Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Virus on Computer


  • Please log in to reply
1 reply to this topic

#1 msysinfo

msysinfo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 August 2012 - 11:01 AM

All, (Thanks in advance)
I have been getting the blue screen of death. I use this computer for all financial related info and would want to be secure.

Malwarebytes detected and deleted the following:

Happili
Trojan.agent.BRVGen

TDSKiller found a rootkit error and cured.

Still getting warning messages "Windows encountered a serious error" - looks like virus warning and also shows exceeded storage. McAfee does not work.

Attached is log from Mlwarebytes:

=================
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.09

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Milestone :: MCGPC [administrator]

Protection: Enabled

8/20/2012 9:43:27 PM
mbam-log-2012-08-20 (22-48-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 319771
Time elapsed: 58 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Milestone\Local Settings\Temp\257C.tmp (Trojan.Agent.BRVGen) -> No action taken.

(end)

============



TDSKILLER LOG
=====================================

21:29:21.0359 4072 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
21:29:21.0390 4072 ============================================================
21:29:21.0390 4072 Current date / time: 2012/08/20 21:29:21.0390
21:29:21.0390 4072 SystemInfo:
21:29:21.0390 4072
21:29:21.0390 4072 OS Version: 5.1.2600 ServicePack: 3.0
21:29:21.0390 4072 Product type: Workstation
21:29:21.0390 4072 ComputerName: MCGPC
21:29:21.0390 4072 UserName: Milestone
21:29:21.0390 4072 Windows directory: C:\WINDOWS
21:29:21.0390 4072 System windows directory: C:\WINDOWS
21:29:21.0390 4072 Processor architecture: Intel x86
21:29:21.0390 4072 Number of processors: 2
21:29:21.0390 4072 Page size: 0x1000
21:29:21.0390 4072 Boot type: Normal boot
21:29:21.0390 4072 ============================================================
21:29:24.0250 4072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:29:24.0312 4072 Drive \Device\Harddisk1\DR6 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:29:24.0312 4072 ============================================================
21:29:24.0312 4072 \Device\Harddisk0\DR0:
21:29:24.0312 4072 MBR partitions:
21:29:24.0312 4072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x7801F59
21:29:24.0328 4072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7821561, BlocksNum 0x1DC0C160
21:29:24.0328 4072 \Device\Harddisk1\DR6:
21:29:24.0328 4072 MBR partitions:
21:29:24.0328 4072 \Device\Harddisk1\DR6\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
21:29:24.0328 4072 ============================================================
21:29:24.0734 4072 C: <-> \Device\Harddisk0\DR0\Partition1
21:29:24.0781 4072 D: <-> \Device\Harddisk0\DR0\Partition2
21:29:24.0781 4072 ============================================================
21:29:24.0781 4072 Initialize success
21:29:24.0781 4072 ============================================================
21:29:45.0828 0664 ============================================================
21:29:45.0828 0664 Scan started
21:29:45.0828 0664 Mode: Manual; SigCheck; TDLFS;
21:29:45.0828 0664 ============================================================
21:29:46.0890 0664 ================ Scan system memory ========================
21:29:46.0890 0664 System memory - ok
21:29:46.0890 0664 ================ Scan services =============================
21:29:47.0000 0664 Abiosdsk - ok
21:29:47.0031 0664 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:29:47.0265 0664 abp480n5 - ok
21:29:47.0296 0664 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:29:47.0390 0664 ACPI - ok
21:29:47.0421 0664 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:29:47.0515 0664 ACPIEC - ok
21:29:47.0562 0664 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:47.0578 0664 AdobeFlashPlayerUpdateSvc - ok
21:29:47.0609 0664 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:29:47.0718 0664 adpu160m - ok
21:29:47.0765 0664 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:29:47.0859 0664 aec - ok
21:29:47.0937 0664 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:29:48.0046 0664 AFD - ok
21:29:48.0078 0664 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:29:48.0203 0664 agp440 - ok
21:29:48.0203 0664 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:29:48.0281 0664 agpCPQ - ok
21:29:48.0296 0664 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:29:48.0328 0664 Aha154x - ok
21:29:48.0343 0664 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:29:48.0406 0664 aic78u2 - ok
21:29:48.0437 0664 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:29:48.0500 0664 aic78xx - ok
21:29:48.0515 0664 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:29:48.0609 0664 Alerter - ok
21:29:48.0625 0664 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:29:48.0656 0664 ALG - ok
21:29:48.0671 0664 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:29:48.0750 0664 AliIde - ok
21:29:48.0750 0664 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:29:48.0828 0664 alim1541 - ok
21:29:48.0906 0664 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
21:29:48.0906 0664 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning
21:29:48.0906 0664 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)
21:29:48.0937 0664 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:29:49.0015 0664 amdagp - ok
21:29:49.0031 0664 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:29:49.0062 0664 amsint - ok
21:29:49.0109 0664 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:29:49.0125 0664 Apple Mobile Device - ok
21:29:49.0171 0664 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:29:49.0218 0664 AppMgmt - ok
21:29:49.0234 0664 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:29:49.0296 0664 asc - ok
21:29:49.0328 0664 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:29:49.0359 0664 asc3350p - ok
21:29:49.0375 0664 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:29:49.0437 0664 asc3550 - ok
21:29:49.0500 0664 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:29:49.0531 0664 aspnet_state - ok
21:29:49.0546 0664 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:29:49.0609 0664 AsyncMac - ok
21:29:49.0640 0664 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:29:49.0703 0664 atapi - ok
21:29:49.0703 0664 Atdisk - ok
21:29:49.0734 0664 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:29:49.0812 0664 Atmarpc - ok
21:29:49.0843 0664 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:29:49.0906 0664 AudioSrv - ok
21:29:49.0921 0664 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:29:49.0984 0664 audstub - ok
21:29:50.0015 0664 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:29:50.0078 0664 Beep - ok
21:29:50.0140 0664 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:29:50.0250 0664 BITS - ok
21:29:50.0312 0664 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:29:50.0328 0664 Bonjour Service - ok
21:29:50.0359 0664 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
21:29:50.0437 0664 Browser - ok
21:29:50.0546 0664 [ 5977F29C17372830E1947265C818EBE9 ] CA_LIC_CLNT C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
21:29:50.0546 0664 CA_LIC_CLNT ( UnsignedFile.Multi.Generic ) - warning
21:29:50.0546 0664 CA_LIC_CLNT - detected UnsignedFile.Multi.Generic (1)
21:29:50.0578 0664 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:29:50.0671 0664 cbidf - ok
21:29:50.0671 0664 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:29:50.0765 0664 cbidf2k - ok
21:29:50.0796 0664 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:29:50.0828 0664 cd20xrnt - ok
21:29:50.0843 0664 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:29:50.0906 0664 Cdaudio - ok
21:29:50.0937 0664 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:29:51.0015 0664 Cdfs - ok
21:29:51.0046 0664 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:29:51.0109 0664 Cdrom - ok
21:29:51.0125 0664 cerc6 - ok
21:29:51.0125 0664 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
21:29:51.0140 0664 cfwids - ok
21:29:51.0140 0664 Changer - ok
21:29:51.0187 0664 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:29:51.0265 0664 CiSvc - ok
21:29:51.0281 0664 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:29:51.0359 0664 ClipSrv - ok
21:29:51.0406 0664 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:51.0453 0664 clr_optimization_v2.0.50727_32 - ok
21:29:51.0484 0664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:51.0546 0664 clr_optimization_v4.0.30319_32 - ok
21:29:51.0562 0664 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:29:51.0640 0664 CmdIde - ok
21:29:51.0640 0664 COMSysApp - ok
21:29:51.0656 0664 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:29:51.0734 0664 Cpqarray - ok
21:29:51.0765 0664 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:29:51.0843 0664 CryptSvc - ok
21:29:51.0859 0664 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:29:51.0906 0664 CVirtA - ok
21:29:51.0937 0664 [ 16DDB343F0E77133DE96E211E1A4DCD2 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:29:51.0937 0664 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:29:51.0937 0664 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:29:51.0968 0664 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:29:52.0046 0664 dac2w2k - ok
21:29:52.0078 0664 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:29:52.0156 0664 dac960nt - ok
21:29:52.0203 0664 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:29:52.0312 0664 DcomLaunch - ok
21:29:52.0343 0664 [ D514B430E2989F846137828C90370C16 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
21:29:52.0359 0664 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
21:29:52.0359 0664 DgiVecp - detected UnsignedFile.Multi.Generic (1)
21:29:52.0406 0664 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:29:52.0500 0664 Dhcp - ok
21:29:52.0546 0664 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:29:52.0656 0664 Disk - ok
21:29:52.0671 0664 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
21:29:52.0687 0664 DLABMFSM - ok
21:29:52.0687 0664 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
21:29:52.0703 0664 DLABOIOM - ok
21:29:52.0703 0664 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:29:52.0703 0664 DLACDBHM - ok
21:29:52.0703 0664 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
21:29:52.0718 0664 DLADResM - ok
21:29:52.0718 0664 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
21:29:52.0734 0664 DLAIFS_M - ok
21:29:52.0734 0664 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
21:29:52.0734 0664 DLAOPIOM - ok
21:29:52.0750 0664 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
21:29:52.0750 0664 DLAPoolM - ok
21:29:52.0750 0664 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:29:52.0765 0664 DLARTL_M - ok
21:29:52.0765 0664 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
21:29:52.0781 0664 DLAUDFAM - ok
21:29:52.0781 0664 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
21:29:52.0796 0664 DLAUDF_M - ok
21:29:52.0796 0664 dmadmin - ok
21:29:52.0875 0664 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:29:52.0968 0664 dmboot - ok
21:29:53.0031 0664 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
21:29:53.0093 0664 dmio - ok
21:29:53.0109 0664 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:29:53.0187 0664 dmload - ok
21:29:53.0218 0664 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:29:53.0281 0664 dmserver - ok
21:29:53.0312 0664 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:29:53.0390 0664 DMusic - ok
21:29:53.0406 0664 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:29:53.0468 0664 Dnscache - ok
21:29:53.0515 0664 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:29:53.0593 0664 Dot3svc - ok
21:29:53.0609 0664 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:29:53.0671 0664 dpti2o - ok
21:29:53.0703 0664 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:29:53.0781 0664 drmkaud - ok
21:29:53.0796 0664 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:29:53.0812 0664 DRVMCDB - ok
21:29:53.0812 0664 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:29:53.0812 0664 DRVNDDM - ok
21:29:53.0843 0664 [ E6B6DD5A355C432045219FAD8512FB70 ] dsNcAdpt C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
21:29:53.0875 0664 dsNcAdpt - ok
21:29:53.0921 0664 [ CE235D0AF501D4A622B0B8CFE7963B32 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
21:29:53.0937 0664 dsNcService - ok
21:29:53.0968 0664 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:29:53.0968 0664 e1express - ok
21:29:53.0984 0664 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:29:54.0062 0664 EapHost - ok
21:29:54.0062 0664 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:29:54.0140 0664 ERSvc - ok
21:29:54.0171 0664 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
21:29:54.0234 0664 Eventlog - ok
21:29:54.0281 0664 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll
21:29:54.0375 0664 EventSystem - ok
21:29:54.0421 0664 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:29:54.0484 0664 Fastfat - ok
21:29:54.0531 0664 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:29:54.0609 0664 FastUserSwitchingCompatibility - ok
21:29:54.0640 0664 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:29:54.0718 0664 Fax - ok
21:29:54.0734 0664 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:29:54.0812 0664 Fdc - ok
21:29:54.0843 0664 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:29:54.0906 0664 Fips - ok
21:29:54.0921 0664 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:29:54.0984 0664 Flpydisk - ok
21:29:55.0015 0664 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:29:55.0093 0664 FltMgr - ok
21:29:55.0140 0664 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:29:55.0140 0664 FontCache3.0.0.0 - ok
21:29:55.0171 0664 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:29:55.0250 0664 Fs_Rec - ok
21:29:55.0281 0664 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:29:55.0375 0664 Ftdisk - ok
21:29:55.0406 0664 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:29:55.0406 0664 GEARAspiWDM - ok
21:29:55.0468 0664 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:29:55.0468 0664 GoogleDesktopManager-051210-111108 - ok
21:29:55.0515 0664 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:29:55.0593 0664 Gpc - ok
21:29:55.0609 0664 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:29:55.0625 0664 gupdate - ok
21:29:55.0625 0664 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:29:55.0640 0664 gupdatem - ok
21:29:55.0671 0664 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:29:55.0671 0664 gusvc - ok
21:29:55.0718 0664 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:29:55.0796 0664 HDAudBus - ok
21:29:55.0812 0664 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:29:55.0890 0664 helpsvc - ok
21:29:55.0921 0664 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:29:56.0000 0664 HidServ - ok
21:29:56.0015 0664 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:29:56.0093 0664 hidusb - ok
21:29:56.0125 0664 [ 47EECE68857817F39C8C6F33A7E5E76C ] hitmanpro36 C:\WINDOWS\system32\drivers\hitmanpro36.sys
21:29:56.0125 0664 hitmanpro36 - ok
21:29:56.0171 0664 [ 54D9E71DD3F6DF476B99543F88650EDF ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
21:29:56.0171 0664 HitmanProScheduler - ok
21:29:56.0234 0664 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:29:56.0312 0664 hkmsvc - ok
21:29:56.0343 0664 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:29:56.0406 0664 hpn - ok
21:29:56.0453 0664 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:29:56.0531 0664 HTTP - ok
21:29:56.0578 0664 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:29:56.0640 0664 HTTPFilter - ok
21:29:56.0671 0664 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:29:56.0734 0664 i2omgmt - ok
21:29:56.0765 0664 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:29:56.0843 0664 i2omp - ok
21:29:57.0406 0664 [ 28423512370705AEDA6A652FEDB25468 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:29:57.0625 0664 ialm - ok
21:29:57.0671 0664 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\WINDOWS\system32\drivers\iastor.sys
21:29:57.0687 0664 iaStor - ok
21:29:57.0750 0664 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:29:57.0765 0664 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:29:57.0765 0664 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:29:57.0828 0664 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:57.0859 0664 idsvc - ok
21:29:57.0906 0664 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:29:58.0015 0664 Imapi - ok
21:29:58.0078 0664 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:29:58.0156 0664 ImapiService - ok
21:29:58.0187 0664 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:29:58.0265 0664 ini910u - ok
21:29:58.0343 0664 [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:29:58.0500 0664 IntcAzAudAddService - ok
21:29:58.0531 0664 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:29:58.0609 0664 IntelIde - ok
21:29:58.0640 0664 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:29:58.0703 0664 intelppm - ok
21:29:58.0734 0664 [ 7BDB4E00E1CB174B56E5B2C31DDE68A7 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:29:58.0750 0664 IntuitUpdateService - ok
21:29:58.0796 0664 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:29:58.0812 0664 IntuitUpdateServiceV4 - ok
21:29:58.0843 0664 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:29:58.0937 0664 Ip6Fw - ok
21:29:58.0968 0664 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:29:59.0062 0664 IpFilterDriver - ok
21:29:59.0078 0664 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:29:59.0171 0664 IpInIp - ok
21:29:59.0218 0664 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:29:59.0328 0664 IpNat - ok
21:29:59.0359 0664 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:29:59.0390 0664 iPod Service - ok
21:29:59.0421 0664 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:29:59.0515 0664 IPSec - ok
21:29:59.0531 0664 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:29:59.0578 0664 IRENUM - ok
21:29:59.0593 0664 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:29:59.0703 0664 isapnp - ok
21:29:59.0781 0664 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:29:59.0796 0664 JavaQuickStarterService - ok
21:29:59.0812 0664 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:29:59.0906 0664 Kbdclass - ok
21:29:59.0937 0664 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:30:00.0015 0664 kbdhid - ok
21:30:00.0062 0664 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:30:00.0171 0664 kmixer - ok
21:30:00.0187 0664 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:30:00.0296 0664 KSecDD - ok
21:30:00.0343 0664 [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:30:00.0421 0664 LanmanServer - ok
21:30:00.0468 0664 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:30:00.0546 0664 lanmanworkstation - ok
21:30:00.0546 0664 lbrtfdc - ok
21:30:00.0562 0664 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:30:00.0640 0664 LmHosts - ok
21:30:00.0718 0664 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
21:30:00.0718 0664 LMIGuardianSvc - ok
21:30:00.0765 0664 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
21:30:00.0765 0664 LMIInfo - ok
21:30:00.0781 0664 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
21:30:00.0796 0664 LMIMaint - ok
21:30:00.0812 0664 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
21:30:00.0812 0664 lmimirr - ok
21:30:00.0812 0664 LMIRfsClientNP - ok
21:30:00.0843 0664 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
21:30:00.0859 0664 LMIRfsDriver - ok
21:30:00.0890 0664 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
21:30:00.0890 0664 LogMeIn - ok
21:30:00.0921 0664 [ A9DB7D02AE9419A5F2126A5DA1620B1A ] LogWatch C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
21:30:00.0921 0664 LogWatch ( UnsignedFile.Multi.Generic ) - warning
21:30:00.0921 0664 LogWatch - detected UnsignedFile.Multi.Generic (1)
21:30:00.0953 0664 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:30:00.0953 0664 MBAMProtector - ok
21:30:00.0984 0664 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:30:01.0015 0664 MBAMService - ok
21:30:01.0046 0664 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:30:01.0046 0664 MBAMSwissArmy - ok
21:30:01.0093 0664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:30:01.0109 0664 McAfee SiteAdvisor Service - ok
21:30:01.0109 0664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:30:01.0125 0664 mcmscsvc - ok
21:30:01.0140 0664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:30:01.0156 0664 McNaiAnn - ok
21:30:01.0203 0664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:30:01.0203 0664 McNASvc - ok
21:30:01.0312 0664 [ 135AA9E9E7047B7DC1F753205D421A26 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
21:30:01.0328 0664 McODS - ok
21:30:01.0359 0664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McOobeSv C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:30:01.0359 0664 McOobeSv - ok
21:30:01.0390 0664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:30:01.0406 0664 McProxy - ok
21:30:01.0453 0664 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:30:01.0468 0664 McShield - ok
21:30:01.0546 0664 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:30:01.0546 0664 MDM - ok
21:30:01.0562 0664 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:30:01.0671 0664 Messenger - ok
21:30:01.0687 0664 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
21:30:01.0703 0664 mfeapfk - ok
21:30:01.0718 0664 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
21:30:01.0718 0664 mfeavfk - ok
21:30:01.0734 0664 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
21:30:01.0734 0664 mfebopk - ok
21:30:01.0750 0664 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:30:01.0765 0664 mfefire - ok
21:30:01.0765 0664 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
21:30:01.0781 0664 mfefirek - ok
21:30:01.0828 0664 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
21:30:01.0843 0664 mfehidk - ok
21:30:01.0890 0664 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:30:01.0890 0664 mfendisk - ok
21:30:01.0890 0664 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:30:01.0906 0664 mfendiskmp - ok
21:30:01.0921 0664 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
21:30:01.0937 0664 mferkdet - ok
21:30:01.0953 0664 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
21:30:01.0953 0664 mfetdi2k - ok
21:30:01.0984 0664 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
21:30:01.0984 0664 mfevtp - ok
21:30:02.0015 0664 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:30:02.0078 0664 mnmdd - ok
21:30:02.0093 0664 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:30:02.0187 0664 mnmsrvc - ok
21:30:02.0218 0664 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:30:02.0296 0664 Modem - ok
21:30:02.0328 0664 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:30:02.0421 0664 Mouclass - ok
21:30:02.0468 0664 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:30:02.0562 0664 mouhid - ok
21:30:02.0593 0664 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:30:02.0687 0664 MountMgr - ok
21:30:02.0734 0664 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:30:02.0750 0664 MozillaMaintenance - ok
21:30:02.0765 0664 [ BC2A92CFF784555ED622F861CB34F2E6 ] MPFP C:\WINDOWS\system32\Drivers\Mpfp.sys
21:30:02.0781 0664 MPFP - ok
21:30:02.0796 0664 MpfService - ok
21:30:02.0828 0664 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:30:02.0906 0664 mraid35x - ok
21:30:02.0921 0664 [ 6075DE2AD531F6E30C9995DFDA22001F ] mrtRate C:\WINDOWS\system32\drivers\mrtRate.sys
21:30:02.0937 0664 mrtRate ( UnsignedFile.Multi.Generic ) - warning
21:30:02.0937 0664 mrtRate - detected UnsignedFile.Multi.Generic (1)
21:30:02.0968 0664 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:30:03.0031 0664 MRxDAV - ok
21:30:03.0093 0664 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:30:03.0171 0664 MRxSmb - ok
21:30:03.0203 0664 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:30:03.0296 0664 MSDTC - ok
21:30:03.0312 0664 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:30:03.0390 0664 Msfs - ok
21:30:03.0390 0664 MSIServer - ok
21:30:03.0406 0664 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:30:03.0468 0664 MSKSSRV - ok
21:30:03.0500 0664 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:30:03.0562 0664 MSPCLOCK - ok
21:30:03.0578 0664 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:30:03.0656 0664 MSPQM - ok
21:30:03.0687 0664 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:30:03.0734 0664 mssmbios - ok
21:30:03.0781 0664 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:30:03.0843 0664 Mup - ok
21:30:03.0890 0664 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:30:03.0953 0664 napagent - ok
21:30:04.0000 0664 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:30:04.0078 0664 NDIS - ok
21:30:04.0109 0664 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:30:04.0187 0664 NdisTapi - ok
21:30:04.0234 0664 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:30:04.0296 0664 Ndisuio - ok
21:30:04.0328 0664 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:30:04.0406 0664 NdisWan - ok
21:30:04.0437 0664 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:30:04.0500 0664 NDProxy - ok
21:30:04.0531 0664 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:30:04.0593 0664 NetBIOS - ok
21:30:04.0640 0664 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:30:04.0703 0664 NetBT - ok
21:30:04.0734 0664 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:30:04.0796 0664 NetDDE - ok
21:30:04.0796 0664 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:30:04.0859 0664 NetDDEdsdm - ok
21:30:04.0890 0664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:30:04.0953 0664 Netlogon - ok
21:30:04.0984 0664 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:30:05.0046 0664 Netman - ok
21:30:05.0078 0664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:30:05.0109 0664 NetTcpPortSharing - ok
21:30:05.0156 0664 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
21:30:05.0250 0664 Nla - ok
21:30:05.0281 0664 [ C3963D85B721A7F80D8A55F4E2867A3A ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
21:30:05.0531 0664 nmwcd - ok
21:30:05.0593 0664 [ 3859C69A77793180548802DAC9F34A38 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:30:05.0656 0664 nmwcdc - ok
21:30:05.0687 0664 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:30:05.0781 0664 Npfs - ok
21:30:05.0843 0664 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:30:05.0968 0664 Ntfs - ok
21:30:05.0984 0664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:30:06.0078 0664 NtLmSsp - ok
21:30:06.0140 0664 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:30:06.0343 0664 NtmsSvc - ok
21:30:06.0359 0664 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:30:06.0453 0664 Null - ok
21:30:06.0484 0664 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:30:06.0578 0664 NwlnkFlt - ok
21:30:06.0609 0664 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:30:06.0703 0664 NwlnkFwd - ok
21:30:06.0734 0664 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:06.0734 0664 ose - ok
21:30:06.0765 0664 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:30:06.0875 0664 Parport - ok
21:30:06.0890 0664 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:30:06.0984 0664 PartMgr - ok
21:30:07.0000 0664 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:30:07.0109 0664 ParVdm - ok
21:30:07.0140 0664 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:30:07.0171 0664 pccsmcfd - ok
21:30:07.0203 0664 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:30:07.0281 0664 PCI - ok
21:30:07.0281 0664 PCIDump - ok
21:30:07.0312 0664 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:30:07.0390 0664 PCIIde - ok
21:30:07.0421 0664 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:30:07.0484 0664 Pcmcia - ok
21:30:07.0484 0664 PDCOMP - ok
21:30:07.0484 0664 PDFRAME - ok
21:30:07.0500 0664 PDRELI - ok
21:30:07.0500 0664 PDRFRAME - ok
21:30:07.0515 0664 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:30:07.0578 0664 perc2 - ok
21:30:07.0593 0664 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:30:07.0656 0664 perc2hib - ok
21:30:07.0687 0664 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
21:30:07.0906 0664 PlugPlay - ok
21:30:07.0921 0664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:30:07.0984 0664 PolicyAgent - ok
21:30:08.0000 0664 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:30:08.0078 0664 PptpMiniport - ok
21:30:08.0109 0664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:30:08.0171 0664 ProtectedStorage - ok
21:30:08.0203 0664 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:30:08.0265 0664 PSched - ok
21:30:08.0281 0664 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:30:08.0359 0664 Ptilink - ok
21:30:08.0406 0664 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:30:08.0406 0664 PxHelp20 - ok
21:30:08.0453 0664 [ 291E76C02C0994E4E6F1F97A4BCF6C0E ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
21:30:08.0468 0664 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
21:30:08.0468 0664 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
21:30:08.0531 0664 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
21:30:08.0531 0664 QBFCService ( UnsignedFile.Multi.Generic ) - warning
21:30:08.0531 0664 QBFCService - detected UnsignedFile.Multi.Generic (1)
21:30:08.0609 0664 [ 0C7B65C8743442A37152FCFAC5F7D16A ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
21:30:08.0640 0664 QBVSS ( UnsignedFile.Multi.Generic ) - warning
21:30:08.0640 0664 QBVSS - detected UnsignedFile.Multi.Generic (1)
21:30:08.0671 0664 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:30:08.0750 0664 ql1080 - ok
21:30:08.0781 0664 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:30:08.0843 0664 Ql10wnt - ok
21:30:08.0859 0664 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:30:08.0937 0664 ql12160 - ok
21:30:08.0937 0664 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:30:09.0046 0664 ql1240 - ok
21:30:09.0062 0664 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:30:09.0109 0664 ql1280 - ok
21:30:09.0140 0664 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:30:09.0203 0664 RasAcd - ok
21:30:09.0250 0664 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:30:09.0312 0664 RasAuto - ok
21:30:09.0343 0664 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:30:09.0406 0664 Rasl2tp - ok
21:30:09.0453 0664 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:30:09.0531 0664 RasMan - ok
21:30:09.0546 0664 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:30:09.0625 0664 RasPppoe - ok
21:30:09.0640 0664 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:30:09.0703 0664 Raspti - ok
21:30:09.0734 0664 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:30:09.0812 0664 Rdbss - ok
21:30:09.0812 0664 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:30:09.0890 0664 RDPCDD - ok
21:30:09.0921 0664 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:30:09.0984 0664 rdpdr - ok
21:30:10.0000 0664 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:30:10.0078 0664 RDPWD - ok
21:30:10.0125 0664 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:30:10.0203 0664 RDSessMgr - ok
21:30:10.0218 0664 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:30:10.0281 0664 redbook - ok
21:30:10.0312 0664 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:30:10.0390 0664 RemoteAccess - ok
21:30:10.0421 0664 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:30:10.0484 0664 RemoteRegistry - ok
21:30:10.0500 0664 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:30:10.0546 0664 RpcLocator - ok
21:30:10.0625 0664 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:30:10.0687 0664 RpcSs - ok
21:30:10.0718 0664 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:30:10.0781 0664 RSVP - ok
21:30:10.0796 0664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:30:10.0859 0664 SamSs - ok
21:30:10.0875 0664 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:30:10.0953 0664 SCardSvr - ok
21:30:10.0968 0664 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:30:11.0031 0664 Schedule - ok
21:30:11.0046 0664 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:30:11.0078 0664 Secdrv - ok
21:30:11.0109 0664 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:30:11.0187 0664 seclogon - ok
21:30:11.0218 0664 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:30:11.0281 0664 SENS - ok
21:30:11.0312 0664 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:30:11.0375 0664 Serial - ok
21:30:11.0468 0664 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:30:11.0484 0664 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:30:11.0484 0664 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:30:11.0500 0664 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:30:11.0578 0664 Sfloppy - ok
21:30:11.0640 0664 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:30:11.0718 0664 SharedAccess - ok
21:30:11.0750 0664 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:30:11.0812 0664 ShellHWDetection - ok
21:30:11.0812 0664 Simbad - ok
21:30:11.0843 0664 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:30:11.0906 0664 sisagp - ok
21:30:11.0937 0664 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:30:11.0937 0664 SkypeUpdate - ok
21:30:11.0968 0664 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:30:12.0046 0664 SONYPVU1 - ok
21:30:12.0062 0664 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:30:12.0093 0664 Sparrow - ok
21:30:12.0125 0664 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:30:12.0218 0664 splitter - ok
21:30:12.0265 0664 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:30:12.0328 0664 Spooler - ok
21:30:12.0343 0664 sprtsvc_dellsupportcenter - ok
21:30:12.0375 0664 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:30:12.0406 0664 sr - ok
21:30:12.0421 0664 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:30:12.0468 0664 srservice - ok
21:30:12.0515 0664 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:30:12.0593 0664 Srv - ok
21:30:12.0625 0664 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:30:12.0671 0664 SSDPSRV - ok
21:30:12.0718 0664 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:30:12.0812 0664 stisvc - ok
21:30:12.0843 0664 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:30:12.0843 0664 stllssvr ( UnsignedFile.Multi.Generic ) - warning
21:30:12.0843 0664 stllssvr - detected UnsignedFile.Multi.Generic (1)
21:30:12.0859 0664 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:30:12.0937 0664 swenum - ok
21:30:12.0968 0664 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:30:13.0015 0664 swmidi - ok
21:30:13.0031 0664 SwPrv - ok
21:30:13.0046 0664 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:30:13.0109 0664 symc810 - ok
21:30:13.0140 0664 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:30:13.0234 0664 symc8xx - ok
21:30:13.0265 0664 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:30:13.0328 0664 sym_hi - ok
21:30:13.0359 0664 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:30:13.0421 0664 sym_u3 - ok
21:30:13.0468 0664 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:30:13.0531 0664 sysaudio - ok
21:30:13.0578 0664 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:30:13.0640 0664 SysmonLog - ok
21:30:13.0671 0664 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:30:13.0750 0664 TapiSrv - ok
21:30:13.0796 0664 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:30:13.0875 0664 Tcpip - ok
21:30:13.0875 0664 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:30:13.0937 0664 TDPIPE - ok
21:30:13.0953 0664 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:30:14.0015 0664 TDTCP - ok
21:30:14.0031 0664 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:30:14.0093 0664 TermDD - ok
21:30:14.0187 0664 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:30:14.0281 0664 TermService - ok
21:30:14.0312 0664 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:30:14.0375 0664 Themes - ok
21:30:14.0390 0664 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:30:14.0437 0664 TlntSvr - ok
21:30:14.0468 0664 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:30:14.0531 0664 TosIde - ok
21:30:14.0562 0664 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:30:14.0625 0664 TrkWks - ok
21:30:14.0656 0664 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:30:14.0703 0664 Udfs - ok
21:30:14.0734 0664 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:30:14.0765 0664 ultra - ok
21:30:14.0812 0664 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:30:14.0890 0664 Update - ok
21:30:14.0953 0664 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:30:15.0000 0664 upnphost - ok
21:30:15.0015 0664 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:30:15.0062 0664 upperdev - ok
21:30:15.0093 0664 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:30:15.0203 0664 UPS - ok
21:30:15.0234 0664 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:30:15.0265 0664 USBAAPL - ok
21:30:15.0296 0664 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:30:15.0390 0664 usbaudio - ok
21:30:15.0421 0664 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:30:15.0515 0664 usbccgp - ok
21:30:15.0531 0664 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:30:15.0625 0664 usbehci - ok
21:30:15.0656 0664 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:30:15.0750 0664 usbhub - ok
21:30:15.0781 0664 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:30:15.0890 0664 usbprint - ok
21:30:15.0906 0664 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:30:16.0000 0664 usbscan - ok
21:30:16.0015 0664 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
21:30:16.0125 0664 usbser - ok
21:30:16.0125 0664 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:30:16.0203 0664 UsbserFilt - ok
21:30:16.0218 0664 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:30:16.0281 0664 USBSTOR - ok
21:30:16.0296 0664 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:30:16.0359 0664 usbuhci - ok
21:30:16.0375 0664 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:30:16.0437 0664 VgaSave - ok
21:30:16.0468 0664 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:30:16.0531 0664 viaagp - ok
21:30:16.0562 0664 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:30:16.0625 0664 ViaIde - ok
21:30:16.0656 0664 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:30:16.0718 0664 VolSnap - ok
21:30:16.0765 0664 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:30:16.0796 0664 VSS - ok
21:30:16.0828 0664 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
21:30:16.0906 0664 w32time - ok
21:30:16.0921 0664 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:30:16.0984 0664 Wanarp - ok
21:30:17.0015 0664 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:30:17.0031 0664 WDC_SAM - ok
21:30:17.0078 0664 [ 300B4847E1157BDD7A306B18ED65A97E ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
21:30:17.0078 0664 WDDMService ( UnsignedFile.Multi.Generic ) - warning
21:30:17.0078 0664 WDDMService - detected UnsignedFile.Multi.Generic (1)
21:30:17.0125 0664 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:30:17.0140 0664 Wdf01000 - ok
21:30:17.0140 0664 WDICA - ok
21:30:17.0203 0664 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:30:17.0281 0664 wdmaud - ok
21:30:17.0328 0664 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
21:30:17.0343 0664 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
21:30:17.0343 0664 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
21:30:17.0375 0664 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:30:17.0453 0664 WebClient - ok
21:30:17.0500 0664 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:30:17.0593 0664 winmgmt - ok
21:30:17.0640 0664 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:30:17.0734 0664 WmdmPmSN - ok
21:30:17.0796 0664 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:30:17.0937 0664 Wmi - ok
21:30:17.0968 0664 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:30:18.0078 0664 WmiApSrv - ok
21:30:18.0140 0664 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:30:18.0343 0664 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
21:30:18.0343 0664 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
21:30:18.0359 0664 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:30:18.0375 0664 WpdUsb ( UnsignedFile.Multi.Generic ) - warning
21:30:18.0375 0664 WpdUsb - detected UnsignedFile.Multi.Generic (1)
21:30:18.0453 0664 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:30:18.0484 0664 WPFFontCache_v0400 - ok
21:30:18.0500 0664 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:30:18.0578 0664 WS2IFSL - ok
21:30:18.0609 0664 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:30:18.0671 0664 wscsvc - ok
21:30:18.0687 0664 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:30:18.0750 0664 wuauserv - ok
21:30:18.0781 0664 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:30:18.0796 0664 WudfPf - ok
21:30:18.0828 0664 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:30:18.0843 0664 WudfRd - ok
21:30:18.0890 0664 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:30:18.0906 0664 WudfSvc - ok
21:30:18.0968 0664 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:30:19.0046 0664 WZCSVC - ok
21:30:19.0093 0664 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:30:19.0156 0664 xmlprov - ok
21:30:19.0171 0664 ================ Scan global ===============================
21:30:19.0203 0664 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:30:19.0296 0664 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
21:30:19.0312 0664 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
21:30:19.0328 0664 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
21:30:19.0343 0664 [Global] - ok
21:30:19.0343 0664 ================ Scan MBR ==================================
21:30:19.0343 0664 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:30:19.0343 0664 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:30:19.0375 0664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:30:19.0375 0664 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:30:19.0390 0664 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:30:19.0390 0664 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:30:19.0406 0664 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR6
21:30:19.0500 0664 \Device\Harddisk1\DR6 - ok
21:30:19.0500 0664 ================ Scan VBR ==================================
21:30:19.0515 0664 [ 705D3A2D0769173E955B50A752D3819A ] \Device\Harddisk0\DR0\Partition1
21:30:19.0515 0664 \Device\Harddisk0\DR0\Partition1 - ok
21:30:19.0531 0664 [ 3778209249B9FA2CE31455483487AF0A ] \Device\Harddisk0\DR0\Partition2
21:30:19.0531 0664 \Device\Harddisk0\DR0\Partition2 - ok
21:30:19.0531 0664 [ 08B8D4D0BD37840BEAEEB9E4B7B97C95 ] \Device\Harddisk1\DR6\Partition1
21:30:19.0531 0664 \Device\Harddisk1\DR6\Partition1 - ok
21:30:19.0531 0664 ============================================================
21:30:19.0531 0664 Scan finished
21:30:19.0531 0664 ============================================================
21:30:19.0640 3168 Detected object count: 18
21:30:19.0640 3168 Actual detected object count: 18
21:31:04.0765 3168 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0765 3168 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0765 3168 CA_LIC_CLNT ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0765 3168 CA_LIC_CLNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0765 3168 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0765 3168 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0765 3168 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0765 3168 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0765 3168 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0765 3168 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0765 3168 LogWatch ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0765 3168 LogWatch ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 mrtRate ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 mrtRate ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:04.0781 3168 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:04.0781 3168 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:05.0375 3168 \Device\Harddisk0\DR0\# - copied to quarantine
21:31:05.0375 3168 \Device\Harddisk0\DR0 - copied to quarantine
21:31:05.0390 3168 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:31:05.0406 3168 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:31:05.0406 3168 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:31:05.0406 3168 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:31:05.0406 3168 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:31:05.0437 3168 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:31:05.0437 3168 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:31:05.0453 3168 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:31:05.0453 3168 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:31:05.0453 3168 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:31:05.0453 3168 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:31:05.0453 3168 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:31:05.0453 3168 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:31:05.0453 3168 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:31:05.0484 3168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:31:05.0484 3168 \Device\Harddisk0\DR0 - ok
21:31:05.0484 3168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:31:05.0484 3168 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:31:05.0484 3168 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:31:10.0718 3668 Deinitialize success

===========================

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:36 PM

Posted 21 August 2012 - 12:13 PM

Hello and welcome. I moved this to the Am I Infected forum.

Please post your Malware bytes log.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.


Now rerun TDSSKiler and change the option on these 2 to Cure or Delte.
21:31:05.0484 3168 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:31:05.0484 3168 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users