44.0453 1144 i2omp - ok
18:37:44.0484 1144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:37:44.0500 1144 i8042prt - ok
18:37:44.0594 1144 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:37:44.0625 1144 ialm - ok
18:37:44.0781 1144 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:37:44.0812 1144 IDriverT - ok
18:37:44.0984 1144 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:37:45.0078 1144 idsvc - ok
18:37:45.0187 1144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:37:45.0203 1144 Imapi - ok
18:37:45.0266 1144 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:37:45.0312 1144 ImapiService - ok
18:37:45.0312 1144 ini910u - ok
18:37:45.0562 1144 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:37:45.0656 1144 IntcAzAudAddService - ok
18:37:45.0766 1144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:37:45.0781 1144 IntelIde - ok
18:37:45.0828 1144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:37:45.0844 1144 intelppm - ok
18:37:45.0875 1144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:37:45.0891 1144 Ip6Fw - ok
18:37:45.0906 1144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:37:45.0922 1144 IpFilterDriver - ok
18:37:45.0937 1144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:37:45.0953 1144 IpInIp - ok
18:37:46.0016 1144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:37:46.0031 1144 IpNat - ok
18:37:46.0156 1144 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
18:37:46.0203 1144 iPod Service - ok
18:37:46.0234 1144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:37:46.0250 1144 IPSec - ok
18:37:46.0297 1144 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
18:37:46.0312 1144 IrBus - ok
18:37:46.0344 1144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:37:46.0359 1144 IRENUM - ok
18:37:46.0391 1144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:37:46.0406 1144 isapnp - ok
18:37:46.0594 1144 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:37:46.0641 1144 JavaQuickStarterService - ok
18:37:46.0672 1144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:37:46.0687 1144 Kbdclass - ok
18:37:46.0687 1144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:37:46.0703 1144 kbdhid - ok
18:37:46.0734 1144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:37:46.0734 1144 kmixer - ok
18:37:46.0766 1144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:37:46.0781 1144 KSecDD - ok
18:37:46.0812 1144 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:37:46.0828 1144 lanmanserver - ok
18:37:46.0891 1144 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:37:46.0906 1144 lanmanworkstation - ok
18:37:46.0922 1144 lbrtfdc - ok
18:37:47.0062 1144 LightScribeService (575ed0f5dcb34e5c243d2a7ebc860484) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:37:47.0078 1144 LightScribeService - ok
18:37:47.0125 1144 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:37:47.0141 1144 LmHosts - ok
18:37:47.0234 1144 lxecCATSCustConnectService (6311f8863d898ce60c048779f9d86e74) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe
18:37:47.0281 1144 lxecCATSCustConnectService - ok
18:37:47.0281 1144 lxec_device - ok
18:37:47.0375 1144 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
18:37:47.0391 1144 McrdSvc - ok
18:37:47.0484 1144 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:37:47.0531 1144 MDM - ok
18:37:47.0578 1144 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:37:47.0594 1144 Messenger - ok
18:37:47.0625 1144 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:37:47.0641 1144 MHN - ok
18:37:47.0687 1144 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:37:47.0703 1144 MHNDRV - ok
18:37:47.0719 1144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:37:47.0734 1144 mnmdd - ok
18:37:47.0781 1144 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:37:47.0781 1144 mnmsrvc - ok
18:37:47.0828 1144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:37:47.0844 1144 Modem - ok
18:37:47.0859 1144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:37:47.0875 1144 Mouclass - ok
18:37:47.0922 1144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:37:47.0937 1144 mouhid - ok
18:37:47.0953 1144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:37:47.0969 1144 MountMgr - ok
18:37:47.0984 1144 mraid35x - ok
18:37:48.0000 1144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:37:48.0016 1144 MRxDAV - ok
18:37:48.0062 1144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:37:48.0094 1144 MRxSmb - ok
18:37:48.0125 1144 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:37:48.0125 1144 MSDTC - ok
18:37:48.0187 1144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:37:48.0203 1144 Msfs - ok
18:37:48.0203 1144 MSIServer - ok
18:37:48.0219 1144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:37:48.0234 1144 MSKSSRV - ok
18:37:48.0250 1144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:37:48.0266 1144 MSPCLOCK - ok
18:37:48.0297 1144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:37:48.0312 1144 MSPQM - ok
18:37:48.0359 1144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:37:48.0359 1144 mssmbios - ok
18:37:48.0391 1144 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:37:48.0406 1144 MSTEE - ok
18:37:48.0437 1144 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:37:48.0453 1144 Mup - ok
18:37:48.0484 1144 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:37:48.0500 1144 NABTSFEC - ok
18:37:48.0562 1144 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:37:48.0578 1144 napagent - ok
18:37:48.0609 1144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:37:48.0641 1144 NDIS - ok
18:37:48.0656 1144 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:37:48.0672 1144 NdisIP - ok
18:37:48.0719 1144 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:37:48.0719 1144 NdisTapi - ok
18:37:48.0734 1144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:37:48.0750 1144 Ndisuio - ok
18:37:48.0766 1144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:37:48.0781 1144 NdisWan - ok
18:37:48.0844 1144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:37:48.0859 1144 NDProxy - ok
18:37:48.0906 1144 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
18:37:48.0922 1144 Net Driver HPZ12 - ok
18:37:48.0922 1144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:37:48.0953 1144 NetBIOS - ok
18:37:49.0000 1144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:37:49.0031 1144 NetBT - ok
18:37:49.0078 1144 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:37:49.0125 1144 NetDDE - ok
18:37:49.0125 1144 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:37:49.0141 1144 NetDDEdsdm - ok
18:37:49.0187 1144 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:49.0187 1144 Netlogon - ok
18:37:49.0219 1144 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:37:49.0219 1144 Netman - ok
18:37:49.0344 1144 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:37:49.0359 1144 NetTcpPortSharing - ok
18:37:49.0391 1144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:37:49.0406 1144 NIC1394 - ok
18:37:49.0453 1144 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:37:49.0469 1144 Nla - ok
18:37:49.0547 1144 NovaShieldFilterDriver (cb9751585223a77785b915b0591d71f0) C:\WINDOWS\system32\DRIVERS\NSKernel.sys
18:37:49.0578 1144 NovaShieldFilterDriver - ok
18:37:49.0609 1144 NovaShieldTDIDriver (ed6af59b384a092e1c42df79b483b952) C:\WINDOWS\system32\DRIVERS\NSNetmon.sys
18:37:49.0625 1144 NovaShieldTDIDriver - ok
18:37:49.0641 1144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:37:49.0656 1144 Npfs - ok
18:37:49.0719 1144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:37:49.0750 1144 Ntfs - ok
18:37:49.0797 1144 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:49.0797 1144 NtLmSsp - ok
18:37:49.0859 1144 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:37:49.0891 1144 NtmsSvc - ok
18:37:49.0937 1144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:37:49.0937 1144 Null - ok
18:37:49.0953 1144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:37:49.0969 1144 NwlnkFlt - ok
18:37:49.0984 1144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:37:50.0000 1144 NwlnkFwd - ok
18:37:50.0219 1144 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:37:50.0266 1144 odserv - ok
18:37:50.0312 1144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:37:50.0328 1144 ohci1394 - ok
18:37:50.0391 1144 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:37:50.0406 1144 ose - ok
18:37:50.0437 1144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:37:50.0453 1144 Parport - ok
18:37:50.0469 1144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:37:50.0484 1144 PartMgr - ok
18:37:50.0516 1144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:37:50.0531 1144 ParVdm - ok
18:37:50.0531 1144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:37:50.0562 1144 PCI - ok
18:37:50.0562 1144 PCIDump - ok
18:37:50.0578 1144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:37:50.0594 1144 PCIIde - ok
18:37:50.0609 1144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:37:50.0625 1144 Pcmcia - ok
18:37:50.0641 1144 PDCOMP - ok
18:37:50.0641 1144 PDFRAME - ok
18:37:50.0656 1144 PDRELI - ok
18:37:50.0656 1144 PDRFRAME - ok
18:37:50.0672 1144 perc2 - ok
18:37:50.0672 1144 perc2hib - ok
18:37:50.0734 1144 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:37:50.0734 1144 PlugPlay - ok
18:37:50.0781 1144 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
18:37:50.0797 1144 Pml Driver HPZ12 - ok
18:37:50.0844 1144 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:50.0844 1144 PolicyAgent - ok
18:37:50.0859 1144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:37:50.0875 1144 PptpMiniport - ok
18:37:50.0969 1144 Profos (de11f5c3e9bda993b65e1518d46bc438) C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys
18:37:50.0984 1144 Profos - ok
18:37:50.0984 1144 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:51.0000 1144 ProtectedStorage - ok
18:37:51.0047 1144 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:37:51.0062 1144 Ps2 - ok
18:37:51.0062 1144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:37:51.0078 1144 PSched - ok
18:37:51.0109 1144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:37:51.0109 1144 Ptilink - ok
18:37:51.0156 1144 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:37:51.0172 1144 PxHelp20 - ok
18:37:51.0172 1144 ql1080 - ok
18:37:51.0187 1144 Ql10wnt - ok
18:37:51.0187 1144 ql12160 - ok
18:37:51.0187 1144 ql1240 - ok
18:37:51.0203 1144 ql1280 - ok
18:37:51.0234 1144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:37:51.0250 1144 RasAcd - ok
18:37:51.0281 1144 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:37:51.0297 1144 RasAuto - ok
18:37:51.0312 1144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:37:51.0328 1144 Rasl2tp - ok
18:37:51.0375 1144 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:37:51.0391 1144 RasMan - ok
18:37:51.0437 1144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:37:51.0453 1144 RasPppoe - ok
18:37:51.0484 1144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:37:51.0500 1144 Raspti - ok
18:37:51.0547 1144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:37:51.0562 1144 Rdbss - ok
18:37:51.0578 1144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:37:51.0594 1144 RDPCDD - ok
18:37:51.0625 1144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:37:51.0656 1144 rdpdr - ok
18:37:51.0703 1144 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:37:51.0719 1144 RDPWD - ok
18:37:51.0750 1144 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:37:51.0797 1144 RDSessMgr - ok
18:37:51.0812 1144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:37:51.0844 1144 redbook - ok
18:37:51.0891 1144 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:37:51.0906 1144 RemoteAccess - ok
18:37:51.0922 1144 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:37:51.0937 1144 RemoteRegistry - ok
18:37:52.0000 1144 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:37:52.0016 1144 RpcLocator - ok
18:37:52.0078 1144 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:37:52.0094 1144 RpcSs - ok
18:37:52.0156 1144 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:37:52.0172 1144 RSVP - ok
18:37:52.0219 1144 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:37:52.0234 1144 rtl8139 - ok
18:37:52.0281 1144 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
18:37:52.0312 1144 RTLWUSB - ok
18:37:52.0359 1144 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:52.0359 1144 SamSs - ok
18:37:52.0422 1144 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:37:52.0469 1144 SCardSvr - ok
18:37:52.0531 1144 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:37:52.0547 1144 Schedule - ok
18:37:52.0594 1144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:37:52.0609 1144 Secdrv - ok
18:37:52.0625 1144 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:37:52.0641 1144 seclogon - ok
18:37:52.0656 1144 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:37:52.0656 1144 SENS - ok
18:37:52.0703 1144 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:37:52.0719 1144 Serenum - ok
18:37:52.0750 1144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:37:52.0766 1144 Serial - ok
18:37:52.0797 1144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:37:52.0812 1144 Sfloppy - ok
18:37:52.0859 1144 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:37:52.0875 1144 SharedAccess - ok
18:37:52.0937 1144 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:52.0937 1144 ShellHWDetection - ok
18:37:52.0953 1144 Simbad - ok
18:37:52.0969 1144 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:37:52.0984 1144 SLIP - ok
18:37:53.0000 1144 Sparrow - ok
18:37:53.0031 1144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:37:53.0047 1144 splitter - ok
18:37:53.0094 1144 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:37:53.0109 1144 Spooler - ok
18:37:53.0156 1144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:37:53.0187 1144 sr - ok
18:37:53.0234 1144 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:37:53.0266 1144 srservice - ok
18:37:53.0312 1144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:37:53.0344 1144 Srv - ok
18:37:53.0391 1144 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:37:53.0406 1144 SSDPSRV - ok
18:37:53.0453 1144 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:37:53.0453 1144 StillCam - ok
18:37:53.0484 1144 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:37:53.0500 1144 stisvc - ok
18:37:53.0547 1144 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:37:53.0547 1144 streamip - ok
18:37:53.0672 1144 StumbleUponUpdateService (13ab1aee0f18b1abb5ba39c7e4df6a6f) C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
18:37:53.0703 1144 StumbleUponUpdateService - ok
18:37:53.0719 1144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:37:53.0734 1144 swenum - ok
18:37:53.0766 1144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:37:53.0781 1144 swmidi - ok
18:37:53.0781 1144 SwPrv - ok
18:37:53.0797 1144 symc810 - ok
18:37:53.0797 1144 symc8xx - ok
18:37:53.0812 1144 sym_hi - ok
18:37:53.0812 1144 sym_u3 - ok
18:37:53.0828 1144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:37:53.0844 1144 sysaudio - ok
18:37:53.0875 1144 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:37:53.0922 1144 SysmonLog - ok
18:37:53.0937 1144 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:37:53.0953 1144 TapiSrv - ok
18:37:54.0031 1144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:37:54.0062 1144 Tcpip - ok
18:37:54.0078 1144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:37:54.0094 1144 TDPIPE - ok
18:37:54.0125 1144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:37:54.0141 1144 TDTCP - ok
18:37:54.0187 1144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:37:54.0203 1144 TermDD - ok
18:37:54.0266 1144 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:37:54.0297 1144 TermService - ok
18:37:54.0359 1144 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:54.0359 1144 Themes - ok
18:37:54.0406 1144 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:37:54.0437 1144 TlntSvr - ok
18:37:54.0437 1144 TosIde - ok
18:37:54.0469 1144 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:37:54.0484 1144 TrkWks - ok
18:37:54.0547 1144 Trufos (b1f9b01f90f08ed91af5a7d3ed66148c) C:\WINDOWS\system32\DRIVERS\Trufos.sys
18:37:54.0562 1144 Trufos - ok
18:37:54.0609 1144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:37:54.0625 1144 Udfs - ok
18:37:54.0641 1144 ultra - ok
18:37:54.0687 1144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:37:54.0719 1144 Update - ok
18:37:54.0766 1144 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:37:54.0781 1144 upnphost - ok
18:37:54.0828 1144 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:37:54.0844 1144 UPS - ok
18:37:54.0906 1144 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:37:54.0922 1144 USBAAPL - ok
18:37:54.0969 1144 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:37:54.0984 1144 usbaudio - ok
18:37:55.0016 1144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:37:55.0031 1144 usbccgp - ok
18:37:55.0062 1144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:37:55.0078 1144 usbehci - ok
18:37:55.0125 1144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:37:55.0141 1144 usbhub - ok
18:37:55.0172 1144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:37:55.0187 1144 usbprint - ok
18:37:55.0234 1144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:37:55.0234 1144 usbscan - ok
18:37:55.0250 1144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:37:55.0266 1144 USBSTOR - ok
18:37:55.0312 1144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:37:55.0328 1144 usbuhci - ok
18:37:55.0328 1144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:37:55.0344 1144 VgaSave - ok
18:37:55.0375 1144 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:37:55.0391 1144 ViaIde - ok
18:37:55.0391 1144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:37:55.0422 1144 VolSnap - ok
18:37:55.0469 1144 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:37:55.0500 1144 VSS - ok
18:37:55.0625 1144 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\WINDOWS\system32\DRIVERS\VX3000.sys
18:37:55.0656 1144 VX3000 - ok
18:37:55.0812 1144 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:37:55.0828 1144 W32Time - ok
18:37:55.0875 1144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:37:55.0891 1144 Wanarp - ok
18:37:55.0906 1144 WDICA - ok
18:37:55.0922 1144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:37:55.0937 1144 wdmaud - ok
18:37:55.0969 1144 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:37:55.0984 1144 WebClient - ok
18:37:56.0156 1144 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:37:56.0172 1144 winmgmt - ok
18:37:56.0281 1144 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
18:37:56.0297 1144 WinRM - ok
18:37:56.0547 1144 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:37:56.0609 1144 wlidsvc - ok
18:37:56.0781 1144 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:37:56.0797 1144 WmdmPmSN - ok
18:37:56.0859 1144 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:37:56.0859 1144 Wmi - ok
18:37:56.0922 1144 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:37:56.0953 1144 WmiApSrv - ok
18:37:57.0094 1144 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:37:57.0172 1144 WMPNetworkSvc - ok
18:37:57.0234 1144 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:37:57.0250 1144 WpdUsb - ok
18:37:57.0453 1144 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:37:57.0516 1144 WPFFontCache_v0400 - ok
18:37:57.0547 1144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:37:57.0562 1144 WS2IFSL - ok
18:37:57.0625 1144 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:37:57.0641 1144 wscsvc - ok
18:37:57.0703 1144 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:37:57.0719 1144 WSTCODEC - ok
18:37:57.0750 1144 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:37:57.0766 1144 wuauserv - ok
18:37:57.0828 1144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:37:57.0844 1144 WudfPf - ok
18:37:57.0875 1144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:37:57.0891 1144 WudfRd - ok
18:37:57.0922 1144 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:37:57.0953 1144 WudfSvc - ok
18:37:58.0016 1144 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:37:58.0016 1144 WZCSVC - ok
18:37:58.0047 1144 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:37:58.0078 1144 xmlprov - ok
18:37:58.0094 1144 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
18:37:58.0219 1144 \Device\Harddisk0\DR0 - ok
18:37:58.0219 1144 Boot (0x1200) (e8e0b48ac5d2922639503f464675f738) \Device\Harddisk0\DR0\Partition0
18:37:58.0219 1144 \Device\Harddisk0\DR0\Partition0 - ok
18:37:58.0219 1144 Boot (0x1200) (75b6d36e9b86ba078f2e73650c6a01f1) \Device\Harddisk0\DR0\Partition1
18:37:58.0219 1144 \Device\Harddisk0\DR0\Partition1 - ok
18:37:58.0219 1144 ============================================================
18:37:58.0219 1144 Scan finished
18:37:58.0219 1144 ============================================================
18:37:58.0234 3980 Detected object count: 0
18:37:58.0234 3980 Actual detected object count: 0


Here is the aswmbr log you requested:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 18:39:24
-----------------------------
18:39:24.844 OS Version: Windows 5.1.2600 Service Pack 3
18:39:24.844 Number of processors: 2 586 0x403
18:39:24.844 ComputerName: KIDS UserName:
18:39:25.797 Initialize success
18:39:49.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
18:39:49.500 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
18:39:49.516 Disk 0 MBR read successfully
18:39:49.516 Disk 0 MBR scan
18:39:49.516 Disk 0 unknown MBR code
18:39:49.516 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8205 MB offset 63
18:39:49.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230259 MB offset 16803990
18:39:49.531 Disk 0 scanning sectors +488376000
18:39:49.609 Disk 0 scanning C:\WINDOWS\system32\drivers
18:39:58.891 Service scanning
18:40:16.297 Modules scanning
18:40:35.078 Disk 0 trace - called modules:
18:40:35.094 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:40:35.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8affcab8]
18:40:35.109 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8b06d1d0]
18:40:35.109 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b028940]
18:40:35.109 Scan finished successfully
18:40:58.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
18:40:58.594 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"


Here is the malwarebytes log you requested:

(note: I already had this on my system and had run a scan with it prior to running the tdsskiller I originally started this thread about. This log is from that scan)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 18:39:24
-----------------------------
18:39:24.844 OS Version: Windows 5.1.2600 Service Pack 3
18:39:24.844 Number of processors: 2 586 0x403
18:39:24.844 ComputerName: KIDS UserName:
18:39:25.797 Initialize success
18:39:49.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
18:39:49.500 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
18:39:49.516 Disk 0 MBR read successfully
18:39:49.516 Disk 0 MBR scan
18:39:49.516 Disk 0 unknown MBR code
18:39:49.516 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8205 MB offset 63
18:39:49.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230259 MB offset 16803990
18:39:49.531 Disk 0 scanning sectors +488376000
18:39:49.609 Disk 0 scanning C:\WINDOWS\system32\drivers
18:39:58.891 Service scanning
18:40:16.297 Modules scanning
18:40:35.078 Disk 0 trace - called modules:
18:40:35.094 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:40:35.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8affcab8]
18:40:35.109 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8b06d1d0]
18:40:35.109 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b028940]
18:40:35.109 Scan finished successfully
18:40:58.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
18:40:58.594 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"


I again thank you for your time and assistance.

4

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 08 May 2012 - 09:05 PM

You're welcome looks clean to me. Appears you do a good job!! :thumbup2:

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 AM

Posted 08 May 2012 - 09:10 PM

Boopme,

Done and done.

Thank you very much for putting me at ease with the unsigned files.

4

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 08 May 2012 - 09:31 PM

Hi, the 3rd from last line in the post 4 scan

16:54:20.0875 2492 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:54:20.0890 2492 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
16:54:20.0890 2492 MHNDRV - detected UnsignedFile.Multi.Generic

What I bolded is the MD5 if you google the MD5 or use have VirusTotal check it you will see its clean...

7f2f1d2815a6449d346fcccbc569fbd6

see here
https://www.virustotal.com/file/1c5a321ce95ce4d9aa2cb5a00e9b7e711521a6bbb25d36f7f49a397c361585c6/analysis/

Edited by boopme, 08 May 2012 - 09:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users