Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet access, microsoft security essentials is jacked, need help


  • This topic is locked This topic is locked
40 replies to this topic

#1 dave7676

dave7676

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 03 June 2012 - 09:40 PM

I believe I have a virus on my desktop Dell PC. I'm running windows XP media center edition 2002, service pack 3 with internet explorer 5 for my web browser.

It all started 4 weeks ago while browsing themeforest searching for a new theme (Website template). I was viewing a demo and a window came up asking permission to open or run something that I thought was legit, didn't pay any attention to it and granted access. Got some pop-ups so I immediately shutdown the PC manualy and realized I had just screwed the pooch...

I then tried running microsoft security essentials (Unfortunately not in safe mode) and the (Quick) scan results said, clean. However, internet was still down. I shut it down and went to work; started the pc up later that evening only to find out that I couldn't get on the internet and security essentials was down and instead of green, was all in red stating something about it not being turned on. Tried running security essentials and couldn't. Downloaded Norman malware cleaner on a jump drive and copied it to my desktop, ran that and it found some malicious objects. After re-starting the PC, same thing... Tried deleting security essentials in add/remove programs; couldn't. Ended up manually removing security essentials through microsofts help page, only removed partial, still see it in security center, says virus protection is on? I did a few system restores and that didn't help either.

Tried running a cleaner from microsoft and a couple others that seemed to not detect anything and finally 2 weeks later just ran Norman again and came here. Norman found 3 malicious objects which were:
C:\System Volume Information\_restore{EDF6B116-8887-4DDD-A0FD-EC926398F1F5}\RP1A0000003.msi: Archive infected
C:\System Volume Information\_restore{EDF6B116-8887-4DDD-A0FD-EC926398F1F5}\RP1A0000004.msi: Archive infected
C:\System Volume Information\_restore{EDF6B116-8887-4DDD-A0FD-EC926398F1F5}\RP2A0000135.MSI: Archive infected
However in the results it didn't clean or quarantine any?

Then ran several other things that I was instructed to run from a kind person here on Bleeping PC like FSS, System look, Mbam, GMER, Dial-a-fix, 106 fix, security check, aswMBR, bootkit remover, Malwarebytes, TDS killer, winsock fix, mini tool box, etc... And still no internet. Now I have been told by him that I need to post my dds log and GMER logs on here, so here it is:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dave at 14:49:19 on 2012-06-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1557 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Dave.DONKENDAVE\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Dave.DONKENDAVE\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\dave.donkendave\local settings\application data\akamai\netsession_win.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: vzw.com\picture
DPF: Comcast.Ocf.Cab - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]
.
=============== Created Last 30 ================
.
2012-05-29 02:05:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 02:01:13 -------- d-----w- c:\documents and settings\dave.donkendave\application data\Malwarebytes
2012-05-29 02:01:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 02:01:01 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
2012-05-28 20:24:50 -------- d-----w- c:\windows\system32\NtmsData
2012-05-28 20:14:32 -------- d-----w- c:\windows\system32\CatRoot2
2012-05-27 23:50:47 138112 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-27 23:50:47 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-27 23:50:46 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-05-27 23:50:46 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-05-17 02:01:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-06 20:43:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-06 20:43:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-04-22 23:26:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-22 23:26:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 14:49:32.40 ===============

Please help!
-Dave

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 04 June 2012 - 02:59 PM

Good evening. :)

Do you have the Windows installation disk that Dell's should be supplied with?

So long, and thanks for all the fish.

 

 


#3 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 10 June 2012 - 09:06 PM

Sorry for the late response, I thought I would have received an e-mail letting me know you had replied?
Yes I do.

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 11 June 2012 - 02:26 PM

Good evening. :)

According to one of the logs you posted, the Windows Install Date is 10/15/2008. Given that this makes your installation over three and a half years old I would just back up any important data and then reinstall the operating system. OSs slow down over time due to installation/uninstallations and Windows updates and I should think that your OS is running significantly slower that it was when you first fired it up and a reformat and reinstall solves two problems in one go.

So long, and thanks for all the fish.

 

 


#5 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 12 June 2012 - 10:50 AM

Believe it or not it's not slow at all. I have came this far and really dont want to do that unless you feel like I should cut my losses. Do you think the virus is curable rather quickly or does it seem like it would take several attempts and never possibly be cured?

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 12 June 2012 - 02:48 PM

Good evening. :)

I'm running windows XP media center edition 2002, service pack 3 with internet explorer 5 for my web browser.

In which case you need to start by updating your browser - I.E. 5 is seriously, and I do mean seriously, out of date. You can get the latest version here. There are so many security holes in yours that to continue using it is to invite more trouble than you already have.

So long, and thanks for all the fish.

 

 


#7 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 12 June 2012 - 04:36 PM

Good evening. :)

I'm running windows XP media center edition 2002, service pack 3 with internet explorer 5 for my web browser.

In which case you need to start by updating your browser - I.E. 5 is seriously, and I do mean seriously, out of date. You can get the latest version here. There are so many security holes in yours that to continue using it is to invite more trouble than you already have.



#8 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 12 June 2012 - 04:37 PM

I have no internet access, once the virus is cured I planned on switching over to google chrome.

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 13 June 2012 - 02:23 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

You can transfer the download to the infected PC via a flashdrive and do the same with the resulting log.

So long, and thanks for all the fish.

 

 


#10 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 19 June 2012 - 12:02 AM

I ran the combo fix but was not able to stop Microsoft Security Essentials from running like I was supposed to. Unfortunately, I have no access to MSE seeing how I manually tried to remove it but apparantly was unsuccessful as I previously mentioned.
I also tried running the combo fix in safe mode in hopes that MSE would not be running but still a window popped up saying it was running and I needed to disable it, I continued the scan. From there I got on MSE forum and tried getting help to either totally get rid of MSE or stop it from running and they didn't seem to help much.
After running combofix a few times and still not having internet access I also tried repairing the network connection in my control panel and that didn't work either. Do you think this is why the combo fix is not working?

ComboFix 12-06-15.06 - Dave 06/16/2012 16:53:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1721 [GMT -7:00]
Running from: c:\documents and settings\Dave.DONKENDAVE\Desktop\combo.exe
Command switches used :: c:\documents and settings\Dave.DONKENDAVE\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Dave.DONKENDAVE\Application Data\Adobe\plugs
c:\documents and settings\Dave.DONKENDAVE\Application Data\Adobe\shed
c:\documents and settings\Dave.DONKENDAVE\Local Settings\Temporary Internet Files\CreateOutlookExpressProfilePort587.cab
c:\documents and settings\Dave.DONKENDAVE\Local Settings\Temporary Internet Files\CreateOutlookExpressProfilePort587.vbs
c:\documents and settings\Dave.DONKENDAVE\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-05-29 02:05 . 2012-05-29 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 02:01 . 2012-05-29 02:01 -------- d-----w- c:\documents and settings\Dave.DONKENDAVE\Application Data\Malwarebytes
2012-05-29 02:01 . 2012-05-29 02:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-05-29 02:01 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 02:01 . 2012-05-29 14:15 -------- d-----w- c:\documents and settings\Malwarebytes' Anti-Malware
2012-05-28 20:24 . 2012-06-16 22:51 -------- d-----w- c:\windows\system32\NtmsData
2012-05-28 20:14 . 2012-06-16 23:52 -------- d-----w- c:\windows\system32\CatRoot2
2012-05-27 23:50 . 2008-04-13 19:19 138112 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-27 23:50 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-27 23:50 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-05-27 23:50 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 23:26 . 2012-04-22 23:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-22 23:26 . 2012-03-08 17:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2012-05-01 04:59 6734704 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-21 03:44 . 2009-12-02 22:23 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-08 39408]
"Akamai NetSession Interface"="c:\documents and settings\Dave.DONKENDAVE\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-12 4583424]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/8/2011 2:28 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 4:26 PM 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/8/2011 2:28 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 23:26]
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-06-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-06-16 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: vzw.com\picture
DPF: Comcast.Ocf.Cab - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
SafeBoot-33728967.sys
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-16 17:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-16 17:09:32
ComboFix-quarantined-files.txt 2012-06-17 00:09
.
Pre-Run: 165,980,745,728 bytes free
Post-Run: 169,994,526,720 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9662920D5B5C02AA00A061A0FE307DAD

Thanks,

-Dave

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 19 June 2012 - 02:47 PM

Good evening. :)

I suggest you try downloading another MSE installation file and reinstall it - after that, you may find that it will uninstall successfully. Let me know how you get on.

So long, and thanks for all the fish.

 

 


#12 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 19 June 2012 - 10:48 PM

Ok, so one of the fixes actually seemed to work to get rid of MSE, the tech had me copy a bunch of commands and then open the folder on my infected PC, a black command window came up and looked like it ran the commands and closed. Went to my security center and had no virus protection!

So then I tried to run combo fix but it still detected MSE running.

Then I tried to reinstall MSE as you suggested, thought that was gonna do it, but still the install failed, "Window Installer", window came up after accepting terms and agreement; window says, "The feature you are trying to use is on a network resource that is unavailable. Click ok to try again, or enter an alternate path to a folder containing the installation package 'epp.msi' in the box below.
The default selection is: c:\7d6b066f8c48a0e752dddbb10\x86\
The alternative selection is: C:\Program Files\Microsoft Security Client\Backup\
Of course neither work...

Sounds like this install needs internet access or the back-up client for MSE?

Please advise what to do next, thanks,

-Dave

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 20 June 2012 - 03:04 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • The log that the tool creates will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#14 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 20 June 2012 - 04:40 PM

Here is the log.
I forgot to mention in my last post that when I would run the combo fix after removing MSE and later check my security center, MSE would be back running, not sure that it matters but trying to be as thorough as possible.
Also wondering how to check what version of internet explorer I'm using. My netbook I'm using is version 5, not sure about my infected desktop, I was assuming 5 but have a feeling it might be a later version?

14:16:44.0843 2052 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
14:16:44.0859 2052 ============================================================
14:16:44.0859 2052 Current date / time: 2012/06/20 14:16:44.0859
14:16:44.0859 2052 SystemInfo:
14:16:44.0859 2052
14:16:44.0859 2052 OS Version: 5.1.2600 ServicePack: 3.0
14:16:44.0859 2052 Product type: Workstation
14:16:44.0859 2052 ComputerName: DONKENDAVE
14:16:44.0859 2052 UserName: Dave
14:16:44.0859 2052 Windows directory: C:\WINDOWS
14:16:44.0859 2052 System windows directory: C:\WINDOWS
14:16:44.0859 2052 Processor architecture: Intel x86
14:16:44.0859 2052 Number of processors: 2
14:16:44.0859 2052 Page size: 0x1000
14:16:44.0859 2052 Boot type: Normal boot
14:16:44.0859 2052 ============================================================
14:16:45.0234 2052 Drive \Device\Harddisk0\DR0 - Size: 0x4A81300000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:16:45.0265 2052 ============================================================
14:16:45.0265 2052 \Device\Harddisk0\DR0:
14:16:45.0265 2052 MBR partitions:
14:16:45.0265 2052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x25402437
14:16:45.0265 2052 ============================================================
14:16:45.0296 2052 C: <-> \Device\Harddisk0\DR0\Partition0
14:16:45.0296 2052 ============================================================
14:16:45.0296 2052 Initialize success
14:16:45.0296 2052 ============================================================
14:17:02.0984 2544 ============================================================
14:17:02.0984 2544 Scan started
14:17:02.0984 2544 Mode: Manual; SigCheck; TDLFS;
14:17:02.0984 2544 ============================================================
14:17:03.0265 2544 Abiosdsk - ok
14:17:03.0281 2544 abp480n5 - ok
14:17:03.0375 2544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:17:05.0687 2544 ACPI - ok
14:17:05.0734 2544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:17:05.0859 2544 ACPIEC - ok
14:17:05.0953 2544 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:17:06.0031 2544 AdobeFlashPlayerUpdateSvc - ok
14:17:06.0046 2544 adpu160m - ok
14:17:06.0078 2544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:17:06.0234 2544 aec - ok
14:17:06.0328 2544 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
14:17:06.0468 2544 AFD - ok
14:17:06.0468 2544 Aha154x - ok
14:17:06.0468 2544 aic78u2 - ok
14:17:06.0468 2544 aic78xx - ok
14:17:06.0562 2544 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:17:06.0671 2544 Alerter - ok
14:17:06.0703 2544 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:17:06.0796 2544 ALG - ok
14:17:06.0796 2544 AliIde - ok
14:17:06.0796 2544 amsint - ok
14:17:07.0000 2544 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:17:07.0015 2544 Apple Mobile Device - ok
14:17:07.0093 2544 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:17:07.0171 2544 AppMgmt - ok
14:17:07.0203 2544 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:17:07.0343 2544 Arp1394 - ok
14:17:07.0375 2544 ASAPIW2k (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
14:17:07.0375 2544 ASAPIW2k ( UnsignedFile.Multi.Generic ) - warning
14:17:07.0375 2544 ASAPIW2k - detected UnsignedFile.Multi.Generic (1)
14:17:07.0390 2544 asc - ok
14:17:07.0390 2544 asc3350p - ok
14:17:07.0406 2544 asc3550 - ok
14:17:07.0562 2544 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:17:07.0578 2544 aspnet_state - ok
14:17:07.0609 2544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:17:07.0718 2544 AsyncMac - ok
14:17:07.0796 2544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:17:07.0906 2544 atapi - ok
14:17:07.0906 2544 Atdisk - ok
14:17:07.0937 2544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:17:08.0046 2544 Atmarpc - ok
14:17:08.0109 2544 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:17:08.0234 2544 AudioSrv - ok
14:17:08.0296 2544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:17:08.0421 2544 audstub - ok
14:17:08.0484 2544 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:17:08.0546 2544 b57w2k - ok
14:17:08.0609 2544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:17:08.0718 2544 Beep - ok
14:17:08.0781 2544 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:17:08.0968 2544 BITS - ok
14:17:08.0968 2544 Bonjour Service - ok
14:17:09.0046 2544 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:17:09.0187 2544 Browser - ok
14:17:09.0390 2544 catchme - ok
14:17:09.0421 2544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:17:09.0562 2544 cbidf2k - ok
14:17:09.0562 2544 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:17:09.0703 2544 CCDECODE - ok
14:17:09.0703 2544 cd20xrnt - ok
14:17:09.0734 2544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:17:09.0875 2544 Cdaudio - ok
14:17:09.0906 2544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:17:10.0015 2544 Cdfs - ok
14:17:10.0031 2544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:17:10.0171 2544 Cdrom - ok
14:17:10.0218 2544 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
14:17:10.0218 2544 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
14:17:10.0234 2544 cercsr6 - detected UnsignedFile.Multi.Generic (1)
14:17:10.0234 2544 Changer - ok
14:17:10.0265 2544 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:17:10.0406 2544 CiSvc - ok
14:17:10.0437 2544 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:17:10.0578 2544 ClipSrv - ok
14:17:10.0640 2544 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:17:10.0656 2544 clr_optimization_v2.0.50727_32 - ok
14:17:10.0656 2544 CmdIde - ok
14:17:10.0656 2544 COMSysApp - ok
14:17:10.0671 2544 Cpqarray - ok
14:17:10.0750 2544 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
14:17:10.0750 2544 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
14:17:10.0750 2544 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
14:17:10.0812 2544 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:17:10.0921 2544 CryptSvc - ok
14:17:11.0031 2544 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
14:17:11.0093 2544 ctac32k - ok
14:17:11.0187 2544 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
14:17:11.0234 2544 ctaud2k - ok
14:17:11.0296 2544 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
14:17:11.0312 2544 ctdvda2k - ok
14:17:11.0312 2544 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:17:11.0328 2544 ctprxy2k - ok
14:17:11.0390 2544 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:17:11.0406 2544 ctsfm2k - ok
14:17:11.0406 2544 dac2w2k - ok
14:17:11.0406 2544 dac960nt - ok
14:17:11.0531 2544 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:17:11.0640 2544 DcomLaunch - ok
14:17:11.0718 2544 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:17:11.0828 2544 Dhcp - ok
14:17:11.0875 2544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:17:12.0015 2544 Disk - ok
14:17:12.0015 2544 dlbx_device - ok
14:17:12.0015 2544 dmadmin - ok
14:17:12.0093 2544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:17:12.0218 2544 dmboot - ok
14:17:12.0281 2544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:17:12.0421 2544 dmio - ok
14:17:12.0437 2544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:17:12.0546 2544 dmload - ok
14:17:12.0593 2544 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:17:12.0718 2544 dmserver - ok
14:17:12.0765 2544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:17:12.0906 2544 DMusic - ok
14:17:12.0968 2544 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:17:13.0093 2544 Dnscache - ok
14:17:13.0125 2544 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:17:13.0250 2544 Dot3svc - ok
14:17:13.0250 2544 dpti2o - ok
14:17:13.0250 2544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:17:13.0390 2544 drmkaud - ok
14:17:13.0421 2544 drvmcdb (24646242310499d75c6db4b32768a3b3) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:17:13.0453 2544 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
14:17:13.0453 2544 drvmcdb - detected UnsignedFile.Multi.Generic (1)
14:17:13.0453 2544 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
14:17:13.0484 2544 drvnddm ( UnsignedFile.Multi.Generic ) - warning
14:17:13.0484 2544 drvnddm - detected UnsignedFile.Multi.Generic (1)
14:17:13.0562 2544 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:17:13.0671 2544 EapHost - ok
14:17:13.0734 2544 ehRecvr (27434c42a13c11f92ca45840b720d671) C:\WINDOWS\eHome\ehRecvr.exe
14:17:13.0765 2544 ehRecvr ( UnsignedFile.Multi.Generic ) - warning
14:17:13.0765 2544 ehRecvr - detected UnsignedFile.Multi.Generic (1)
14:17:13.0812 2544 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
14:17:13.0875 2544 ehSched - ok
14:17:13.0921 2544 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
14:17:13.0937 2544 emupia - ok
14:17:13.0953 2544 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:17:14.0078 2544 ERSvc - ok
14:17:14.0125 2544 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:17:14.0140 2544 Eventlog - ok
14:17:14.0218 2544 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:17:14.0296 2544 EventSystem - ok
14:17:14.0343 2544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:17:14.0468 2544 Fastfat - ok
14:17:14.0531 2544 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:17:14.0609 2544 FastUserSwitchingCompatibility - ok
14:17:14.0640 2544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:17:14.0781 2544 Fdc - ok
14:17:14.0812 2544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:17:14.0953 2544 Fips - ok
14:17:14.0984 2544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:17:15.0109 2544 Flpydisk - ok
14:17:15.0140 2544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:17:15.0250 2544 FltMgr - ok
14:17:15.0359 2544 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:17:15.0375 2544 FontCache3.0.0.0 - ok
14:17:15.0406 2544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:17:15.0531 2544 Fs_Rec - ok
14:17:15.0546 2544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:17:15.0656 2544 Ftdisk - ok
14:17:15.0703 2544 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:17:15.0843 2544 gameenum - ok
14:17:15.0859 2544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:17:15.0890 2544 GEARAspiWDM - ok
14:17:15.0968 2544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:17:16.0078 2544 Gpc - ok
14:17:16.0218 2544 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:17:16.0234 2544 gupdate - ok
14:17:16.0234 2544 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:17:16.0250 2544 gupdatem - ok
14:17:16.0312 2544 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:17:16.0328 2544 gusvc - ok
14:17:16.0437 2544 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
14:17:16.0468 2544 ha10kx2k - ok
14:17:16.0546 2544 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
14:17:16.0562 2544 hap16v2k - ok
14:17:16.0656 2544 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:17:16.0796 2544 helpsvc - ok
14:17:16.0796 2544 HidServ - ok
14:17:16.0859 2544 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:17:16.0968 2544 hidusb - ok
14:17:17.0031 2544 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:17:17.0156 2544 hkmsvc - ok
14:17:17.0156 2544 hpn - ok
14:17:17.0250 2544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:17:17.0296 2544 HTTP - ok
14:17:17.0328 2544 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:17:17.0453 2544 HTTPFilter - ok
14:17:17.0453 2544 i2omgmt - ok
14:17:17.0468 2544 i2omp - ok
14:17:17.0468 2544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:17:17.0578 2544 i8042prt - ok
14:17:17.0687 2544 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:17:17.0781 2544 iastor - ok
14:17:17.0968 2544 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:17:18.0031 2544 idsvc - ok
14:17:18.0140 2544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:17:18.0250 2544 Imapi - ok
14:17:18.0328 2544 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:17:18.0468 2544 ImapiService - ok
14:17:18.0468 2544 ini910u - ok
14:17:18.0484 2544 IntelIde - ok
14:17:18.0531 2544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:17:18.0640 2544 intelppm - ok
14:17:18.0687 2544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:17:18.0828 2544 Ip6Fw - ok
14:17:18.0859 2544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:17:18.0968 2544 IpFilterDriver - ok
14:17:18.0984 2544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:17:19.0125 2544 IpInIp - ok
14:17:19.0187 2544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:17:19.0296 2544 IpNat - ok
14:17:19.0421 2544 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:17:19.0484 2544 iPod Service - ok
14:17:19.0562 2544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:17:19.0703 2544 IPSec - ok
14:17:19.0718 2544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:17:19.0796 2544 IRENUM - ok
14:17:19.0812 2544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:17:19.0953 2544 isapnp - ok
14:17:20.0125 2544 JavaQuickStarterService (5fd5865dc1a2100f8d4cf000ee5409a3) C:\Program Files\Java\jre6\bin\jqs.exe
14:17:20.0140 2544 JavaQuickStarterService - ok
14:17:20.0156 2544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:17:20.0265 2544 Kbdclass - ok
14:17:20.0328 2544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:17:20.0437 2544 kbdhid - ok
14:17:20.0468 2544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:17:20.0593 2544 kmixer - ok
14:17:20.0609 2544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:17:20.0687 2544 KSecDD - ok
14:17:20.0750 2544 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:17:20.0812 2544 lanmanserver - ok
14:17:20.0890 2544 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:17:21.0015 2544 lanmanworkstation - ok
14:17:21.0015 2544 lbrtfdc - ok
14:17:21.0078 2544 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:17:21.0218 2544 LmHosts - ok
14:17:21.0296 2544 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
14:17:21.0312 2544 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
14:17:21.0312 2544 MarvinBus - detected UnsignedFile.Multi.Generic (1)
14:17:21.0359 2544 mcmscsvc - ok
14:17:21.0703 2544 McNASvc (2988e515570e4f8b9d9b256137f8e8f4) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
14:17:37.0093 2544 McNASvc - ok
14:17:37.0250 2544 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:17:37.0359 2544 Messenger - ok
14:17:37.0437 2544 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
14:17:37.0453 2544 MHN ( UnsignedFile.Multi.Generic ) - warning
14:17:37.0453 2544 MHN - detected UnsignedFile.Multi.Generic (1)
14:17:37.0484 2544 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:17:37.0500 2544 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
14:17:37.0500 2544 MHNDRV - detected UnsignedFile.Multi.Generic (1)
14:17:37.0562 2544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:17:37.0671 2544 mnmdd - ok
14:17:37.0703 2544 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:17:37.0843 2544 mnmsrvc - ok
14:17:37.0875 2544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:17:38.0015 2544 Modem - ok
14:17:38.0046 2544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:17:38.0171 2544 Mouclass - ok
14:17:38.0218 2544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:17:38.0359 2544 mouhid - ok
14:17:38.0375 2544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:17:38.0515 2544 MountMgr - ok
14:17:38.0593 2544 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:17:38.0609 2544 MpFilter - ok
14:17:38.0609 2544 mraid35x - ok
14:17:38.0656 2544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:17:38.0781 2544 MRxDAV - ok
14:17:38.0843 2544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:17:38.0921 2544 MRxSmb - ok
14:17:38.0968 2544 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:17:39.0109 2544 MSDTC - ok
14:17:39.0109 2544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:17:39.0218 2544 Msfs - ok
14:17:39.0218 2544 MSIServer - ok
14:17:39.0265 2544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:17:39.0406 2544 MSKSSRV - ok
14:17:39.0437 2544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:17:39.0546 2544 MSPCLOCK - ok
14:17:39.0546 2544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:17:39.0671 2544 MSPQM - ok
14:17:39.0718 2544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:17:39.0828 2544 mssmbios - ok
14:17:39.0875 2544 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:17:39.0984 2544 MSTEE - ok
14:17:40.0000 2544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:17:40.0015 2544 Mup - ok
14:17:40.0046 2544 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:17:40.0187 2544 NABTSFEC - ok
14:17:40.0250 2544 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:17:40.0375 2544 napagent - ok
14:17:40.0390 2544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:17:40.0531 2544 NDIS - ok
14:17:40.0562 2544 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:17:40.0671 2544 NdisIP - ok
14:17:40.0718 2544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:17:40.0750 2544 NdisTapi - ok
14:17:40.0765 2544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:17:40.0906 2544 Ndisuio - ok
14:17:40.0937 2544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:17:41.0078 2544 NdisWan - ok
14:17:41.0140 2544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:17:41.0203 2544 NDProxy - ok
14:17:41.0250 2544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:17:41.0406 2544 NetBIOS - ok
14:17:41.0437 2544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:17:41.0546 2544 NetBT - ok
14:17:41.0609 2544 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:17:41.0734 2544 NetDDE - ok
14:17:41.0734 2544 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:17:41.0843 2544 NetDDEdsdm - ok
14:17:41.0875 2544 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:41.0984 2544 Netlogon - ok
14:17:42.0078 2544 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:17:42.0187 2544 Netman - ok
14:17:42.0359 2544 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:17:42.0375 2544 NetTcpPortSharing - ok
14:17:42.0421 2544 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:17:42.0531 2544 NIC1394 - ok
14:17:42.0609 2544 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:17:42.0656 2544 Nla - ok
14:17:42.0687 2544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:17:42.0812 2544 Npfs - ok
14:17:42.0875 2544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:17:43.0015 2544 Ntfs - ok
14:17:43.0015 2544 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:43.0125 2544 NtLmSsp - ok
14:17:43.0218 2544 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:17:43.0343 2544 NtmsSvc - ok
14:17:43.0375 2544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:17:43.0484 2544 Null - ok
14:17:43.0718 2544 nv (aaa6daac20c08fda35498515ad6c69c3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:17:43.0859 2544 nv - ok
14:17:44.0000 2544 NVSvc (5c554286925944e5ef1b0105ab9b59e8) C:\WINDOWS\system32\nvsvc32.exe
14:17:44.0031 2544 NVSvc - ok
14:17:44.0109 2544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:17:44.0234 2544 NwlnkFlt - ok
14:17:44.0265 2544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:17:44.0390 2544 NwlnkFwd - ok
14:17:44.0703 2544 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:17:44.0734 2544 odserv - ok
14:17:44.0765 2544 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:17:44.0890 2544 ohci1394 - ok
14:17:44.0968 2544 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:17:44.0984 2544 ose - ok
14:17:45.0078 2544 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
14:17:45.0109 2544 ossrv - ok
14:17:45.0156 2544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:17:45.0265 2544 Parport - ok
14:17:45.0265 2544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:17:45.0406 2544 PartMgr - ok
14:17:45.0437 2544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:17:45.0546 2544 ParVdm - ok
14:17:45.0578 2544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:17:45.0687 2544 PCI - ok
14:17:45.0687 2544 PCIDump - ok
14:17:45.0718 2544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:17:45.0843 2544 PCIIde - ok
14:17:45.0890 2544 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
14:17:45.0921 2544 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
14:17:45.0921 2544 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
14:17:45.0984 2544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:17:46.0109 2544 Pcmcia - ok
14:17:46.0125 2544 PDCOMP - ok
14:17:46.0125 2544 PDFRAME - ok
14:17:46.0125 2544 PDRELI - ok
14:17:46.0140 2544 PDRFRAME - ok
14:17:46.0140 2544 perc2 - ok
14:17:46.0140 2544 perc2hib - ok
14:17:46.0171 2544 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
14:17:46.0187 2544 PfModNT - ok
14:17:46.0281 2544 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:17:46.0296 2544 PlugPlay - ok
14:17:46.0312 2544 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:46.0437 2544 PolicyAgent - ok
14:17:46.0468 2544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:17:46.0609 2544 PptpMiniport - ok
14:17:46.0609 2544 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:46.0734 2544 ProtectedStorage - ok
14:17:46.0734 2544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:17:46.0875 2544 PSched - ok
14:17:46.0921 2544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:17:47.0031 2544 Ptilink - ok
14:17:47.0093 2544 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:17:47.0093 2544 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:17:47.0093 2544 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:17:47.0093 2544 ql1080 - ok
14:17:47.0109 2544 Ql10wnt - ok
14:17:47.0109 2544 ql12160 - ok
14:17:47.0109 2544 ql1240 - ok
14:17:47.0125 2544 ql1280 - ok
14:17:47.0125 2544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:17:47.0234 2544 RasAcd - ok
14:17:47.0312 2544 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:17:47.0453 2544 RasAuto - ok
14:17:47.0453 2544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:17:47.0578 2544 Rasl2tp - ok
14:17:47.0656 2544 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:17:47.0781 2544 RasMan - ok
14:17:47.0781 2544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:17:47.0921 2544 RasPppoe - ok
14:17:47.0921 2544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:17:48.0046 2544 Raspti - ok
14:17:48.0093 2544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:17:48.0218 2544 Rdbss - ok
14:17:48.0218 2544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:17:48.0328 2544 RDPCDD - ok
14:17:48.0343 2544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:17:48.0468 2544 rdpdr - ok
14:17:48.0531 2544 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:17:48.0625 2544 RDPWD - ok
14:17:48.0687 2544 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:17:48.0796 2544 RDSessMgr - ok
14:17:48.0812 2544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:17:48.0906 2544 redbook - ok
14:17:48.0953 2544 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:17:49.0078 2544 RemoteAccess - ok
14:17:49.0140 2544 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:17:49.0265 2544 RemoteRegistry - ok
14:17:49.0328 2544 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:17:49.0468 2544 RpcLocator - ok
14:17:49.0531 2544 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:17:49.0546 2544 RpcSs - ok
14:17:49.0656 2544 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:17:49.0765 2544 RSVP - ok
14:17:49.0765 2544 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:49.0875 2544 SamSs - ok
14:17:49.0921 2544 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:17:50.0031 2544 SCardSvr - ok
14:17:50.0109 2544 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:17:50.0218 2544 Schedule - ok
14:17:50.0250 2544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:17:50.0328 2544 Secdrv - ok
14:17:50.0359 2544 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:17:50.0484 2544 seclogon - ok
14:17:50.0546 2544 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:17:50.0671 2544 SENS - ok
14:17:50.0671 2544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:17:50.0781 2544 Serial - ok
14:17:50.0796 2544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:17:50.0937 2544 Sfloppy - ok
14:17:51.0000 2544 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:17:51.0109 2544 SharedAccess - ok
14:17:51.0187 2544 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:17:51.0218 2544 ShellHWDetection - ok
14:17:51.0234 2544 Simbad - ok
14:17:51.0265 2544 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:17:51.0406 2544 SLIP - ok
14:17:51.0421 2544 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:17:51.0531 2544 SONYPVU1 - ok
14:17:51.0546 2544 Sparrow - ok
14:17:51.0593 2544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:17:51.0734 2544 splitter - ok
14:17:51.0812 2544 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:17:51.0875 2544 Spooler - ok
14:17:51.0921 2544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:17:51.0968 2544 sr - ok
14:17:51.0984 2544 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:17:52.0046 2544 srservice - ok
14:17:52.0109 2544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:17:52.0187 2544 Srv - ok
14:17:52.0203 2544 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:17:52.0203 2544 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
14:17:52.0203 2544 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
14:17:52.0281 2544 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:17:52.0328 2544 SSDPSRV - ok
14:17:52.0328 2544 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
14:17:52.0359 2544 ssrtln ( UnsignedFile.Multi.Generic ) - warning
14:17:52.0359 2544 ssrtln - detected UnsignedFile.Multi.Generic (1)
14:17:52.0406 2544 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:17:52.0546 2544 StillCam - ok
14:17:52.0625 2544 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:17:52.0750 2544 stisvc - ok
14:17:52.0750 2544 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:17:52.0890 2544 streamip - ok
14:17:52.0937 2544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:17:53.0062 2544 swenum - ok
14:17:53.0078 2544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:17:53.0187 2544 swmidi - ok
14:17:53.0203 2544 SwPrv - ok
14:17:53.0203 2544 symc810 - ok
14:17:53.0203 2544 symc8xx - ok
14:17:53.0218 2544 sym_hi - ok
14:17:53.0218 2544 sym_u3 - ok
14:17:53.0234 2544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:17:53.0375 2544 sysaudio - ok
14:17:53.0453 2544 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:17:53.0578 2544 SysmonLog - ok
14:17:53.0656 2544 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:17:53.0765 2544 TapiSrv - ok
14:17:53.0843 2544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:17:53.0921 2544 Tcpip - ok
14:17:53.0953 2544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:17:54.0093 2544 TDPIPE - ok
14:17:54.0125 2544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:17:54.0250 2544 TDTCP - ok
14:17:54.0296 2544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:17:54.0406 2544 TermDD - ok
14:17:54.0484 2544 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:17:54.0656 2544 TermService - ok
14:17:54.0718 2544 tfsnboio (c89daabdff5bd984181f45adf6ddb24a) C:\WINDOWS\system32\dla\tfsnboio.sys
14:17:54.0734 2544 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0734 2544 tfsnboio - detected UnsignedFile.Multi.Generic (1)
14:17:54.0734 2544 tfsncofs (f093906c27fc9c59bd03d84807266107) C:\WINDOWS\system32\dla\tfsncofs.sys
14:17:54.0734 2544 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0734 2544 tfsncofs - detected UnsignedFile.Multi.Generic (1)
14:17:54.0750 2544 tfsndrct (9294575cdad17d1dadfcd98a2ca26e7a) C:\WINDOWS\system32\dla\tfsndrct.sys
14:17:54.0750 2544 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0750 2544 tfsndrct - detected UnsignedFile.Multi.Generic (1)
14:17:54.0750 2544 tfsndres (cdcc394cbaac183f9bdebf6d2f97c5c6) C:\WINDOWS\system32\dla\tfsndres.sys
14:17:54.0750 2544 tfsndres ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0750 2544 tfsndres - detected UnsignedFile.Multi.Generic (1)
14:17:54.0765 2544 tfsnifs (0a6c7c989dd76bb8989fd958ac5601d0) C:\WINDOWS\system32\dla\tfsnifs.sys
14:17:54.0781 2544 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0781 2544 tfsnifs - detected UnsignedFile.Multi.Generic (1)
14:17:54.0796 2544 tfsnopio (92a17c0d73500f9b9c3028da9e4cdba6) C:\WINDOWS\system32\dla\tfsnopio.sys
14:17:54.0796 2544 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0796 2544 tfsnopio - detected UnsignedFile.Multi.Generic (1)
14:17:54.0796 2544 tfsnpool (15ab1a2bb2b35eb1dcda39405114afc6) C:\WINDOWS\system32\dla\tfsnpool.sys
14:17:54.0796 2544 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0796 2544 tfsnpool - detected UnsignedFile.Multi.Generic (1)
14:17:54.0812 2544 tfsnudf (370d2779668bf3b8d14f34356c41ab9c) C:\WINDOWS\system32\dla\tfsnudf.sys
14:17:54.0828 2544 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0828 2544 tfsnudf - detected UnsignedFile.Multi.Generic (1)
14:17:54.0843 2544 tfsnudfa (4564799868c4bcdf28c8efc6d4c48c4b) C:\WINDOWS\system32\dla\tfsnudfa.sys
14:17:54.0843 2544 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
14:17:54.0843 2544 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
14:17:54.0859 2544 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:17:54.0875 2544 Themes - ok
14:17:54.0906 2544 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:17:54.0953 2544 TlntSvr - ok
14:17:54.0968 2544 TosIde - ok
14:17:55.0031 2544 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:17:55.0171 2544 TrkWks - ok
14:17:55.0187 2544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:17:55.0296 2544 Udfs - ok
14:17:55.0312 2544 ultra - ok
14:17:55.0390 2544 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe
14:17:55.0406 2544 UMWdf ( UnsignedFile.Multi.Generic ) - warning
14:17:55.0406 2544 UMWdf - detected UnsignedFile.Multi.Generic (1)
14:17:55.0453 2544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:17:55.0593 2544 Update - ok
14:17:55.0671 2544 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:17:55.0734 2544 upnphost - ok
14:17:55.0750 2544 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:17:55.0890 2544 UPS - ok
14:17:55.0906 2544 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:17:55.0953 2544 USBAAPL - ok
14:17:56.0000 2544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:17:56.0125 2544 usbccgp - ok
14:17:56.0187 2544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:17:56.0328 2544 usbehci - ok
14:17:56.0328 2544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:17:56.0453 2544 usbhub - ok
14:17:56.0500 2544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:17:56.0609 2544 usbprint - ok
14:17:56.0625 2544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:17:56.0734 2544 usbscan - ok
14:17:56.0734 2544 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:17:56.0843 2544 usbstor - ok
14:17:56.0875 2544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:17:56.0984 2544 usbuhci - ok
14:17:57.0046 2544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:17:57.0156 2544 VgaSave - ok
14:17:57.0156 2544 ViaIde - ok
14:17:57.0171 2544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:17:57.0296 2544 VolSnap - ok
14:17:57.0359 2544 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:17:57.0421 2544 VSS - ok
14:17:57.0484 2544 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:17:57.0640 2544 W32Time - ok
14:17:57.0671 2544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:17:57.0781 2544 Wanarp - ok
14:17:57.0796 2544 WDICA - ok
14:17:57.0859 2544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:17:58.0000 2544 wdmaud - ok
14:17:58.0046 2544 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:17:58.0156 2544 WebClient - ok
14:17:58.0203 2544 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:17:58.0312 2544 winmgmt - ok
14:17:58.0390 2544 WISTechVIDCAP (797454446c66ecdca790677f223d1e20) C:\WINDOWS\system32\drivers\wisgostrm.sys
14:17:58.0453 2544 WISTechVIDCAP - ok
14:17:58.0500 2544 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll
14:17:58.0515 2544 WmdmPmSN - ok
14:17:58.0640 2544 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:17:58.0671 2544 Wmi - ok
14:17:58.0734 2544 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:17:58.0859 2544 WmiApSrv - ok
14:17:58.0890 2544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:17:59.0000 2544 WS2IFSL - ok
14:17:59.0062 2544 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:17:59.0171 2544 wscsvc - ok
14:17:59.0234 2544 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:17:59.0359 2544 WSTCODEC - ok
14:17:59.0421 2544 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:17:59.0546 2544 wuauserv - ok
14:17:59.0656 2544 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:17:59.0765 2544 WZCSVC - ok
14:17:59.0828 2544 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:17:59.0937 2544 xmlprov - ok
14:17:59.0968 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:18:00.0453 2544 \Device\Harddisk0\DR0 - ok
14:18:00.0453 2544 Boot (0x1200) (c098ce30d33863184f1e47e843779cfb) \Device\Harddisk0\DR0\Partition0
14:18:00.0453 2544 \Device\Harddisk0\DR0\Partition0 - ok
14:18:00.0468 2544 ============================================================
14:18:00.0468 2544 Scan finished
14:18:00.0468 2544 ============================================================
14:18:00.0593 0684 Detected object count: 23
14:18:00.0593 0684 Actual detected object count: 23
14:21:10.0859 0684 ASAPIW2k ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0859 0684 ASAPIW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0859 0684 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0859 0684 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0875 0684 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0875 0684 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0890 0684 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0890 0684 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0906 0684 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0906 0684 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0906 0684 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0906 0684 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0906 0684 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0906 0684 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0906 0684 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0906 0684 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:10.0906 0684 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
14:21:10.0906 0684 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:21.0609 2132 Deinitialize success

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 21 June 2012 - 03:11 PM

Good evening. :)

I think I know what the problem is, but i'm having a little difficulty with my virtual machine - i'm testing the fix, or I would be if I could get it to play nicely. Once i've got it running i'll let you know.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users