Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gave remote access, might have malware.


  • Please log in to reply
5 replies to this topic

#1 afewproblems

afewproblems

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 01 October 2013 - 09:47 PM

Hello.  This account is being used by two people: the PC owner and a neighbor who is trying to help.  The PC owner had a cold call at the beginning of September which claimed to be able to tell that the PC owner was sending infected files.  A week later, the neighbor heard about this and recognized this as a tech support scam.  The neighbor was able to determine that the tech support scammer had installed the free version of AVG AntiVirus, but not much else. 

 

The neighbor attempted to run a few free tools to find out if any malicious software was left behind, but due to problems with saving the logs or virus scanners apparently crashing, the neighbor and the PC owner never found any conclusive results for most of those.  The neighbor was following some advice given on a different forum to the victim of a similar scam (link), so dds logs have already been created, but the neighbor would rather have someone who understands them take a look at them. 

 

The neighbor also ran TDSSKiller, but set to Verify Driver Digital Signature and Detect TDLFS file system.  No actions were taken to remove anything using this tool, but a TDSS file system was detected; we don't know what is on it, yet.

 

The scammers apparently used TeamViewer to access the PC owner's computer, and maybe LogMeIn Rescue.  An empty folder was left for LogMeIn Rescue, but program files remained for TeamViewer.  The neighbor copied a TeamViewer8_logfile which covered the time of the scammers activities, but deleted the program files.

 

Some time has passed and we would like to request some help with determining what, if any, malicious software was left behind.

 

 

Thanks,

PC owner and Neighbor



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:53 AM

Posted 01 October 2013 - 09:59 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware
 

Please download Malwarebytes Anti-Malware
and save it to your desktop.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



SUPERAntiSpyware:
 
 

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Now GMER
 
 

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


Edited by cryptodan, 01 October 2013 - 10:02 PM.


#3 afewproblems

afewproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 02 October 2013 - 12:17 AM

Hi, cryptodan.  This is the neighbor.  I'm on night shift hours, so I may make some replies when the PC owner is not available, the PC owner may make some replies when I am not available.

 

While I had not yet tried SUPERAntiSpyware or GMER, I did perform two full system scans with Malwarebytes Anti-Malware, previously.  I have not been around when they finished.  After the first scan I was told by the PC owner that the log had a problem saving, but there may have been two items in it (I do not know what).  The second time, I did get to see the log and there were zero detections.  If I remember correctly, the second full system scan's log claimed it took around 18 hours.  That was two weeks ago, but to my knowledge the PC owner has kept the computer disconnected from any network (Ethernet cable unplugged from the PC, no wireless card to worry about) during that time except while we were creating the BleepingComputer account.  Would you still want another MBAM scan, or just that log? If it's a scan we can avoid repeating, we can move onto the other two that much sooner.

 

I was also wondering if you could tell me whether these tools can read the TDSS file system detected in the MBR Scan section of the log from TDSSKiller?  That's just my curiosity, though.



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:53 AM

Posted 02 October 2013 - 12:20 AM

It all depends on how the root kit is behaving and what rootkit it is. What was detected using TDSS Killer? Can you post that log?

#5 afewproblems

afewproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 02 October 2013 - 08:22 PM

Here are the logs, first the log from Malwarebytes Anti-Malware from the second time we ran it, then the log for TDSSKiller, which seems to have been in two parts.  We shall start running SUPERAnti Spyware soon.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.11.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-VP7X3S9CTM [administrator]

9/14/2013 11:47:55 PM
mbam-log-2013-09-14 (23-47-55).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 411262
Time elapsed: 18 hour(s), 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

20:33:37.0718 0348  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:33:37.0750 0348  ============================================================
20:33:37.0750 0348  Current date / time: 2013/09/16 20:33:37.0750
20:33:37.0750 0348  SystemInfo:
20:33:37.0750 0348 
20:33:37.0750 0348  OS Version: 5.1.2600 ServicePack: 3.0
20:33:37.0750 0348  Product type: Workstation
20:33:37.0750 0348  ComputerName: YOUR-VP7X3S9CTM
20:33:37.0750 0348  UserName: Owner
20:33:37.0750 0348  Windows directory: C:\WINDOWS
20:33:37.0750 0348  System windows directory: C:\WINDOWS
20:33:37.0750 0348  Processor architecture: Intel x86
20:33:37.0750 0348  Number of processors: 1
20:33:37.0750 0348  Page size: 0x1000
20:33:37.0750 0348  Boot type: Normal boot
20:33:37.0750 0348  ============================================================
20:33:39.0328 0348  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:33:39.0578 0348  ============================================================
20:33:39.0578 0348  \Device\Harddisk0\DR0:
20:33:39.0578 0348  MBR partitions:
20:33:39.0578 0348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x996C51
20:33:39.0578 0348  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x996C90, BlocksNum 0x1207DF70
20:33:39.0578 0348  ============================================================
20:33:39.0609 0348  C: <-> \Device\Harddisk0\DR0\Partition2
20:33:39.0609 0348  D: <-> \Device\Harddisk0\DR0\Partition1
20:33:39.0625 0348  ============================================================
20:33:39.0625 0348  Initialize success
20:33:39.0625 0348  ============================================================
20:33:44.0203 4000  Deinitialize success
 

20:34:49.0437 3408  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:34:49.0453 3408  ============================================================
20:34:49.0453 3408  Current date / time: 2013/09/16 20:34:49.0453
20:34:49.0453 3408  SystemInfo:
20:34:49.0453 3408 
20:34:49.0453 3408  OS Version: 5.1.2600 ServicePack: 3.0
20:34:49.0453 3408  Product type: Workstation
20:34:49.0453 3408  ComputerName: YOUR-VP7X3S9CTM
20:34:49.0453 3408  UserName: Owner
20:34:49.0453 3408  Windows directory: C:\WINDOWS
20:34:49.0453 3408  System windows directory: C:\WINDOWS
20:34:49.0453 3408  Processor architecture: Intel x86
20:34:49.0453 3408  Number of processors: 1
20:34:49.0453 3408  Page size: 0x1000
20:34:49.0453 3408  Boot type: Normal boot
20:34:49.0453 3408  ============================================================
20:34:51.0031 3408  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:34:51.0218 3408  ============================================================
20:34:51.0218 3408  \Device\Harddisk0\DR0:
20:34:51.0218 3408  MBR partitions:
20:34:51.0218 3408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x996C51
20:34:51.0218 3408  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x996C90, BlocksNum 0x1207DF70
20:34:51.0218 3408  ============================================================
20:34:51.0250 3408  C: <-> \Device\Harddisk0\DR0\Partition2
20:34:51.0250 3408  D: <-> \Device\Harddisk0\DR0\Partition1
20:34:51.0250 3408  ============================================================
20:34:51.0250 3408  Initialize success
20:34:51.0250 3408  ============================================================
20:36:53.0796 1340  ============================================================
20:36:53.0796 1340  Scan started
20:36:53.0796 1340  Mode: Manual; SigCheck; TDLFS;
20:36:53.0796 1340  ============================================================
20:36:54.0125 1340  ================ Scan system memory ========================
20:36:54.0125 1340  System memory - ok
20:36:54.0140 1340  ================ Scan services =============================
20:36:54.0343 1340  Abiosdsk - ok
20:36:54.0375 1340  abp480n5 - ok
20:36:54.0437 1340  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:36:54.0812 1340  ACPI - ok
20:36:54.0859 1340  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:36:55.0015 1340  ACPIEC - ok
20:36:55.0109 1340  [ 7BBAF543CABE8A8D275BC7F6C66C1959 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:36:55.0140 1340  AdobeFlashPlayerUpdateSvc - ok
20:36:55.0156 1340  adpu160m - ok
20:36:55.0218 1340  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:36:55.0390 1340  aec - ok
20:36:55.0453 1340  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:36:55.0546 1340  AFD - ok
20:36:55.0593 1340  [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K           C:\WINDOWS\system32\drivers\AFS2K.sys
20:36:55.0640 1340  AFS2K - ok
20:36:55.0734 1340  [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:36:55.0875 1340  AgereSoftModem - ok
20:36:55.0906 1340  Aha154x - ok
20:36:55.0937 1340  aic78u2 - ok
20:36:55.0968 1340  aic78xx - ok
20:36:56.0031 1340  [ FBBCB95F677CBAA924140B6EA2D9A97B ] ALCXSENS        C:\WINDOWS\system32\drivers\ALCXSENS.SYS
20:36:56.0109 1340  ALCXSENS - ok
20:36:56.0234 1340  [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:36:56.0421 1340  ALCXWDM - ok
20:36:56.0500 1340  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:36:56.0671 1340  Alerter - ok
20:36:56.0703 1340  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
20:36:56.0859 1340  ALG - ok
20:36:56.0875 1340  AliIde - ok
20:36:56.0937 1340  [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7           C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:36:57.0093 1340  AmdK7 - ok
20:36:57.0109 1340  amsint - ok
20:36:57.0234 1340  [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:36:57.0250 1340  Apple Mobile Device - ok
20:36:57.0265 1340  AppMgmt - ok
20:36:57.0312 1340  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:36:57.0484 1340  Arp1394 - ok
20:36:57.0500 1340  asc - ok
20:36:57.0531 1340  asc3350p - ok
20:36:57.0562 1340  asc3550 - ok
20:36:57.0703 1340  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:36:57.0734 1340  aspnet_state - ok
20:36:57.0781 1340  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:36:57.0953 1340  AsyncMac - ok
20:36:58.0000 1340  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:36:58.0156 1340  atapi - ok
20:36:58.0171 1340  Atdisk - ok
20:36:58.0218 1340  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:36:58.0390 1340  Atmarpc - ok
20:36:58.0437 1340  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:36:58.0593 1340  AudioSrv - ok
20:36:58.0625 1340  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:36:58.0828 1340  audstub - ok
20:36:58.0875 1340  [ D39A1C2FB0486D55F2CFBB4359363788 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
20:36:58.0937 1340  Avgdiskx - ok
20:36:58.0968 1340  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:36:58.0984 1340  Avgfwdx - ok
20:36:59.0000 1340  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:36:59.0031 1340  Avgfwfd - ok
20:36:59.0140 1340  [ C2327E22FE6525DDFDB1DC522CAA7EDE ] avgfws          C:\Program Files\AVG\AVG2014\avgfws.exe
20:36:59.0250 1340  avgfws - ok
20:36:59.0390 1340  [ F0EFB3F533DF6C153033211889023905 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
20:36:59.0640 1340  AVGIDSAgent - ok
20:36:59.0703 1340  [ 7AE7C4B6D43CDBB26EA3C54D4FCF158D ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:36:59.0718 1340  AVGIDSDriver - ok
20:36:59.0765 1340  [ 497AF53B32C7F3685D7AA1A15C2638D7 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:36:59.0796 1340  AVGIDSHX - ok
20:36:59.0828 1340  [ 24ACC517D260BCE160D030BC26A6454C ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:36:59.0859 1340  AVGIDSShim - ok
20:36:59.0875 1340  [ 819099E43D54BF21D22A5F3CC164D02F ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:36:59.0906 1340  Avgldx86 - ok
20:36:59.0937 1340  [ 6F44DF68CE52F171BFC77287EDA3A79F ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
20:36:59.0968 1340  Avglogx - ok
20:37:00.0000 1340  [ 02C25C2974F728391E33A2E45A23FFA4 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:37:00.0015 1340  Avgmfx86 - ok
20:37:00.0046 1340  [ 1B1885BB91FA122C983A03C0A67CBEB6 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:37:00.0078 1340  Avgrkx86 - ok
20:37:00.0093 1340  [ E98603F9D1F412F38ADF2F76053F9E5A ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:37:00.0125 1340  Avgtdix - ok
20:37:00.0187 1340  [ C760DB4EBFED4409638070B1BEBE6C34 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
20:37:00.0218 1340  avgtp - ok
20:37:00.0265 1340  [ 19781AE826FD0A14BE5B583408C6185F ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
20:37:00.0296 1340  avgwd - ok
20:37:00.0359 1340  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:37:00.0578 1340  Beep - ok
20:37:00.0640 1340  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:37:00.0843 1340  BITS - ok
20:37:00.0890 1340  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:37:00.0921 1340  Bonjour Service - ok
20:37:00.0968 1340  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
20:37:01.0062 1340  Browser - ok
20:37:01.0078 1340  catchme - ok
20:37:01.0125 1340  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:37:01.0328 1340  cbidf2k - ok
20:37:01.0359 1340  cd20xrnt - ok
20:37:01.0390 1340  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:37:01.0625 1340  Cdaudio - ok
20:37:01.0687 1340  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:37:01.0859 1340  Cdfs - ok
20:37:01.0890 1340  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:37:02.0062 1340  Cdrom - ok
20:37:02.0078 1340  Changer - ok
20:37:02.0125 1340  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:37:02.0296 1340  CiSvc - ok
20:37:02.0328 1340  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:37:02.0500 1340  ClipSrv - ok
20:37:02.0562 1340  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:02.0593 1340  clr_optimization_v2.0.50727_32 - ok
20:37:02.0625 1340  CmdIde - ok
20:37:02.0640 1340  COMSysApp - ok
20:37:02.0687 1340  Cpqarray - ok
20:37:02.0734 1340  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:37:02.0890 1340  CryptSvc - ok
20:37:02.0921 1340  dac2w2k - ok
20:37:02.0968 1340  dac960nt - ok
20:37:03.0031 1340  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:37:03.0125 1340  DcomLaunch - ok
20:37:03.0171 1340  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:37:03.0343 1340  Dhcp - ok
20:37:03.0375 1340  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:37:03.0562 1340  Disk - ok
20:37:03.0578 1340  dmadmin - ok
20:37:03.0640 1340  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:37:03.0859 1340  dmboot - ok
20:37:03.0890 1340  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:37:04.0062 1340  dmio - ok
20:37:04.0109 1340  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:37:04.0312 1340  dmload - ok
20:37:04.0375 1340  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:37:04.0546 1340  dmserver - ok
20:37:04.0578 1340  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:37:04.0765 1340  DMusic - ok
20:37:04.0796 1340  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:37:04.0906 1340  Dnscache - ok
20:37:04.0968 1340  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:37:05.0109 1340  Dot3svc - ok
20:37:05.0140 1340  dpti2o - ok
20:37:05.0171 1340  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:37:05.0359 1340  drmkaud - ok
20:37:05.0406 1340  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:37:05.0562 1340  EapHost - ok
20:37:05.0625 1340  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:37:05.0796 1340  ERSvc - ok
20:37:05.0843 1340  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
20:37:05.0859 1340  Eventlog - ok
20:37:05.0921 1340  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
20:37:05.0968 1340  EventSystem - ok
20:37:06.0000 1340  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:37:06.0140 1340  Fastfat - ok
20:37:06.0171 1340  [ 1E580770BDECE924494B368AC980749E ] fasttx2k        C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
20:37:06.0218 1340  fasttx2k - ok
20:37:06.0265 1340  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:37:06.0343 1340  FastUserSwitchingCompatibility - ok
20:37:06.0390 1340  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:37:06.0578 1340  Fax - ok
20:37:06.0625 1340  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:37:06.0781 1340  Fdc - ok
20:37:06.0828 1340  [ CFC4CC73C903152A23E1DB28EABA1F03 ] FETND5BV        C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:37:06.0890 1340  FETND5BV - ok
20:37:06.0937 1340  [ B7186B33B6CF3A23841015531E6E7D68 ] FETNDISB        C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
20:37:06.0953 1340  FETNDISB - ok
20:37:06.0984 1340  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:37:07.0125 1340  Fips - ok
20:37:07.0156 1340  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:37:07.0328 1340  Flpydisk - ok
20:37:07.0375 1340  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:37:07.0546 1340  FltMgr - ok
20:37:07.0625 1340  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:37:07.0640 1340  FontCache3.0.0.0 - ok
20:37:07.0671 1340  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:37:07.0890 1340  Fs_Rec - ok
20:37:07.0937 1340  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:37:08.0187 1340  Ftdisk - ok
20:37:08.0250 1340  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:37:08.0265 1340  GEARAspiWDM - ok
20:37:08.0328 1340  [ 35A1F815962F3552066C6BE4C969D297 ] getPlus® Helper C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
20:37:08.0343 1340  getPlus® Helper - ok
20:37:08.0390 1340  [ F0187E45268E86AAAA932CBD9087BEA8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:37:08.0406 1340  GoogleDesktopManager-110309-193829 - ok
20:37:08.0453 1340  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:37:08.0640 1340  Gpc - ok
20:37:08.0703 1340  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:37:08.0859 1340  helpsvc - ok
20:37:08.0875 1340  HidServ - ok
20:37:08.0937 1340  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:37:09.0078 1340  HidUsb - ok
20:37:09.0156 1340  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:37:09.0312 1340  hkmsvc - ok
20:37:09.0343 1340  hpn - ok
20:37:09.0375 1340  HPZid412 - ok
20:37:09.0406 1340  HPZipr12 - ok
20:37:09.0484 1340  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:37:09.0515 1340  HPZius12 ( UnsignedFile.Multi.Generic ) - warning
20:37:09.0515 1340  HPZius12 - detected UnsignedFile.Multi.Generic (1)
20:37:09.0578 1340  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:37:09.0625 1340  HTTP - ok
20:37:09.0656 1340  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:37:09.0828 1340  HTTPFilter - ok
20:37:09.0843 1340  i2omgmt - ok
20:37:09.0875 1340  i2omp - ok
20:37:09.0921 1340  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:37:10.0078 1340  i8042prt - ok
20:37:10.0156 1340  [ DA58A8BE6A445835F603720C4BC8837E ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:37:10.0234 1340  ialm ( UnsignedFile.Multi.Generic ) - warning
20:37:10.0234 1340  ialm - detected UnsignedFile.Multi.Generic (1)
20:37:10.0328 1340  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:37:10.0406 1340  idsvc - ok
20:37:10.0437 1340  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:37:10.0625 1340  Imapi - ok
20:37:10.0671 1340  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:37:10.0843 1340  ImapiService - ok
20:37:10.0875 1340  ini910u - ok
20:37:10.0937 1340  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
20:37:11.0109 1340  IntelIde - ok
20:37:11.0156 1340  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:37:11.0296 1340  intelppm - ok
20:37:11.0328 1340  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:37:11.0468 1340  ip6fw - ok
20:37:11.0500 1340  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:37:11.0750 1340  IpFilterDriver - ok
20:37:11.0796 1340  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:37:11.0953 1340  IpInIp - ok
20:37:11.0984 1340  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:37:12.0156 1340  IpNat - ok
20:37:12.0234 1340  [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:37:12.0281 1340  iPod Service - ok
20:37:12.0328 1340  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:37:12.0468 1340  IPSec - ok
20:37:12.0500 1340  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:37:12.0671 1340  IRENUM - ok
20:37:12.0734 1340  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:37:12.0890 1340  isapnp - ok
20:37:12.0953 1340  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
20:37:12.0968 1340  Iviaspi ( UnsignedFile.Multi.Generic ) - warning
20:37:12.0968 1340  Iviaspi - detected UnsignedFile.Multi.Generic (1)
20:37:13.0093 1340  [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:37:13.0109 1340  JavaQuickStarterService - ok
20:37:13.0140 1340  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:37:13.0281 1340  Kbdclass - ok
20:37:13.0328 1340  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:37:13.0484 1340  kmixer - ok
20:37:13.0515 1340  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:37:13.0578 1340  KSecDD - ok
20:37:13.0625 1340  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:37:13.0687 1340  lanmanserver - ok
20:37:13.0750 1340  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:37:13.0781 1340  lanmanworkstation - ok
20:37:13.0812 1340  lbrtfdc - ok
20:37:13.0875 1340  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:37:14.0031 1340  LmHosts - ok
20:37:14.0093 1340  [ 622FCF264119F7DF127BE353F796B319 ] MapsGalaxy_39Service C:\PROGRA~1\MAPSGA~2\bar\1.bin\39barsvc.exe
20:37:14.0125 1340  MapsGalaxy_39Service - ok
20:37:14.0171 1340  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:37:14.0328 1340  Messenger - ok
20:37:14.0375 1340  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:37:14.0625 1340  mnmdd - ok
20:37:14.0656 1340  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
20:37:14.0828 1340  mnmsrvc - ok
20:37:14.0859 1340  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:37:15.0031 1340  Modem - ok
20:37:15.0078 1340  [ 111A023266532C621EE69AE96E47081E ] MonitorFunction C:\WINDOWS\system32\DRIVERS\TVMonitor.sys
20:37:15.0093 1340  MonitorFunction - ok
20:37:15.0125 1340  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:37:15.0281 1340  Mouclass - ok
20:37:15.0328 1340  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:37:15.0578 1340  mouhid - ok
20:37:15.0609 1340  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:37:15.0750 1340  MountMgr - ok
20:37:15.0796 1340  [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:37:15.0828 1340  MpFilter - ok
20:37:15.0859 1340  mraid35x - ok
20:37:15.0906 1340  mrtRate - ok
20:37:15.0953 1340  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:37:16.0109 1340  MRxDAV - ok
20:37:16.0156 1340  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:37:16.0250 1340  MRxSmb - ok
20:37:16.0296 1340  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:37:16.0453 1340  MSDTC - ok
20:37:16.0484 1340  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:37:16.0656 1340  Msfs - ok
20:37:16.0671 1340  MSIServer - ok
20:37:16.0718 1340  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:37:16.0859 1340  MSKSSRV - ok
20:37:16.0937 1340  [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:37:16.0968 1340  MsMpSvc - ok
20:37:17.0000 1340  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:37:17.0140 1340  MSPCLOCK - ok
20:37:17.0187 1340  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:37:17.0328 1340  MSPQM - ok
20:37:17.0375 1340  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:37:17.0531 1340  mssmbios - ok
20:37:17.0562 1340  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:37:17.0609 1340  Mup - ok
20:37:17.0671 1340  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:37:17.0843 1340  napagent - ok
20:37:17.0906 1340  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:37:18.0062 1340  NDIS - ok
20:37:18.0109 1340  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:37:18.0171 1340  NdisTapi - ok
20:37:18.0203 1340  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:37:18.0343 1340  Ndisuio - ok
20:37:18.0359 1340  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:37:18.0546 1340  NdisWan - ok
20:37:18.0578 1340  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:37:18.0625 1340  NDProxy - ok
20:37:18.0656 1340  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\System32\HPZinw12.dll
20:37:18.0687 1340  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:37:18.0687 1340  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:37:18.0750 1340  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:37:18.0890 1340  NetBIOS - ok
20:37:18.0937 1340  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:37:19.0093 1340  NetBT - ok
20:37:19.0140 1340  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:37:19.0312 1340  NetDDE - ok
20:37:19.0328 1340  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:37:19.0484 1340  NetDDEdsdm - ok
20:37:19.0546 1340  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:37:19.0687 1340  Netlogon - ok
20:37:19.0750 1340  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
20:37:19.0937 1340  Netman - ok
20:37:19.0984 1340  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:20.0000 1340  NetTcpPortSharing - ok
20:37:20.0046 1340  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:37:20.0171 1340  NIC1394 - ok
20:37:20.0218 1340  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:37:20.0281 1340  Nla - ok
20:37:20.0343 1340  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:37:20.0500 1340  Npfs - ok
20:37:20.0546 1340  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:37:20.0703 1340  Ntfs - ok
20:37:20.0734 1340  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
20:37:20.0875 1340  NtLmSsp - ok
20:37:20.0921 1340  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:37:21.0093 1340  NtmsSvc - ok
20:37:21.0140 1340  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:37:21.0375 1340  Null - ok
20:37:21.0859 1340  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:37:22.0750 1340  nv - ok
20:37:22.0812 1340  [ 42321AC5448078131903B272E6C49024 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:37:22.0875 1340  NVSvc - ok
20:37:22.0906 1340  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:37:23.0156 1340  NwlnkFlt - ok
20:37:23.0203 1340  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:37:23.0437 1340  NwlnkFwd - ok
20:37:23.0468 1340  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:37:23.0640 1340  ohci1394 - ok
20:37:23.0718 1340  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:37:23.0750 1340  ose - ok
20:37:23.0984 1340  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:37:24.0328 1340  osppsvc - ok
20:37:24.0390 1340  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:37:24.0562 1340  Parport - ok
20:37:24.0593 1340  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:37:24.0750 1340  PartMgr - ok
20:37:24.0796 1340  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:37:25.0046 1340  ParVdm - ok
20:37:25.0062 1340  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:37:25.0203 1340  PCI - ok
20:37:25.0218 1340  PCIDump - ok
20:37:25.0265 1340  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:37:25.0531 1340  PCIIde - ok
20:37:25.0562 1340  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:37:25.0703 1340  Pcmcia - ok
20:37:25.0718 1340  PDCOMP - ok
20:37:25.0750 1340  PDFRAME - ok
20:37:25.0765 1340  PDRELI - ok
20:37:25.0796 1340  PDRFRAME - ok
20:37:25.0828 1340  perc2 - ok
20:37:25.0859 1340  perc2hib - ok
20:37:25.0953 1340  [ 444F122E68DB44C0589227781F3C8B3F ] Pfc             C:\WINDOWS\system32\drivers\pfc.sys
20:37:25.0968 1340  Pfc ( UnsignedFile.Multi.Generic ) - warning
20:37:25.0968 1340  Pfc - detected UnsignedFile.Multi.Generic (1)
20:37:26.0015 1340  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:37:26.0046 1340  PlugPlay - ok
20:37:26.0093 1340  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.dll
20:37:26.0093 1340  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:37:26.0093 1340  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:37:26.0109 1340  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:37:26.0250 1340  PolicyAgent - ok
20:37:26.0281 1340  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:37:26.0437 1340  PptpMiniport - ok
20:37:26.0468 1340  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:37:26.0640 1340  Processor - ok
20:37:26.0671 1340  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:37:26.0812 1340  ProtectedStorage - ok
20:37:26.0859 1340  [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys
20:37:26.0906 1340  Ps2 - ok
20:37:26.0921 1340  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:37:27.0078 1340  PSched - ok
20:37:27.0109 1340  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:37:27.0375 1340  Ptilink - ok
20:37:27.0421 1340  [ FD9D44EC6D99EDFA3782F870B7E00682 ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:37:27.0437 1340  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:37:27.0437 1340  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:37:27.0515 1340  [ 27D23B40D5DFCFC27310EDC67B0F50E7 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
20:37:27.0531 1340  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
20:37:27.0531 1340  QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
20:37:27.0578 1340  [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
20:37:27.0609 1340  QBFCService ( UnsignedFile.Multi.Generic ) - warning
20:37:27.0609 1340  QBFCService - detected UnsignedFile.Multi.Generic (1)
20:37:27.0625 1340  ql1080 - ok
20:37:27.0656 1340  Ql10wnt - ok
20:37:27.0687 1340  ql12160 - ok
20:37:27.0718 1340  ql1240 - ok
20:37:27.0750 1340  ql1280 - ok
20:37:27.0781 1340  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:37:27.0984 1340  RasAcd - ok
20:37:28.0078 1340  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:37:28.0218 1340  RasAuto - ok
20:37:28.0265 1340  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:37:28.0406 1340  Rasl2tp - ok
20:37:28.0484 1340  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:37:28.0640 1340  RasMan - ok
20:37:28.0671 1340  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:37:28.0812 1340  RasPppoe - ok
20:37:28.0843 1340  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:37:29.0093 1340  Raspti - ok
20:37:29.0156 1340  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:37:29.0312 1340  Rdbss - ok
20:37:29.0359 1340  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:37:29.0609 1340  RDPCDD - ok
20:37:29.0687 1340  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:37:29.0765 1340  RDPWD - ok
20:37:29.0812 1340  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:37:29.0984 1340  RDSessMgr - ok
20:37:30.0015 1340  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:37:30.0171 1340  redbook - ok
20:37:30.0250 1340  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:37:30.0406 1340  RemoteAccess - ok
20:37:30.0437 1340  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
20:37:30.0593 1340  RpcLocator - ok
20:37:30.0640 1340  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:37:30.0671 1340  RpcSs - ok
20:37:30.0734 1340  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
20:37:30.0968 1340  RSVP - ok
20:37:31.0031 1340  [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139         C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
20:37:31.0078 1340  rtl8139 - ok
20:37:31.0187 1340  S3chipid - ok
20:37:31.0218 1340  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:37:31.0375 1340  SamSs - ok
20:37:31.0421 1340  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:37:31.0609 1340  SCardSvr - ok
20:37:31.0671 1340  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:37:31.0843 1340  Schedule - ok
20:37:31.0890 1340  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:37:32.0046 1340  Secdrv - ok
20:37:32.0078 1340  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:37:32.0203 1340  seclogon - ok
20:37:32.0234 1340  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
20:37:32.0390 1340  SENS - ok
20:37:32.0437 1340  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:37:32.0593 1340  Serenum - ok
20:37:32.0625 1340  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:37:32.0765 1340  Serial - ok
20:37:32.0828 1340  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:37:32.0968 1340  Sfloppy - ok
20:37:33.0031 1340  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:37:33.0203 1340  SharedAccess - ok
20:37:33.0250 1340  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:37:33.0265 1340  ShellHWDetection - ok
20:37:33.0296 1340  Simbad - ok
20:37:33.0375 1340  [ 94F6EEA8A688A37F71BF9C9AEAA42666 ] SiS315          C:\WINDOWS\system32\DRIVERS\sisgrp.sys
20:37:33.0453 1340  SiS315 - ok
20:37:33.0484 1340  [ 61CA562DEF09A782D26B3E7EDEC5369A ] SISAGP          C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:37:33.0515 1340  SISAGP - ok
20:37:33.0546 1340  [ 837D26F79A1647066D75C5C811887475 ] SiSkp           C:\WINDOWS\system32\DRIVERS\srvkp.sys
20:37:33.0562 1340  SiSkp - ok
20:37:33.0593 1340  Sparrow - ok
20:37:33.0625 1340  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:37:33.0781 1340  splitter - ok
20:37:33.0828 1340  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:37:33.0859 1340  Spooler - ok
20:37:33.0890 1340  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:37:34.0031 1340  sr - ok
20:37:34.0093 1340  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:37:34.0250 1340  srservice - ok
20:37:34.0312 1340  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:37:34.0375 1340  Srv - ok
20:37:34.0406 1340  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:37:34.0562 1340  SSDPSRV - ok
20:37:34.0609 1340  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:37:34.0812 1340  stisvc - ok
20:37:34.0859 1340  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:37:35.0000 1340  swenum - ok
20:37:35.0031 1340  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:37:35.0171 1340  swmidi - ok
20:37:35.0203 1340  SwPrv - ok
20:37:35.0250 1340  symc810 - ok
20:37:35.0281 1340  symc8xx - ok
20:37:35.0312 1340  sym_hi - ok
20:37:35.0343 1340  sym_u3 - ok
20:37:35.0375 1340  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:37:35.0531 1340  sysaudio - ok
20:37:35.0562 1340  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:37:35.0718 1340  SysmonLog - ok
20:37:35.0765 1340  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:37:35.0921 1340  TapiSrv - ok
20:37:36.0000 1340  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:37:36.0062 1340  Tcpip - ok
20:37:36.0093 1340  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:37:36.0250 1340  TDPIPE - ok
20:37:36.0296 1340  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:37:36.0453 1340  TDTCP - ok
20:37:36.0500 1340  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:37:36.0656 1340  TermDD - ok
20:37:36.0718 1340  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
20:37:36.0875 1340  TermService - ok
20:37:36.0906 1340  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:37:36.0937 1340  Themes - ok
20:37:36.0984 1340  TosIde - ok
20:37:37.0031 1340  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:37:37.0187 1340  TrkWks - ok
20:37:37.0234 1340  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:37:37.0375 1340  Udfs - ok
20:37:37.0390 1340  ultra - ok
20:37:37.0437 1340  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:37:37.0593 1340  Update - ok
20:37:37.0640 1340  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:37:37.0796 1340  upnphost - ok
20:37:37.0843 1340  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
20:37:38.0000 1340  UPS - ok
20:37:38.0046 1340  [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:37:38.0109 1340  USBAAPL - ok
20:37:38.0171 1340  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:37:38.0312 1340  usbccgp - ok
20:37:38.0359 1340  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:37:38.0515 1340  usbehci - ok
20:37:38.0562 1340  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:37:38.0703 1340  usbhub - ok
20:37:38.0750 1340  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:37:38.0890 1340  usbohci - ok
20:37:38.0906 1340  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:37:39.0062 1340  usbprint - ok
20:37:39.0093 1340  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:37:39.0234 1340  usbscan - ok
20:37:39.0250 1340  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:37:39.0390 1340  USBSTOR - ok
20:37:39.0437 1340  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:37:39.0593 1340  usbuhci - ok
20:37:39.0625 1340  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:37:39.0781 1340  VgaSave - ok
20:37:39.0828 1340  [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1         C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:37:39.0859 1340  viaagp1 - ok
20:37:39.0906 1340  [ 949F86F5A8E493574BBB830C3D18E4A9 ] viagfx          C:\WINDOWS\system32\DRIVERS\vtmini.sys
20:37:39.0968 1340  viagfx - ok
20:37:39.0984 1340  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
20:37:40.0156 1340  ViaIde - ok
20:37:40.0203 1340  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:37:40.0328 1340  VolSnap - ok
20:37:40.0406 1340  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
20:37:40.0562 1340  VSS - ok
20:37:40.0671 1340  [ DCE9CC4129E1DAC6AAE25C6050E20A16 ] vToolbarUpdater15.5.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
20:37:40.0812 1340  vToolbarUpdater15.5.0 - ok
20:37:40.0843 1340  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:37:41.0000 1340  W32Time - ok
20:37:41.0031 1340  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:37:41.0203 1340  Wanarp - ok
20:37:41.0218 1340  WDICA - ok
20:37:41.0265 1340  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:37:41.0421 1340  wdmaud - ok
20:37:41.0468 1340  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:37:41.0640 1340  WebClient - ok
20:37:41.0734 1340  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:37:41.0875 1340  winmgmt - ok
20:37:41.0937 1340  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:37:42.0000 1340  WmdmPmSN - ok
20:37:42.0078 1340  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:37:42.0234 1340  WmiApSrv - ok
20:37:42.0312 1340  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:37:42.0421 1340  WMPNetworkSvc - ok
20:37:42.0500 1340  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:37:42.0640 1340  wscsvc - ok
20:37:42.0671 1340  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:37:42.0828 1340  wuauserv - ok
20:37:42.0875 1340  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:37:42.0937 1340  WudfPf - ok
20:37:42.0984 1340  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:37:43.0015 1340  WudfRd - ok
20:37:43.0031 1340  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:37:43.0078 1340  WudfSvc - ok
20:37:43.0140 1340  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:37:43.0343 1340  WZCSVC - ok
20:37:43.0390 1340  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:37:43.0531 1340  xmlprov - ok
20:37:43.0593 1340  ================ Scan global ===============================
20:37:43.0640 1340  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:37:43.0687 1340  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:37:43.0718 1340  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:37:43.0765 1340  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:37:43.0765 1340  [Global] - ok
20:37:43.0781 1340  ================ Scan MBR ==================================
20:37:43.0812 1340  [ BAD0263FBE81B49F5F07B32DC9D198B3 ] \Device\Harddisk0\DR0
20:37:43.0984 1340  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:37:43.0984 1340  \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:37:43.0984 1340  ================ Scan VBR ==================================
20:37:44.0015 1340  [ 35452D34D007F7A3DCEE876E77532DD7 ] \Device\Harddisk0\DR0\Partition1
20:37:44.0015 1340  \Device\Harddisk0\DR0\Partition1 - ok
20:37:44.0062 1340  [ C29BC4AC57EC6B02CAD635CCDB01C0DD ] \Device\Harddisk0\DR0\Partition2
20:37:44.0062 1340  \Device\Harddisk0\DR0\Partition2 - ok
20:37:44.0078 1340  ============================================================
20:37:44.0078 1340  Scan finished
20:37:44.0078 1340  ============================================================
20:37:44.0218 2556  Detected object count: 10
20:37:44.0218 2556  Actual detected object count: 10
20:50:06.0937 2556  HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0937 2556  HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0937 2556  ialm ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0937 2556  ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0937 2556  Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0937 2556  Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0937 2556  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0937 2556  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0953 2556  Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0953 2556  Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0953 2556  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0953 2556  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0953 2556  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0953 2556  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0953 2556  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0953 2556  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0968 2556  QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:06.0968 2556  QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:06.0968 2556  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:50:06.0968 2556  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:50:11.0140 1244  Deinitialize success
 

 

 



#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:53 AM

Posted 02 October 2013 - 09:12 PM

You have been infected with a TDSS Rootkit, so Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users