Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: in need of help with malware removal

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    115

    Default in need of help with malware removal

    I am trying to fix my husband's laptop and I have been lucky enough to have benefitted from wonderful help here in the past for another computer in the house so I am looking forward to delving into another "adventure"!
    I have run Microsoft Security Essentials, Spybot, and Malwarebytes AntiMalware scans and have deleted what I could but I am sure there is something lurking in the deep here so I turn to the experts! I ran ERUNT and am including the DDS log here but I'm not sure if I zipped the "attach.txt" file correctly. Please let me know if I need to fix it. Many thanks in advance for your expertise. Any help would be much appreciated!

    DDS txt
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Home at 14:58:43 on 2012-04-12
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.73 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.comcast.net/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\home\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{6F3861E7-6528-4210-A9A9-EE79613318EF} : DhcpNameServer = 192.168.1.1
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    LSA: Notification Packages = scecli scecli
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2012-04-11 23:55:48 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38e91212-b480-4e13-9ae4-f7ed7becc7c4}\offreg.dll
    2012-04-11 23:55:47 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38e91212-b480-4e13-9ae4-f7ed7becc7c4}\MpKsl1d15e7b3.sys
    2012-04-11 21:37:23 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38e91212-b480-4e13-9ae4-f7ed7becc7c4}\mpengine.dll
    2012-04-10 18:41:25 -------- d-----w- c:\documents and settings\home\application data\Malwarebytes
    2012-04-10 18:38:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-04-10 18:38:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-10 18:38:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-09 21:44:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-04-09 21:44:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-04-09 21:36:19 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
    .
    ==================== Find3M ====================
    .
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST94813AS rev.8.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8699549F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8699c740]; MOV EAX, [0x8699c8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D7AAB8]
    3 CLASSPNP[0xF757EFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000074[0x86CEC3B8]
    5 ACPI[0xF7415620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86CEB940]
    \Driver\atapi[0x86BAC518] -> IRP_MJ_CREATE -> 0x8699549F
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x869952C6
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 15:00:59.31 ===============

  2. #2
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi mla34, welcome to the forum.

    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.





    Download the latest version of TDSSKiller from here and save it to your Desktop.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


    • Click the Start Scan button.


    • If a suspicious object is detected, the default action will be Skip, click on Continue.


    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Member of UNITE and ASAP

  3. #3
    Senior Member
    Join Date
    Jan 2010
    Posts
    115

    Default

    Thanks so much for your help. Here is the log from the scan. Want to also mention that after the scan was completed, Microsoft Security Essentials popped up with finding 6 threats, all of which were trojans and wanted to clean. I did not do that since I want to check with you first to see what I should do next. Please let me know if I should ignore the request to clean for now. Thanks again. Maureen

    07:57:34.0453 0860 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    07:57:44.0812 0860 ============================================================
    07:57:44.0812 0860 Current date / time: 2012/04/13 07:57:44.0812
    07:57:44.0812 0860 SystemInfo:
    07:57:44.0812 0860
    07:57:44.0812 0860 OS Version: 5.1.2600 ServicePack: 3.0
    07:57:44.0812 0860 Product type: Workstation
    07:57:44.0906 0860 ComputerName: 8G77SC1
    07:57:44.0968 0860 UserName: Home
    07:57:44.0968 0860 Windows directory: C:\WINDOWS
    07:57:44.0968 0860 System windows directory: C:\WINDOWS
    07:57:44.0968 0860 Processor architecture: Intel x86
    07:57:44.0968 0860 Number of processors: 2
    07:57:44.0968 0860 Page size: 0x1000
    07:57:44.0968 0860 Boot type: Normal boot
    07:57:44.0968 0860 ============================================================
    07:58:59.0375 0860 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    07:58:59.0828 0860 \Device\Harddisk0\DR0:
    07:59:00.0078 0860 MBR used
    07:59:00.0078 0860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
    07:59:00.0671 0860 Initialize success
    07:59:00.0671 0860 ============================================================
    08:00:59.0843 1624 ============================================================
    08:00:59.0968 1624 Scan started
    08:00:59.0968 1624 Mode: Manual; SigCheck; TDLFS;
    08:00:59.0968 1624 ============================================================
    08:01:22.0843 1624 Abiosdsk - ok
    08:01:23.0375 1624 abp480n5 - ok
    08:01:23.0687 1624 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    08:03:32.0890 1624 ACPI - ok
    08:03:34.0343 1624 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    08:05:33.0015 1624 ACPIEC - ok
    08:05:37.0203 1624 adpu160m - ok
    08:05:37.0828 1624 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    08:06:38.0203 1624 aec - ok
    08:06:41.0781 1624 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    08:06:52.0984 1624 AFD - ok
    08:06:56.0718 1624 Aha154x - ok
    08:07:00.0234 1624 aic78u2 - ok
    08:07:01.0765 1624 aic78xx - ok
    08:07:04.0750 1624 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    08:07:37.0968 1624 Alerter - ok
    08:07:38.0968 1624 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    08:08:06.0015 1624 ALG - ok
    08:08:06.0640 1624 AliIde - ok
    08:08:07.0031 1624 amsint - ok
    08:08:07.0421 1624 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    08:08:14.0390 1624 Apple Mobile Device - ok
    08:08:17.0000 1624 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    08:08:19.0484 1624 AppMgmt - ok
    08:08:19.0875 1624 asc - ok
    08:08:20.0078 1624 asc3350p - ok
    08:08:21.0093 1624 asc3550 - ok
    08:08:21.0890 1624 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    08:08:23.0078 1624 AsyncMac - ok
    08:08:24.0156 1624 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    08:08:25.0343 1624 atapi - ok
    08:08:26.0093 1624 Atdisk - ok
    08:08:26.0406 1624 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    08:08:26.0828 1624 Atmarpc - ok
    08:08:27.0421 1624 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    08:08:28.0734 1624 AudioSrv - ok
    08:08:29.0406 1624 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    08:08:29.0625 1624 audstub - ok
    08:08:31.0265 1624 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    08:08:33.0234 1624 b57w2k - ok
    08:08:35.0109 1624 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    08:08:37.0468 1624 BCM43XX - ok
    08:08:39.0671 1624 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    08:08:40.0421 1624 Beep - ok
    08:08:40.0890 1624 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    08:08:43.0906 1624 BITS - ok
    08:08:46.0890 1624 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
    08:08:54.0343 1624 Bonjour Service - ok
    08:08:54.0796 1624 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    08:08:56.0187 1624 Browser - ok
    08:08:57.0328 1624 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    08:08:57.0671 1624 cbidf2k - ok
    08:08:58.0921 1624 cd20xrnt - ok
    08:08:59.0046 1624 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    08:08:59.0312 1624 Cdaudio - ok
    08:08:59.0421 1624 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    08:09:00.0000 1624 Cdfs - ok
    08:09:00.0187 1624 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    08:09:00.0453 1624 Cdrom - ok
    08:09:01.0281 1624 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    08:09:01.0406 1624 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
    08:09:01.0468 1624 cercsr6 - detected UnsignedFile.Multi.Generic (1)
    08:09:02.0156 1624 Changer - ok
    08:09:02.0984 1624 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    08:09:21.0046 1624 CiSvc - ok
    08:09:22.0234 1624 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    08:13:42.0937 1624 ClipSrv - ok
    08:14:41.0890 1624 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    08:14:54.0421 1624 CmBatt - ok
    08:14:56.0281 1624 CmdIde - ok
    08:14:58.0531 1624 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    08:14:59.0078 1624 Compbatt - ok
    08:15:01.0843 1624 COMSysApp - ok
    08:15:02.0109 1624 Cpqarray - ok
    08:15:02.0437 1624 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    08:15:04.0656 1624 CryptSvc - ok
    08:15:04.0812 1624 dac2w2k - ok
    08:15:04.0984 1624 dac960nt - ok
    08:15:05.0375 1624 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    08:15:07.0312 1624 DcomLaunch - ok
    08:15:07.0968 1624 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    08:15:08.0937 1624 Dhcp - ok
    08:15:09.0500 1624 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    08:15:09.0843 1624 Disk - ok
    08:15:10.0031 1624 dmadmin - ok
    08:15:34.0343 1624 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    08:18:09.0953 1624 dmboot - ok
    08:18:29.0750 1624 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    08:20:54.0031 1624 dmio - ok
    08:21:03.0921 1624 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    08:21:27.0828 1624 dmload - ok
    08:21:33.0093 1624 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    08:21:35.0203 1624 dmserver - ok
    08:21:59.0437 1624 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    08:21:59.0750 1624 DMusic - ok
    08:22:00.0531 1624 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    08:22:02.0546 1624 Dnscache - ok
    08:22:03.0171 1624 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    08:22:05.0265 1624 Dot3svc - ok
    08:22:05.0843 1624 dpti2o - ok
    08:22:06.0171 1624 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    08:22:06.0468 1624 drmkaud - ok
    08:22:06.0890 1624 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    08:22:07.0890 1624 EapHost - ok
    08:22:08.0765 1624 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    08:22:09.0187 1624 ERSvc - ok
    08:22:10.0984 1624 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    08:22:12.0656 1624 Eventlog - ok
    08:22:12.0984 1624 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    08:22:14.0234 1624 EventSystem - ok
    08:22:16.0218 1624 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    08:22:16.0609 1624 Fastfat - ok
    08:22:17.0093 1624 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    08:22:17.0562 1624 FastUserSwitchingCompatibility - ok
    08:22:18.0218 1624 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    08:22:18.0687 1624 Fdc - ok
    08:22:20.0031 1624 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    08:22:20.0296 1624 Fips - ok
    08:22:20.0984 1624 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    08:22:21.0343 1624 Flpydisk - ok
    08:22:22.0656 1624 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    08:22:22.0937 1624 FltMgr - ok
    08:22:23.0812 1624 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    08:22:24.0031 1624 Fs_Rec - ok
    08:22:24.0984 1624 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    08:22:25.0421 1624 Ftdisk - ok
    08:22:26.0328 1624 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    08:22:26.0656 1624 GEARAspiWDM - ok
    08:22:27.0156 1624 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    08:22:27.0671 1624 Gpc - ok
    08:22:28.0453 1624 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    08:22:28.0796 1624 HDAudBus - ok
    08:22:29.0203 1624 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    08:22:29.0609 1624 helpsvc - ok
    08:22:29.0984 1624 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    08:22:30.0296 1624 HidServ - ok
    08:22:30.0953 1624 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    08:22:31.0218 1624 HidUsb - ok
    08:22:33.0578 1624 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    08:22:34.0125 1624 hkmsvc - ok
    08:22:35.0781 1624 hpn - ok
    08:22:36.0750 1624 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    08:22:38.0171 1624 HSF_DPV - ok
    08:22:39.0531 1624 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    08:22:40.0062 1624 HSXHWAZL - ok
    08:22:42.0046 1624 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    08:22:42.0750 1624 HTTP - ok
    08:22:43.0734 1624 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    08:22:44.0015 1624 HTTPFilter - ok
    08:22:44.0750 1624 i2omgmt - ok
    08:22:45.0781 1624 i2omp - ok
    08:22:46.0171 1624 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    08:22:46.0671 1624 i8042prt - ok
    08:22:48.0171 1624 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    08:22:50.0015 1624 ialm - ok
    08:22:51.0906 1624 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    08:22:52.0125 1624 Imapi - ok
    08:22:52.0812 1624 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    08:22:53.0421 1624 ImapiService - ok
    08:22:54.0203 1624 ini910u - ok
    08:22:54.0984 1624 IntelIde - ok
    08:22:56.0515 1624 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    08:22:56.0750 1624 intelppm - ok
    08:22:58.0328 1624 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    08:22:58.0578 1624 Ip6Fw - ok
    08:22:59.0125 1624 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    08:22:59.0484 1624 IpFilterDriver - ok
    08:23:00.0500 1624 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    08:23:00.0843 1624 IpInIp - ok
    08:23:01.0156 1624 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    08:23:01.0328 1624 IpNat - ok
    08:23:02.0781 1624 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
    08:23:06.0000 1624 iPod Service - ok
    08:23:06.0734 1624 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    08:23:07.0140 1624 IPSec - ok
    08:23:08.0890 1624 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    08:23:09.0093 1624 IRENUM - ok
    08:23:10.0578 1624 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    08:23:10.0921 1624 isapnp - ok
    08:23:17.0640 1624 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
    08:23:20.0359 1624 JavaQuickStarterService - ok
    08:23:21.0281 1624 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    08:23:21.0484 1624 Kbdclass - ok
    08:23:25.0484 1624 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    08:23:25.0953 1624 kmixer - ok
    08:23:33.0625 1624 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    08:23:34.0093 1624 KSecDD - ok
    08:23:35.0343 1624 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    08:23:35.0765 1624 lanmanserver - ok
    08:23:37.0250 1624 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    08:23:37.0656 1624 lanmanworkstation - ok
    08:23:38.0703 1624 lbrtfdc - ok
    08:23:40.0484 1624 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    08:23:54.0187 1624 LmHosts - ok
    08:23:55.0671 1624 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    08:23:55.0843 1624 mdmxsdk - ok
    08:23:55.0937 1624 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    08:23:56.0125 1624 Messenger - ok
    08:23:56.0171 1624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    08:23:56.0390 1624 mnmdd - ok
    08:23:56.0437 1624 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    08:23:57.0078 1624 mnmsrvc - ok
    08:23:57.0203 1624 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    08:23:57.0453 1624 Modem - ok
    08:23:57.0515 1624 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    08:23:57.0718 1624 Mouclass - ok
    08:23:58.0000 1624 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    08:23:58.0171 1624 mouhid - ok
    08:23:58.0296 1624 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    08:23:58.0468 1624 MountMgr - ok
    08:23:58.0593 1624 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    08:23:58.0875 1624 MpFilter - ok
    08:23:59.0109 1624 MpKslfe37dca4 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{563D876A-1A9B-458C-8DC3-1C982277ED9D}\MpKslfe37dca4.sys
    08:23:59.0406 1624 MpKslfe37dca4 - ok
    08:23:59.0500 1624 mraid35x - ok
    08:23:59.0640 1624 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    08:23:59.0828 1624 MRxDAV - ok
    08:24:00.0015 1624 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    08:24:00.0359 1624 MRxSmb - ok
    08:24:00.0718 1624 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    08:24:01.0812 1624 MSDTC - ok
    08:24:02.0890 1624 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    08:24:03.0062 1624 Msfs - ok
    08:24:03.0625 1624 MSIServer - ok
    08:24:04.0062 1624 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    08:24:04.0328 1624 MSKSSRV - ok
    08:24:05.0250 1624 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    08:24:05.0500 1624 MsMpSvc - ok
    08:24:06.0687 1624 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    08:24:07.0265 1624 MSPCLOCK - ok
    08:24:09.0375 1624 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    08:24:09.0687 1624 MSPQM - ok
    08:24:10.0500 1624 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    08:24:10.0687 1624 mssmbios - ok
    08:24:10.0968 1624 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    08:24:11.0390 1624 Mup - ok
    08:24:12.0046 1624 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    08:24:13.0796 1624 napagent - ok
    08:24:14.0187 1624 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    08:24:15.0390 1624 NDIS - ok
    08:24:17.0187 1624 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    08:24:17.0343 1624 NdisTapi - ok
    08:24:18.0984 1624 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    08:24:29.0187 1624 Ndisuio - ok
    08:24:30.0593 1624 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    08:24:36.0390 1624 NdisWan - ok
    08:24:40.0250 1624 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    08:24:44.0328 1624 NDProxy - ok
    08:24:53.0734 1624 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    08:25:11.0265 1624 NetBIOS - ok
    08:25:14.0265 1624 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    08:25:15.0984 1624 NetBT - ok
    08:25:16.0218 1624 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    08:25:23.0546 1624 NetDDE - ok
    08:25:23.0609 1624 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    08:25:23.0843 1624 NetDDEdsdm - ok
    08:25:23.0937 1624 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    08:25:24.0140 1624 Netlogon - ok
    08:25:24.0250 1624 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    08:25:25.0046 1624 Netman - ok
    08:25:25.0171 1624 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    08:25:25.0578 1624 Nla - ok
    08:25:25.0781 1624 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    08:25:25.0984 1624 Npfs - ok
    08:25:26.0171 1624 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    08:25:26.0406 1624 Ntfs - ok
    08:25:26.0515 1624 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    08:25:26.0656 1624 NtLmSsp - ok
    08:25:26.0890 1624 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    08:25:27.0796 1624 NtmsSvc - ok
    08:25:27.0906 1624 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    08:25:28.0140 1624 Null - ok
    08:25:28.0250 1624 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    08:25:28.0453 1624 NwlnkFlt - ok
    08:25:28.0531 1624 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    08:25:28.0781 1624 NwlnkFwd - ok
    08:25:28.0968 1624 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    08:25:29.0609 1624 odserv - ok
    08:25:29.0796 1624 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    08:25:29.0921 1624 OMCI ( UnsignedFile.Multi.Generic ) - warning
    08:25:29.0968 1624 OMCI - detected UnsignedFile.Multi.Generic (1)
    08:25:30.0109 1624 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    08:25:30.0453 1624 ose - ok
    08:25:30.0578 1624 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    08:25:30.0828 1624 Parport - ok
    08:25:30.0859 1624 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    08:25:31.0015 1624 PartMgr - ok
    08:25:31.0156 1624 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    08:25:31.0312 1624 ParVdm - ok
    08:25:31.0359 1624 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    08:25:31.0546 1624 PCI - ok
    08:25:31.0562 1624 PCIDump - ok
    08:25:31.0593 1624 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    08:25:31.0765 1624 PCIIde - ok
    08:25:31.0921 1624 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    08:25:32.0156 1624 Pcmcia - ok
    08:25:32.0218 1624 PDCOMP - ok
    08:25:32.0234 1624 PDFRAME - ok
    08:25:32.0250 1624 PDRELI - ok
    08:25:32.0265 1624 PDRFRAME - ok
    08:25:32.0281 1624 perc2 - ok
    08:25:32.0296 1624 perc2hib - ok
    08:25:32.0359 1624 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    08:25:32.0656 1624 PlugPlay - ok
    08:25:32.0750 1624 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    08:25:32.0968 1624 PolicyAgent - ok
    08:25:33.0078 1624 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    08:25:33.0218 1624 PptpMiniport - ok
    08:25:33.0421 1624 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    08:25:33.0546 1624 ProtectedStorage - ok
    08:25:33.0750 1624 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    08:25:34.0000 1624 PSched - ok
    08:25:34.0140 1624 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    08:25:34.0343 1624 Ptilink - ok
    08:25:34.0375 1624 ql1080 - ok
    08:25:34.0437 1624 Ql10wnt - ok
    08:25:34.0453 1624 ql12160 - ok
    08:25:34.0515 1624 ql1240 - ok
    08:25:34.0531 1624 ql1280 - ok
    08:25:34.0578 1624 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    08:25:34.0859 1624 RasAcd - ok
    08:25:34.0921 1624 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    08:25:35.0750 1624 RasAuto - ok
    08:25:36.0265 1624 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    08:25:36.0546 1624 Rasl2tp - ok
    08:25:37.0093 1624 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    08:25:37.0515 1624 RasMan - ok
    08:25:37.0640 1624 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    08:25:37.0921 1624 RasPppoe - ok
    08:25:39.0312 1624 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    08:25:39.0500 1624 Raspti - ok
    08:25:40.0203 1624 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    08:25:40.0906 1624 Rdbss - ok
    08:25:41.0687 1624 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    08:25:41.0859 1624 RDPCDD - ok
    08:25:41.0953 1624 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    08:25:42.0156 1624 rdpdr - ok
    08:25:42.0218 1624 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    08:25:42.0390 1624 RDPWD - ok
    08:25:42.0640 1624 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    08:25:43.0531 1624 RDSessMgr - ok
    08:25:43.0953 1624 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    08:25:44.0218 1624 redbook - ok
    08:25:44.0296 1624 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    08:25:44.0515 1624 RemoteAccess - ok
    08:25:44.0640 1624 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    08:25:44.0812 1624 RemoteRegistry - ok
    08:25:44.0843 1624 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    08:25:45.0109 1624 RpcLocator - ok
    08:25:45.0265 1624 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    08:25:45.0421 1624 RpcSs - ok
    08:25:45.0484 1624 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    08:25:45.0734 1624 RSVP - ok
    08:25:45.0765 1624 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    08:25:45.0906 1624 SamSs - ok
    08:25:46.0093 1624 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    08:25:46.0343 1624 SCardSvr - ok
    08:25:46.0453 1624 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    08:25:46.0718 1624 Schedule - ok
    08:25:46.0843 1624 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    08:25:47.0015 1624 Secdrv - ok
    08:25:47.0406 1624 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    08:25:48.0265 1624 seclogon - ok
    08:25:48.0453 1624 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    08:25:48.0640 1624 SENS - ok
    08:25:48.0796 1624 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    08:25:48.0937 1624 serenum - ok
    08:25:49.0390 1624 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    08:25:49.0593 1624 Serial - ok
    08:25:49.0718 1624 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    08:25:49.0921 1624 Sfloppy - ok
    08:25:50.0328 1624 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    08:25:52.0125 1624 SharedAccess - ok
    08:25:52.0953 1624 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    08:25:53.0156 1624 ShellHWDetection - ok
    08:25:55.0156 1624 Simbad - ok
    08:25:56.0296 1624 Sparrow - ok
    08:25:57.0687 1624 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    08:25:57.0937 1624 splitter - ok
    08:25:58.0250 1624 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    08:25:58.0453 1624 Spooler - ok
    08:25:59.0140 1624 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    08:25:59.0500 1624 sr - ok
    08:26:00.0093 1624 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    08:26:00.0656 1624 srservice - ok
    08:26:01.0218 1624 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    08:26:01.0968 1624 Srv - ok
    08:26:02.0171 1624 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    08:26:02.0562 1624 SSDPSRV - ok
    08:26:03.0093 1624 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
    08:26:03.0390 1624 STHDA - ok
    08:26:03.0875 1624 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    08:26:04.0593 1624 stisvc - ok
    08:26:04.0718 1624 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    08:26:05.0687 1624 swenum - ok
    08:26:06.0156 1624 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    08:26:06.0328 1624 swmidi - ok
    08:26:06.0546 1624 SwPrv - ok
    08:26:06.0718 1624 symc810 - ok
    08:26:06.0765 1624 symc8xx - ok
    08:26:06.0781 1624 sym_hi - ok
    08:26:06.0906 1624 sym_u3 - ok
    08:26:07.0031 1624 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    08:26:07.0250 1624 sysaudio - ok
    08:26:07.0281 1624 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    08:26:07.0671 1624 SysmonLog - ok
    08:26:07.0859 1624 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    08:26:08.0156 1624 TapiSrv - ok
    08:26:08.0625 1624 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    08:26:08.0859 1624 Tcpip - ok
    08:26:08.0953 1624 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    08:26:09.0125 1624 TDPIPE - ok
    08:26:09.0203 1624 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    08:26:09.0437 1624 TDTCP - ok
    08:26:09.0515 1624 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    08:26:09.0687 1624 TermDD - ok
    08:26:09.0796 1624 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    08:26:10.0046 1624 TermService - ok
    08:26:10.0140 1624 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    08:26:10.0234 1624 Themes - ok
    08:26:10.0281 1624 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    08:26:10.0609 1624 TlntSvr - ok
    08:26:10.0625 1624 TosIde - ok
    08:26:10.0703 1624 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    08:26:10.0843 1624 TrkWks - ok
    08:26:10.0890 1624 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    08:26:11.0093 1624 Udfs - ok
    08:26:11.0125 1624 UIUSys - ok
    08:26:11.0140 1624 ultra - ok
    08:26:11.0218 1624 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    08:26:11.0421 1624 Update - ok
    08:26:11.0531 1624 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    08:26:11.0750 1624 upnphost - ok
    08:26:11.0843 1624 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    08:26:12.0093 1624 UPS - ok
    08:26:12.0250 1624 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    08:26:12.0375 1624 USBAAPL - ok
    08:26:12.0453 1624 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
    08:26:12.0546 1624 USBCCID - ok
    08:26:12.0593 1624 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    08:26:12.0765 1624 usbehci - ok
    08:26:12.0812 1624 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    08:26:13.0000 1624 usbhub - ok
    08:26:13.0078 1624 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    08:26:13.0234 1624 usbscan - ok
    08:26:13.0296 1624 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    08:26:13.0453 1624 USBSTOR - ok
    08:26:13.0546 1624 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    08:26:13.0718 1624 usbuhci - ok
    08:26:14.0468 1624 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    08:26:14.0640 1624 VgaSave - ok
    08:26:14.0703 1624 ViaIde - ok
    08:26:14.0781 1624 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    08:26:15.0062 1624 VolSnap - ok
    08:26:15.0265 1624 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    08:26:16.0468 1624 VSS - ok
    08:26:17.0031 1624 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    08:26:17.0375 1624 W32Time - ok
    08:26:20.0484 1624 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    08:26:20.0687 1624 Wanarp - ok
    08:26:21.0140 1624 WDICA - ok
    08:26:21.0390 1624 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    08:26:21.0640 1624 wdmaud - ok
    08:26:21.0828 1624 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    08:26:22.0093 1624 WebClient - ok
    08:26:22.0671 1624 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    08:26:22.0843 1624 winachsf - ok
    08:26:23.0000 1624 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    08:26:23.0296 1624 winmgmt - ok
    08:26:23.0406 1624 wltrysvc - ok
    08:26:23.0468 1624 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
    08:26:23.0671 1624 WmdmPmSN - ok
    08:26:23.0765 1624 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    08:26:24.0234 1624 Wmi - ok
    08:26:24.0359 1624 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    08:26:24.0500 1624 WmiAcpi - ok
    08:26:24.0609 1624 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    08:26:24.0906 1624 WmiApSrv - ok
    08:26:25.0031 1624 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    08:26:25.0281 1624 wscsvc - ok
    08:26:25.0343 1624 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    08:26:25.0500 1624 wuauserv - ok
    08:26:25.0593 1624 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    08:26:25.0796 1624 WudfPf - ok
    08:26:25.0875 1624 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    08:26:26.0000 1624 WudfRd - ok
    08:26:26.0078 1624 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    08:26:26.0218 1624 WudfSvc - ok
    08:26:26.0296 1624 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    08:26:26.0656 1624 WZCSVC - ok
    08:26:26.0984 1624 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    08:26:27.0156 1624 xmlprov - ok
    08:26:27.0218 1624 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
    08:26:27.0265 1624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    08:26:27.0281 1624 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    08:26:27.0375 1624 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    08:26:27.0375 1624 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    08:26:27.0375 1624 Boot (0x1200) (c54b50610ab89d8fbf934a77ccb25f96) \Device\Harddisk0\DR0\Partition0
    08:26:27.0390 1624 \Device\Harddisk0\DR0\Partition0 - ok
    08:26:27.0390 1624 ============================================================
    08:26:27.0390 1624 Scan finished
    08:26:27.0390 1624 ============================================================
    08:26:28.0953 3044 Detected object count: 4
    08:26:28.0968 3044 Actual detected object count: 4
    08:35:06.0890 3044 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
    08:35:07.0062 3044 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    08:35:07.0062 3044 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
    08:35:07.0062 3044 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
    08:35:35.0296 3044 \Device\Harddisk0\DR0\# - copied to quarantine
    08:35:41.0234 3044 \Device\Harddisk0\DR0 - copied to quarantine
    08:36:06.0015 3044 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    08:36:07.0140 3044 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    08:36:24.0750 3044 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    08:36:26.0937 3044 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    08:36:27.0250 3044 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    08:36:28.0234 3044 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    08:36:31.0484 3044 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    08:36:32.0109 3044 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    08:36:32.0187 3044 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    08:36:32.0218 3044 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    08:36:32.0593 3044 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    08:36:33.0156 3044 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    08:36:33.0406 3044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:36:33.0406 3044 \Device\Harddisk0\DR0 - ok
    08:36:33.0515 3044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    08:36:33.0515 3044 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    08:36:33.0515 3044 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    08:40:21.0843 3212 Deinitialize success

  4. #4
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi mla34,


    AVs are notorious for detecting things after the fact.

    Please rerun TDSKiller. This time when presented with these lines

    08:26:27.0375 1624 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    08:26:27.0375 1624 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    use the dropdown menu and select delete.

    MSE still detecting anything?


    Next


    Download aswMBR.exe to your desktop.

    Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply


    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.


    Please post back with
    • TDSK log
    • aswMBR log
    • MBR.zip (attached)
    How's the computer?
    Member of UNITE and ASAP

  5. #5
    Senior Member
    Join Date
    Jan 2010
    Posts
    115

    Default

    Should I change the parameters this time, like I did the last time, before I run the scan?

  6. #6
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi mla34,

    Yes set it up like you did before.
    Member of UNITE and ASAP

  7. #7
    Senior Member
    Join Date
    Jan 2010
    Posts
    115

    Default

    Sorry for nit-picking here but I want to be sure I do things correctly. The scan says there are 3 threats detected, all of which have medium risk. Two "unassigned files" (Service:cercsr6 and Service:OMCI) and "TDSS File System"(Physical Drive: \Device\Harddisk0\DR0). If I am understanding you correctly, I am to delete this last threat but what do I do with the first two?
    Thanks for your patience!

  8. #8
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi mla34,

    Just delete the "TDSS File System"(Physical Drive: \Device\Harddisk0\DR0). line. Use skip on the other 2.
    Member of UNITE and ASAP

  9. #9
    Senior Member
    Join Date
    Jan 2010
    Posts
    115

    Default

    Ok, see results of scans below. MSE popped up with 5 potential threats and has "suspended" them. I just closed it and then while I was downloading aswMBR MSE popped up and said the computer has been cleaned. I did not prompt it to do anything....not sure if that is due to the infection or if the automatic cleaning is set in preferences. I didn't even think to check that and I hope it is not a problem. I am also attaching the MBR file zipped.
    Anyway, I will close up and spend a bit of time on the computer and see how it is and let you know. In the meantime if there is something else you want me to do, let me know. Thanks so much!

    07:36:57.0609 1700 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    07:36:57.0906 1700 ============================================================
    07:36:57.0906 1700 Current date / time: 2012/04/14 07:36:57.0906
    07:36:57.0906 1700 SystemInfo:
    07:36:57.0906 1700
    07:36:57.0906 1700 OS Version: 5.1.2600 ServicePack: 3.0
    07:36:57.0906 1700 Product type: Workstation
    07:36:57.0906 1700 ComputerName: 8G77SC1
    07:36:57.0906 1700 UserName: Home
    07:36:57.0906 1700 Windows directory: C:\WINDOWS
    07:36:57.0906 1700 System windows directory: C:\WINDOWS
    07:36:57.0906 1700 Processor architecture: Intel x86
    07:36:57.0906 1700 Number of processors: 2
    07:36:57.0906 1700 Page size: 0x1000
    07:36:57.0906 1700 Boot type: Normal boot
    07:36:57.0906 1700 ============================================================
    07:37:01.0093 1700 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    07:37:01.0093 1700 \Device\Harddisk0\DR0:
    07:37:01.0093 1700 MBR used
    07:37:01.0093 1700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
    07:37:01.0140 1700 Initialize success
    07:37:01.0140 1700 ============================================================
    07:37:08.0921 3132 ============================================================
    07:37:08.0921 3132 Scan started
    07:37:08.0921 3132 Mode: Manual; SigCheck; TDLFS;
    07:37:08.0921 3132 ============================================================
    07:37:09.0328 3132 Abiosdsk - ok
    07:37:09.0343 3132 abp480n5 - ok
    07:37:09.0421 3132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    07:37:10.0578 3132 ACPI - ok
    07:37:10.0750 3132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    07:37:10.0890 3132 ACPIEC - ok
    07:37:10.0953 3132 adpu160m - ok
    07:37:11.0015 3132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    07:37:11.0218 3132 aec - ok
    07:37:11.0296 3132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    07:37:11.0468 3132 AFD - ok
    07:37:11.0468 3132 Aha154x - ok
    07:37:11.0484 3132 aic78u2 - ok
    07:37:11.0500 3132 aic78xx - ok
    07:37:11.0531 3132 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    07:37:11.0750 3132 Alerter - ok
    07:37:11.0859 3132 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    07:37:12.0078 3132 ALG - ok
    07:37:12.0156 3132 AliIde - ok
    07:37:12.0187 3132 amsint - ok
    07:37:12.0328 3132 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:37:12.0578 3132 Apple Mobile Device - ok
    07:37:12.0703 3132 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    07:37:12.0984 3132 AppMgmt - ok
    07:37:13.0015 3132 asc - ok
    07:37:13.0046 3132 asc3350p - ok
    07:37:13.0062 3132 asc3550 - ok
    07:37:13.0140 3132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    07:37:13.0296 3132 AsyncMac - ok
    07:37:13.0343 3132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    07:37:13.0562 3132 atapi - ok
    07:37:13.0625 3132 Atdisk - ok
    07:37:13.0656 3132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    07:37:13.0859 3132 Atmarpc - ok
    07:37:14.0078 3132 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    07:37:14.0250 3132 AudioSrv - ok
    07:37:14.0328 3132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    07:37:14.0468 3132 audstub - ok
    07:37:14.0578 3132 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    07:37:14.0687 3132 b57w2k - ok
    07:37:14.0796 3132 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    07:37:14.0890 3132 BCM43XX - ok
    07:37:15.0046 3132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    07:37:15.0218 3132 Beep - ok
    07:37:15.0281 3132 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    07:37:15.0515 3132 BITS - ok
    07:37:15.0656 3132 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
    07:37:15.0734 3132 Bonjour Service - ok
    07:37:15.0890 3132 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    07:37:16.0031 3132 Browser - ok
    07:37:16.0125 3132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    07:37:16.0265 3132 cbidf2k - ok
    07:37:16.0328 3132 cd20xrnt - ok
    07:37:16.0390 3132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    07:37:16.0562 3132 Cdaudio - ok
    07:37:16.0609 3132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    07:37:16.0765 3132 Cdfs - ok
    07:37:16.0828 3132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    07:37:16.0984 3132 Cdrom - ok
    07:37:17.0031 3132 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    07:37:17.0093 3132 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
    07:37:17.0093 3132 cercsr6 - detected UnsignedFile.Multi.Generic (1)
    07:37:17.0109 3132 Changer - ok
    07:37:17.0140 3132 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    07:37:17.0390 3132 CiSvc - ok
    07:37:17.0421 3132 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    07:37:17.0609 3132 ClipSrv - ok
    07:37:17.0656 3132 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    07:37:17.0796 3132 CmBatt - ok
    07:37:17.0796 3132 CmdIde - ok
    07:37:17.0828 3132 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    07:37:17.0968 3132 Compbatt - ok
    07:37:17.0984 3132 COMSysApp - ok
    07:37:18.0000 3132 Cpqarray - ok
    07:37:18.0031 3132 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    07:37:18.0203 3132 CryptSvc - ok
    07:37:18.0218 3132 dac2w2k - ok
    07:37:18.0218 3132 dac960nt - ok
    07:37:18.0281 3132 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    07:37:18.0468 3132 DcomLaunch - ok
    07:37:18.0531 3132 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    07:37:18.0687 3132 Dhcp - ok
    07:37:18.0750 3132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    07:37:18.0890 3132 Disk - ok
    07:37:18.0890 3132 dmadmin - ok
    07:37:18.0953 3132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    07:37:19.0156 3132 dmboot - ok
    07:37:19.0203 3132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    07:37:19.0359 3132 dmio - ok
    07:37:19.0406 3132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    07:37:19.0531 3132 dmload - ok
    07:37:19.0562 3132 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    07:37:19.0703 3132 dmserver - ok
    07:37:19.0750 3132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    07:37:19.0906 3132 DMusic - ok
    07:37:19.0953 3132 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    07:37:20.0078 3132 Dnscache - ok
    07:37:20.0171 3132 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    07:37:20.0375 3132 Dot3svc - ok
    07:37:20.0406 3132 dpti2o - ok
    07:37:20.0671 3132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    07:37:20.0812 3132 drmkaud - ok
    07:37:21.0234 3132 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    07:37:21.0375 3132 EapHost - ok
    07:37:21.0515 3132 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    07:37:21.0671 3132 ERSvc - ok
    07:37:21.0781 3132 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    07:37:21.0890 3132 Eventlog - ok
    07:37:22.0312 3132 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    07:37:22.0562 3132 EventSystem - ok
    07:37:23.0187 3132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    07:37:23.0796 3132 Fastfat - ok
    07:37:23.0921 3132 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    07:37:24.0031 3132 FastUserSwitchingCompatibility - ok
    07:37:24.0109 3132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    07:37:24.0312 3132 Fdc - ok
    07:37:24.0468 3132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    07:37:24.0609 3132 Fips - ok
    07:37:24.0625 3132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    07:37:24.0765 3132 Flpydisk - ok
    07:37:24.0812 3132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    07:37:24.0984 3132 FltMgr - ok
    07:37:25.0046 3132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    07:37:25.0187 3132 Fs_Rec - ok
    07:37:25.0187 3132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    07:37:25.0390 3132 Ftdisk - ok
    07:37:25.0437 3132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    07:37:25.0500 3132 GEARAspiWDM - ok
    07:37:25.0531 3132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    07:37:25.0656 3132 Gpc - ok
    07:37:25.0703 3132 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    07:37:25.0859 3132 HDAudBus - ok
    07:37:25.0937 3132 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    07:37:26.0109 3132 helpsvc - ok
    07:37:26.0250 3132 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    07:37:26.0515 3132 HidServ - ok
    07:37:26.0609 3132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    07:37:26.0812 3132 HidUsb - ok
    07:37:26.0890 3132 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    07:37:27.0062 3132 hkmsvc - ok
    07:37:27.0093 3132 hpn - ok
    07:37:27.0234 3132 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    07:37:27.0390 3132 HSF_DPV - ok
    07:37:27.0468 3132 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    07:37:27.0531 3132 HSXHWAZL - ok
    07:37:27.0640 3132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    07:37:27.0734 3132 HTTP - ok
    07:37:27.0812 3132 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    07:37:28.0000 3132 HTTPFilter - ok
    07:37:28.0093 3132 i2omgmt - ok
    07:37:28.0125 3132 i2omp - ok
    07:37:28.0218 3132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    07:37:28.0375 3132 i8042prt - ok
    07:37:28.0531 3132 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    07:37:28.0968 3132 ialm - ok
    07:37:29.0078 3132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    07:37:29.0281 3132 Imapi - ok
    07:37:29.0421 3132 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    07:37:29.0609 3132 ImapiService - ok
    07:37:29.0656 3132 ini910u - ok
    07:37:29.0703 3132 IntelIde - ok
    07:37:29.0765 3132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    07:37:29.0968 3132 intelppm - ok
    07:37:30.0046 3132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    07:37:30.0203 3132 Ip6Fw - ok
    07:37:30.0250 3132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    07:37:30.0390 3132 IpFilterDriver - ok
    07:37:30.0484 3132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    07:37:30.0656 3132 IpInIp - ok
    07:37:30.0687 3132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    07:37:30.0828 3132 IpNat - ok
    07:37:30.0984 3132 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
    07:37:31.0140 3132 iPod Service - ok
    07:37:31.0281 3132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    07:37:31.0468 3132 IPSec - ok
    07:37:31.0562 3132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    07:37:31.0734 3132 IRENUM - ok
    07:37:31.0859 3132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    07:37:32.0062 3132 isapnp - ok
    07:37:32.0234 3132 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
    07:37:32.0390 3132 JavaQuickStarterService - ok
    07:37:32.0500 3132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    07:37:32.0656 3132 Kbdclass - ok
    07:37:32.0765 3132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    07:37:33.0015 3132 kmixer - ok
    07:37:33.0093 3132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    07:37:33.0250 3132 KSecDD - ok
    07:37:33.0312 3132 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    07:37:33.0390 3132 lanmanserver - ok
    07:37:33.0437 3132 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    07:37:33.0562 3132 lanmanworkstation - ok
    07:37:33.0562 3132 lbrtfdc - ok
    07:37:33.0609 3132 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    07:37:33.0812 3132 LmHosts - ok
    07:37:33.0843 3132 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    07:37:33.0890 3132 mdmxsdk - ok
    07:37:33.0906 3132 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    07:37:34.0062 3132 Messenger - ok
    07:37:34.0093 3132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    07:37:34.0234 3132 mnmdd - ok
    07:37:34.0312 3132 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    07:37:34.0468 3132 mnmsrvc - ok
    07:37:34.0593 3132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    07:37:34.0750 3132 Modem - ok
    07:37:34.0843 3132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    07:37:34.0968 3132 Mouclass - ok
    07:37:35.0046 3132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    07:37:35.0218 3132 mouhid - ok
    07:37:35.0312 3132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    07:37:35.0484 3132 MountMgr - ok
    07:37:35.0531 3132 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    07:37:35.0609 3132 MpFilter - ok
    07:37:35.0625 3132 mraid35x - ok
    07:37:35.0656 3132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    07:37:35.0843 3132 MRxDAV - ok
    07:37:35.0890 3132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    07:37:36.0031 3132 MRxSmb - ok
    07:37:36.0171 3132 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    07:37:36.0312 3132 MSDTC - ok
    07:37:36.0390 3132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    07:37:36.0515 3132 Msfs - ok
    07:37:36.0562 3132 MSIServer - ok
    07:37:36.0640 3132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    07:37:36.0765 3132 MSKSSRV - ok
    07:37:36.0890 3132 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    07:37:36.0937 3132 MsMpSvc - ok
    07:37:36.0937 3132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    07:37:37.0078 3132 MSPCLOCK - ok
    07:37:37.0078 3132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    07:37:37.0203 3132 MSPQM - ok
    07:37:37.0250 3132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    07:37:37.0390 3132 mssmbios - ok
    07:37:37.0437 3132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    07:37:37.0515 3132 Mup - ok
    07:37:37.0593 3132 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    07:37:37.0765 3132 napagent - ok
    07:37:37.0875 3132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    07:37:38.0140 3132 NDIS - ok
    07:37:38.0187 3132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    07:37:38.0296 3132 NdisTapi - ok
    07:37:38.0343 3132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    07:37:38.0546 3132 Ndisuio - ok
    07:37:38.0640 3132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    07:37:38.0796 3132 NdisWan - ok
    07:37:38.0890 3132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    07:37:38.0984 3132 NDProxy - ok
    07:37:39.0062 3132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    07:37:39.0265 3132 NetBIOS - ok
    07:37:39.0312 3132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    07:37:39.0484 3132 NetBT - ok
    07:37:39.0515 3132 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    07:37:39.0750 3132 NetDDE - ok
    07:37:39.0750 3132 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    07:37:39.0921 3132 NetDDEdsdm - ok
    07:37:40.0109 3132 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    07:37:40.0250 3132 Netlogon - ok
    07:37:40.0328 3132 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    07:37:40.0562 3132 Netman - ok
    07:37:40.0656 3132 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    07:37:40.0781 3132 Nla - ok
    07:37:40.0859 3132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    07:37:41.0031 3132 Npfs - ok
    07:37:41.0171 3132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    07:37:41.0375 3132 Ntfs - ok
    07:37:41.0421 3132 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    07:37:41.0531 3132 NtLmSsp - ok
    07:37:41.0578 3132 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    07:37:41.0812 3132 NtmsSvc - ok
    07:37:41.0921 3132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    07:37:42.0078 3132 Null - ok
    07:37:42.0171 3132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    07:37:42.0375 3132 NwlnkFlt - ok
    07:37:42.0453 3132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    07:37:42.0578 3132 NwlnkFwd - ok
    07:37:42.0781 3132 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    07:37:42.0875 3132 odserv - ok
    07:37:43.0000 3132 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    07:37:43.0062 3132 OMCI ( UnsignedFile.Multi.Generic ) - warning
    07:37:43.0062 3132 OMCI - detected UnsignedFile.Multi.Generic (1)
    07:37:43.0171 3132 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    07:37:43.0281 3132 ose - ok
    07:37:43.0328 3132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    07:37:43.0546 3132 Parport - ok
    07:37:43.0562 3132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    07:37:43.0687 3132 PartMgr - ok
    07:37:43.0750 3132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    07:37:43.0890 3132 ParVdm - ok
    07:37:43.0921 3132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    07:37:44.0078 3132 PCI - ok
    07:37:44.0109 3132 PCIDump - ok
    07:37:44.0140 3132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    07:37:44.0281 3132 PCIIde - ok
    07:37:44.0312 3132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    07:37:44.0437 3132 Pcmcia - ok
    07:37:44.0453 3132 PDCOMP - ok
    07:37:44.0500 3132 PDFRAME - ok
    07:37:44.0515 3132 PDRELI - ok
    07:37:44.0531 3132 PDRFRAME - ok
    07:37:44.0546 3132 perc2 - ok
    07:37:44.0546 3132 perc2hib - ok
    07:37:44.0609 3132 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    07:37:44.0718 3132 PlugPlay - ok
    07:37:44.0750 3132 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    07:37:44.0859 3132 PolicyAgent - ok
    07:37:44.0906 3132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    07:37:45.0109 3132 PptpMiniport - ok
    07:37:45.0125 3132 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    07:37:45.0296 3132 ProtectedStorage - ok
    07:37:45.0390 3132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    07:37:45.0531 3132 PSched - ok
    07:37:45.0562 3132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    07:37:45.0703 3132 Ptilink - ok
    07:37:45.0718 3132 ql1080 - ok
    07:37:45.0734 3132 Ql10wnt - ok
    07:37:45.0750 3132 ql12160 - ok
    07:37:45.0765 3132 ql1240 - ok
    07:37:45.0781 3132 ql1280 - ok
    07:37:45.0796 3132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    07:37:45.0968 3132 RasAcd - ok
    07:37:46.0015 3132 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    07:37:46.0250 3132 RasAuto - ok
    07:37:46.0359 3132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    07:37:46.0531 3132 Rasl2tp - ok
    07:37:46.0593 3132 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    07:37:46.0796 3132 RasMan - ok
    07:37:46.0921 3132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    07:37:47.0109 3132 RasPppoe - ok
    07:37:47.0156 3132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    07:37:47.0312 3132 Raspti - ok
    07:37:47.0375 3132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    07:37:47.0546 3132 Rdbss - ok
    07:37:47.0562 3132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    07:37:47.0703 3132 RDPCDD - ok
    07:37:47.0796 3132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    07:37:48.0000 3132 rdpdr - ok
    07:37:48.0093 3132 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    07:37:48.0203 3132 RDPWD - ok
    07:37:48.0250 3132 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    07:37:48.0609 3132 RDSessMgr - ok
    07:37:48.0765 3132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    07:37:48.0921 3132 redbook - ok
    07:37:49.0000 3132 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    07:37:49.0265 3132 RemoteAccess - ok
    07:37:49.0375 3132 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    07:37:49.0578 3132 RemoteRegistry - ok
    07:37:49.0671 3132 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    07:37:49.0828 3132 RpcLocator - ok
    07:37:49.0906 3132 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    07:37:49.0984 3132 RpcSs - ok
    07:37:50.0031 3132 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    07:37:50.0218 3132 RSVP - ok
    07:37:50.0343 3132 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    07:37:50.0484 3132 SamSs - ok
    07:37:50.0546 3132 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    07:37:50.0750 3132 SCardSvr - ok
    07:37:50.0828 3132 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    07:37:51.0046 3132 Schedule - ok
    07:37:51.0171 3132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    07:37:51.0296 3132 Secdrv - ok
    07:37:51.0375 3132 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    07:37:51.0515 3132 seclogon - ok
    07:37:51.0562 3132 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    07:37:51.0718 3132 SENS - ok
    07:37:51.0812 3132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    07:37:51.0937 3132 serenum - ok
    07:37:52.0046 3132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    07:37:52.0218 3132 Serial - ok
    07:37:52.0312 3132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    07:37:52.0453 3132 Sfloppy - ok
    07:37:52.0531 3132 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    07:37:52.0734 3132 SharedAccess - ok
    07:37:52.0796 3132 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    07:37:52.0859 3132 ShellHWDetection - ok
    07:37:52.0875 3132 Simbad - ok
    07:37:52.0890 3132 Sparrow - ok
    07:37:52.0953 3132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    07:37:53.0109 3132 splitter - ok
    07:37:53.0187 3132 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    07:37:53.0359 3132 Spooler - ok
    07:37:53.0375 3132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    07:37:53.0625 3132 sr - ok
    07:37:53.0750 3132 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    07:37:53.0906 3132 srservice - ok
    07:37:54.0046 3132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    07:37:54.0140 3132 Srv - ok
    07:37:54.0171 3132 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    07:37:54.0375 3132 SSDPSRV - ok
    07:37:54.0531 3132 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
    07:37:54.0656 3132 STHDA - ok
    07:37:54.0718 3132 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    07:37:54.0953 3132 stisvc - ok
    07:37:55.0000 3132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    07:37:55.0187 3132 swenum - ok
    07:37:55.0265 3132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    07:37:55.0406 3132 swmidi - ok
    07:37:55.0437 3132 SwPrv - ok
    07:37:55.0453 3132 symc810 - ok
    07:37:55.0468 3132 symc8xx - ok
    07:37:55.0484 3132 sym_hi - ok
    07:37:55.0484 3132 sym_u3 - ok
    07:37:55.0546 3132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    07:37:55.0703 3132 sysaudio - ok
    07:37:55.0765 3132 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    07:37:55.0953 3132 SysmonLog - ok
    07:37:56.0062 3132 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    07:37:56.0234 3132 TapiSrv - ok
    07:37:56.0359 3132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    07:37:56.0468 3132 Tcpip - ok
    07:37:56.0515 3132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    07:37:56.0718 3132 TDPIPE - ok
    07:37:56.0796 3132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    07:37:56.0937 3132 TDTCP - ok
    07:37:56.0984 3132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    07:37:57.0125 3132 TermDD - ok
    07:37:57.0218 3132 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    07:37:57.0390 3132 TermService - ok
    07:37:57.0500 3132 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    07:37:57.0562 3132 Themes - ok
    07:37:57.0609 3132 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    07:37:57.0890 3132 TlntSvr - ok
    07:37:57.0890 3132 TosIde - ok
    07:37:57.0937 3132 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    07:37:58.0156 3132 TrkWks - ok
    07:37:58.0250 3132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    07:37:58.0406 3132 Udfs - ok
    07:37:58.0484 3132 UIUSys - ok
    07:37:58.0500 3132 ultra - ok
    07:37:58.0562 3132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    07:37:58.0734 3132 Update - ok
    07:37:58.0781 3132 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    07:37:58.0953 3132 upnphost - ok
    07:37:59.0046 3132 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    07:37:59.0250 3132 UPS - ok
    07:37:59.0375 3132 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    07:37:59.0484 3132 USBAAPL - ok
    07:37:59.0546 3132 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
    07:37:59.0640 3132 USBCCID - ok
    07:37:59.0671 3132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    07:37:59.0859 3132 usbehci - ok
    07:37:59.0968 3132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    07:38:00.0187 3132 usbhub - ok
    07:38:00.0281 3132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    07:38:00.0421 3132 usbscan - ok
    07:38:00.0468 3132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    07:38:00.0593 3132 USBSTOR - ok
    07:38:00.0625 3132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    07:38:00.0750 3132 usbuhci - ok
    07:38:00.0796 3132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    07:38:00.0937 3132 VgaSave - ok
    07:38:00.0937 3132 ViaIde - ok
    07:38:00.0984 3132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    07:38:01.0140 3132 VolSnap - ok
    07:38:01.0250 3132 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    07:38:01.0437 3132 VSS - ok
    07:38:01.0484 3132 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    07:38:01.0625 3132 W32Time - ok
    07:38:01.0671 3132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    07:38:01.0859 3132 Wanarp - ok
    07:38:01.0859 3132 WDICA - ok
    07:38:01.0984 3132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    07:38:02.0156 3132 wdmaud - ok
    07:38:02.0265 3132 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    07:38:02.0437 3132 WebClient - ok
    07:38:02.0578 3132 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    07:38:02.0703 3132 winachsf - ok
    07:38:02.0812 3132 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    07:38:03.0031 3132 winmgmt - ok
    07:38:03.0125 3132 wltrysvc - ok
    07:38:03.0203 3132 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
    07:38:03.0359 3132 WmdmPmSN - ok
    07:38:03.0500 3132 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    07:38:03.0765 3132 Wmi - ok
    07:38:03.0828 3132 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    07:38:03.0953 3132 WmiAcpi - ok
    07:38:04.0062 3132 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    07:38:04.0250 3132 WmiApSrv - ok
    07:38:04.0343 3132 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    07:38:04.0578 3132 wscsvc - ok
    07:38:04.0609 3132 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    07:38:04.0765 3132 wuauserv - ok
    07:38:04.0828 3132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    07:38:05.0000 3132 WudfPf - ok
    07:38:05.0078 3132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    07:38:05.0218 3132 WudfRd - ok
    07:38:05.0265 3132 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    07:38:05.0328 3132 WudfSvc - ok
    07:38:05.0406 3132 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    07:38:05.0625 3132 WZCSVC - ok
    07:38:05.0656 3132 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    07:38:05.0812 3132 xmlprov - ok
    07:38:05.0859 3132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    07:38:06.0062 3132 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    07:38:06.0062 3132 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    07:38:06.0062 3132 Boot (0x1200) (c54b50610ab89d8fbf934a77ccb25f96) \Device\Harddisk0\DR0\Partition0
    07:38:06.0062 3132 \Device\Harddisk0\DR0\Partition0 - ok
    07:38:06.0062 3132 ============================================================
    07:38:06.0062 3132 Scan finished
    07:38:06.0062 3132 ============================================================
    07:38:06.0171 3124 Detected object count: 3
    07:38:06.0171 3124 Actual detected object count: 3
    10:53:08.0859 3124 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
    10:53:08.0859 3124 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:53:08.0859 3124 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
    10:53:08.0859 3124 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:53:08.0953 3124 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    10:53:08.0984 3124 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    10:53:09.0125 3124 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    10:53:09.0187 3124 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    10:53:09.0265 3124 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    10:53:09.0640 3124 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    10:53:10.0765 3124 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    10:53:10.0859 3124 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    10:53:10.0859 3124 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    10:53:10.0859 3124 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    10:53:10.0875 3124 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    10:53:10.0937 3124 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    10:53:10.0953 3124 \Device\Harddisk0\DR0\TDLFS - deleted
    10:53:10.0953 3124 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-14 11:02:50
    -----------------------------
    11:02:50.156 OS Version: Windows 5.1.2600 Service Pack 3
    11:02:50.156 Number of processors: 2 586 0xF02
    11:02:50.156 ComputerName: 8G77SC1 UserName: Home
    11:02:51.203 Initialize success
    11:09:07.015 AVAST engine defs: 12041400
    11:09:38.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    11:09:38.875 Disk 0 Vendor: ST94813AS 8.04 Size: 38154MB BusType: 3
    11:09:38.875 Disk 0 MBR read successfully
    11:09:38.890 Disk 0 MBR scan
    11:09:38.937 Disk 0 Windows XP default MBR code
    11:09:38.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
    11:09:38.953 Disk 0 scanning sectors +78140160
    11:09:39.484 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:09:58.734 Service scanning
    11:10:07.765 Service MpKsl55bf86fb c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8048613-029B-4390-895E-4C11811277FD}\MpKsl55bf86fb.sys **LOCKED** 32
    11:10:21.796 Modules scanning
    11:10:28.156 Disk 0 trace - called modules:
    11:10:28.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    11:10:28.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d57ab8]
    11:10:28.187 3 CLASSPNP.SYS[f757efd7] -> nt!IofCallDriver -> \Device\00000073[0x86d5df18]
    11:10:28.187 5 ACPI.sys[f7415620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ceb940]
    11:10:28.546 AVAST engine scan C:\WINDOWS
    11:10:43.859 AVAST engine scan C:\WINDOWS\system32
    11:13:41.312 AVAST engine scan C:\WINDOWS\system32\drivers
    11:14:02.546 AVAST engine scan C:\Documents and Settings\Home
    11:14:26.546 File: C:\Documents and Settings\Home\Application Data\Office Genuine Advantage\Office Genuine Advantage\afxjahc.dll **INFECTED** Win32:Trojan-gen
    11:27:30.765 AVAST engine scan C:\Documents and Settings\All Users
    11:28:01.281 Scan finished successfully
    11:28:46.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home\Desktop\MBR.dat"
    11:28:46.156 The log file has been saved successfully to "C:\Documents and Settings\Home\Desktop\aswMBR.txt"

  10. #10
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi mla34,

    This looks pretty good. How is the computer?

    Please go to Virustotal Please submit these files for analysis

    copy and paste (or use the choose file button to browse to the files)the following into the choose file box (one at a time if more than one file is listed)

    C:\Documents and Settings\Home\Application Data\Office Genuine Advantage\Office Genuine Advantage\afxjahc.dll



    click the Scan it button. Wait for the results and post them in your next reply.

    If it says the file has all ready been analysed click reanalyse.

    Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
    Member of UNITE and ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •