Infected Computer

[bakan]

I apologize for the double post. Didn't know I had to include log content within the post itself:

A while ago I noticed a rogue antivirus program on this computer. Unfortunately, I was dumb enough to try the "uninstall.exe" which seemed to add yet another rogue antivirus and the computer began opening up browser windows automatically and doing other strange things.

A few months went by where I didnt use this PC and somehow things had gone back to "normal." However, I've noticed that google search results redirect to ad sites and there was a malicious login attempt on my gmail account so I suspect there is a keylogger of some sort and that the computer is a drone.

Any help would be greatly appreciated. Thanks in advance.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Erikkita at 6:55:38 on 2012-07-23

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.248 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Xhozevocogi] rundll32.exe "c:\windows\obixiwuhuqero.dll",Startup

mRun: [Fax Machine]

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{16D1E1A7-6AAF-426C-9F8D-8CAD6FC5255D} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\erikkita\application data\mozilla\firefox\profiles\le4gir5h.default\

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

.

============= SERVICES / DRIVERS ===============

.

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2012-5-14 14464]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-7 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-27 113120]

.

=============== Created Last 30 ================

.

2012-06-27 15:51:11 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-27 15:51:06 68576 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-06-27 15:51:06 573920 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-06-27 15:51:06 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-06-27 15:51:06 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-06-27 15:51:05 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-27 15:51:05 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

.

==================== Find3M ====================

.

2012-07-23 08:53:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-23 08:31:39 0 ----a-w- c:\windows\Bhipujoxumuge.bin

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 15:26:29 95360 ----a-w- c:\windows\system32\drivers\atapi.sys

2006-11-30 22:06:07 774144 ----a-w- c:\program files\RngInterstitial.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6Y160M0 rev.YAR51HW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81E354B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x81e3c93c]; MOV EAX, [0x81e3cab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13A7] -> \Device\Harddisk0\DR0[0x8237DAB8]

3 CLASSPNP[0xF858905B] -> nt!IofCallDriver[0x804E13A7] -> [0x81EBCF18]

\Driver\atapi[0x820008C8] -> IRP_MJ_CREATE -> 0x81E354B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x81E352E2

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 6:57:26.06 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.1

Adobe Shockwave Player

Adobe® Photoshop® Album Starter Edition 3.2

Apple Application Support

Apple Software Update

ArcSoft PhotoImpression 3.0

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Creative MediaSource

Dell ResourceCD

Deluge 1.3.3

DivX Setup

Fax Machine 6.06

Google Chrome

Google Update Helper

GTK2-Runtime

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

I8kfanGUI V3.1

Intel® PRO Network Adapters and Drivers

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 23

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 6 Service Pack 2 (KB973686)

PowerDVD 5.3

PowerISO

QuickTime

Rosetta Stone Version 3

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB913433)

Skype Toolbars

Skype™ 5.3

Sonic DLA

Sonic MyDVD

Sonic RecordNow!

Sonic Update Manager

SoundMAX

SpeedFan (remove only)

SumatraPDF

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

VC80CRTRedist - 8.0.50727.4053

Viewpoint Manager (Remove Only)

Viewpoint Media Player

VLC media player 1.1.7

Vuze

Vuze Remote Toolbar

WebFldrs XP

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Live Messenger

WinRAR 4.00 (32-bit)

WordPerfect Office 12

Xtend

.

==== End Of File ===========================

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.23.04

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

Erikkita :: ERIKA [administrator]

7/23/2012 4:53:57 AM

mbam-log-2012-07-23 (06-52-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226939

Time elapsed: 1 hour(s), 31 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Erikkita\Local Settings\Application Data\syy.exe" -a "iexplore.exe) Good: (iexplore.exe) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Documents and Settings\Erikkita\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player(2).exe (PUP.OfferBundler.ST) -> No action taken.

C:\Documents and Settings\Erikkita\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.OfferBundler.ST) -> No action taken.

(end)

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[bakan]

OK here is the RK Scan log..

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User: Erikkita [Admin rights]

Mode: Scan -- Date: 07/23/2012 21:32:40

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] obixiwuhuqero.dll -- C:\WINDOWS\obixiwuhuqero.dll -> UNLOADED

[sUSP PATH] obixiwuhuqero.dll -- C:\WINDOWS\obixiwuhuqero.dll -> UNLOADED

¤¤¤ Registry Entries: 5 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : Xhozevocogi (rundll32.exe "C:\WINDOWS\obixiwuhuqero.dll",Startup) -> FOUND

[sUSP PATH] HKUS\S-1-5-19[...]\Run : upd_debug.exe ("C:\Documents and Settings\Erikkita\Application Data\4523EE32CFBCA36AFB509A9EA53F59C8\upd_debug.exe") -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Tr.Karagany][FOLDER] plugs : c:\documents and settings\erikkita\application data\adobe\plugs --> FOUND

[Tr.Karagany][FOLDER] shed : c:\documents and settings\erikkita\application data\adobe\shed --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 99.189.54

127.0.0.1 99.189.52

127.0.0.1 99.14.103

127.0.0.1 98.223.73

127.0.0.1 97.80.137

127.0.0.1 95.134.16

127.0.0.1 95.133.8.

127.0.0.1 95.133.23

127.0.0.1 95.133.23

127.0.0.1 95.133.14

127.0.0.1 95.133.11

127.0.0.1 95.105.17

127.0.0.1 94.53.2.1

127.0.0.1 94.23.201

127.0.0.1 94.179.55

127.0.0.1 94.179.48

127.0.0.1 94.179.19

127.0.0.1 94.179.11

127.0.0.1 94.178.65

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 52eaafda66390dba4c4a970c28351c1e

[bSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 148930 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305154675 | Size: 3584 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 639ef5462067cb55ec472a64a10bf283

[bSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 148930 Mo

3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305154675 | Size: 3584 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

OK, run RogueKiller again and click Scan

When the scan completes > click on the Processes tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] obixiwuhuqero.dll -- C:\WINDOWS\obixiwuhuqero.dll -> UNLOADED

[sUSP PATH] obixiwuhuqero.dll -- C:\WINDOWS\obixiwuhuqero.dll -> UNLOADED

Now click Delete on the right hand column under Options

Repeat the process for these

Click on the Registry Entries > put a check next to these and uncheck the rest:

¤¤¤ Registry Entries: 5 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : Xhozevocogi (rundll32.exe "C:\WINDOWS\obixiwuhuqero.dll",Startup) -> FOUND

[sUSP PATH] HKUS\S-1-5-19[...]\Run : upd_debug.exe ("C:\Documents and Settings\Erikkita\Application Data\4523EE32CFBCA36AFB509A9EA53F59C8\upd_debug.exe") -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

Click on Delete under Options on the right hand side.

----------

Repeat the process for these

Click on the Files > put a check next to these and uncheck the rest:

¤¤¤ Files ¤¤¤

[Tr.Karagany][FOLDER] plugs : c:\documents and settings\erikkita\application data\adobe\plugs --> FOUND

[Tr.Karagany][FOLDER] shed : c:\documents and settings\erikkita\application data\adobe\shed --> FOUND

Now click Delete on the right hand column under Options

-------------------------------------------------

Next......................

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[bakan]

Here's the TDSS Killer log..

22:35:13.0687 3676 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30

22:35:14.0437 3676 ============================================================

22:35:14.0437 3676 Current date / time: 2012/07/23 22:35:14.0437

22:35:14.0437 3676 SystemInfo:

22:35:14.0437 3676

22:35:14.0437 3676 OS Version: 5.1.2600 ServicePack: 2.0

22:35:14.0437 3676 Product type: Workstation

22:35:14.0437 3676 ComputerName: ERIKA

22:35:14.0437 3676 UserName: Erikkita

22:35:14.0437 3676 Windows directory: C:\WINDOWS

22:35:14.0437 3676 System windows directory: C:\WINDOWS

22:35:14.0437 3676 Processor architecture: Intel x86

22:35:14.0437 3676 Number of processors: 2

22:35:14.0437 3676 Page size: 0x1000

22:35:14.0437 3676 Boot type: Normal boot

22:35:14.0437 3676 ============================================================

22:35:20.0625 3676 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020

22:35:20.0656 3676 ============================================================

22:35:20.0656 3676 \Device\Harddisk0\DR0:

22:35:20.0656 3676 MBR partitions:

22:35:20.0656 3676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x122E15AA

22:35:20.0656 3676 ============================================================

22:35:20.0718 3676 C: <-> \Device\Harddisk0\DR0\Partition0

22:35:20.0718 3676 ============================================================

22:35:20.0718 3676 Initialize success

22:35:20.0718 3676 ============================================================

22:35:46.0031 3012 ============================================================

22:35:46.0031 3012 Scan started

22:35:46.0031 3012 Mode: Manual; SigCheck; TDLFS;

22:35:46.0031 3012 ============================================================

22:35:47.0000 3012 Abiosdsk - ok

22:35:47.0000 3012 abp480n5 - ok

22:35:47.0062 3012 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:35:49.0640 3012 ACPI - ok

22:35:49.0656 3012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:35:49.0859 3012 ACPIEC - ok

22:35:49.0859 3012 adpu160m - ok

22:35:49.0906 3012 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

22:35:50.0468 3012 aec - ok

22:35:50.0500 3012 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

22:35:50.0578 3012 AFD - ok

22:35:50.0578 3012 Aha154x - ok

22:35:50.0578 3012 aic78u2 - ok

22:35:50.0593 3012 aic78xx - ok

22:35:50.0625 3012 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll

22:35:50.0812 3012 Alerter - ok

22:35:50.0828 3012 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe

22:35:50.0968 3012 ALG - ok

22:35:50.0968 3012 AliIde - ok

22:35:50.0984 3012 amsint - ok

22:35:50.0984 3012 AppMgmt - ok

22:35:50.0984 3012 asc - ok

22:35:51.0000 3012 asc3350p - ok

22:35:51.0000 3012 asc3550 - ok

22:35:51.0109 3012 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:35:51.0171 3012 aspnet_state - ok

22:35:51.0203 3012 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:35:51.0375 3012 AsyncMac - ok

22:35:51.0453 3012 atapi (717ad2b50156e2e78582bbbec5f7f0c0) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:35:51.0453 3012 atapi ( Rootkit.Win32.TDSS.tdl3 ) - infected

22:35:51.0453 3012 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)

22:35:51.0468 3012 Atdisk - ok

22:35:51.0546 3012 Ati HotKey Poller (4deaa162480367b232f3ee3a6d34084b) C:\WINDOWS\system32\Ati2evxx.exe

22:35:51.0640 3012 Ati HotKey Poller - ok

22:35:51.0687 3012 ATI Smart (2bdd1d3403827cd1af973a9cfad4edc7) C:\WINDOWS\system32\ati2sgag.exe

22:35:51.0734 3012 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

22:35:51.0734 3012 ATI Smart - detected UnsignedFile.Multi.Generic (1)

22:35:51.0781 3012 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:35:51.0906 3012 ati2mtag - ok

22:35:51.0953 3012 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:35:52.0109 3012 Atmarpc - ok

22:35:52.0187 3012 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll

22:35:52.0359 3012 AudioSrv - ok

22:35:52.0406 3012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:35:52.0546 3012 audstub - ok

22:35:52.0593 3012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:35:52.0750 3012 Beep - ok

22:35:52.0843 3012 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll

22:35:53.0187 3012 BITS - ok

22:35:53.0234 3012 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll

22:35:53.0421 3012 Browser - ok

22:35:53.0437 3012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:35:53.0593 3012 cbidf2k - ok

22:35:53.0609 3012 cd20xrnt - ok

22:35:53.0671 3012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:35:53.0859 3012 Cdaudio - ok

22:35:54.0140 3012 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

22:35:54.0375 3012 Cdfs - ok

22:35:54.0468 3012 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:35:54.0734 3012 Cdrom - ok

22:35:54.0734 3012 Changer - ok

22:35:54.0750 3012 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe

22:35:54.0906 3012 CiSvc - ok

22:35:54.0921 3012 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe

22:35:55.0109 3012 ClipSrv - ok

22:35:55.0187 3012 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:35:55.0343 3012 clr_optimization_v2.0.50727_32 - ok

22:35:55.0343 3012 CmdIde - ok

22:35:55.0359 3012 COMSysApp - ok

22:35:55.0359 3012 Cpqarray - ok

22:35:55.0406 3012 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE

22:35:55.0437 3012 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

22:35:55.0437 3012 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

22:35:55.0484 3012 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll

22:35:55.0640 3012 CryptSvc - ok

22:35:55.0703 3012 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

22:35:55.0796 3012 ctsfm2k - ok

22:35:55.0812 3012 dac2w2k - ok

22:35:55.0812 3012 dac960nt - ok

22:35:55.0859 3012 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll

22:35:55.0984 3012 DcomLaunch - ok

22:35:56.0015 3012 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll

22:35:56.0484 3012 Dhcp - ok

22:35:56.0515 3012 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

22:35:56.0671 3012 Disk - ok

22:35:56.0671 3012 dmadmin - ok

22:35:56.0734 3012 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

22:35:56.0937 3012 dmboot - ok

22:35:56.0953 3012 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

22:35:57.0140 3012 dmio - ok

22:35:57.0171 3012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:35:57.0312 3012 dmload - ok

22:35:57.0343 3012 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll

22:35:57.0500 3012 dmserver - ok

22:35:57.0531 3012 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

22:35:57.0687 3012 DMusic - ok

22:35:57.0734 3012 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll

22:35:58.0187 3012 Dnscache - ok

22:35:58.0203 3012 dpti2o - ok

22:35:58.0218 3012 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

22:35:58.0390 3012 drmkaud - ok

22:35:58.0437 3012 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys

22:35:58.0468 3012 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

22:35:58.0468 3012 drvmcdb - detected UnsignedFile.Multi.Generic (1)

22:35:58.0468 3012 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys

22:35:58.0484 3012 drvnddm ( UnsignedFile.Multi.Generic ) - warning

22:35:58.0484 3012 drvnddm - detected UnsignedFile.Multi.Generic (1)

22:35:58.0515 3012 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

22:35:58.0578 3012 E100B - ok

22:35:58.0609 3012 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll

22:35:58.0750 3012 ERSvc - ok

22:35:58.0781 3012 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe

22:35:58.0890 3012 Eventlog - ok

22:35:58.0937 3012 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll

22:35:58.0984 3012 EventSystem - ok

22:35:59.0015 3012 fanio (0dd24dabb0b8c4ac0d8f2ebf0492276a) C:\WINDOWS\system32\drivers\fanio.sys

22:35:59.0062 3012 fanio ( UnsignedFile.Multi.Generic ) - warning

22:35:59.0062 3012 fanio - detected UnsignedFile.Multi.Generic (1)

22:35:59.0171 3012 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

22:35:59.0312 3012 Fastfat - ok

22:35:59.0390 3012 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

22:35:59.0875 3012 FastUserSwitchingCompatibility - ok

22:35:59.0890 3012 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

22:36:00.0062 3012 Fdc - ok

22:36:00.0109 3012 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

22:36:00.0265 3012 Fips - ok

22:36:00.0406 3012 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

22:36:00.0500 3012 FLEXnet Licensing Service - ok

22:36:00.0515 3012 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

22:36:00.0640 3012 Flpydisk - ok

22:36:00.0687 3012 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

22:36:01.0156 3012 FltMgr - ok

22:36:01.0281 3012 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:36:01.0296 3012 FontCache3.0.0.0 - ok

22:36:01.0343 3012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:36:01.0500 3012 Fs_Rec - ok

22:36:01.0515 3012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:36:01.0656 3012 Ftdisk - ok

22:36:01.0671 3012 GEARAspiWDM - ok

22:36:01.0718 3012 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

22:36:01.0734 3012 giveio ( UnsignedFile.Multi.Generic ) - warning

22:36:01.0734 3012 giveio - detected UnsignedFile.Multi.Generic (1)

22:36:01.0765 3012 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:36:01.0937 3012 Gpc - ok

22:36:02.0031 3012 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

22:36:02.0093 3012 gupdate - ok

22:36:02.0109 3012 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

22:36:02.0109 3012 gupdatem - ok

22:36:02.0187 3012 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:36:02.0328 3012 helpsvc - ok

22:36:02.0359 3012 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll

22:36:02.0515 3012 HidServ - ok

22:36:02.0531 3012 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:36:02.0671 3012 hidusb - ok

22:36:02.0750 3012 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

22:36:02.0843 3012 HP Port Resolver - ok

22:36:02.0875 3012 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

22:36:02.0953 3012 HP Status Server - ok

22:36:02.0968 3012 hpn - ok

22:36:03.0000 3012 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

22:36:03.0109 3012 HPZid412 - ok

22:36:03.0125 3012 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

22:36:03.0218 3012 HPZipr12 - ok

22:36:03.0296 3012 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

22:36:03.0343 3012 HPZius12 - ok

22:36:03.0390 3012 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

22:36:03.0453 3012 HTTP - ok

22:36:03.0468 3012 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll

22:36:03.0640 3012 HTTPFilter - ok

22:36:03.0656 3012 i2omgmt - ok

22:36:03.0656 3012 i2omp - ok

22:36:03.0703 3012 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:36:03.0859 3012 i8042prt - ok

22:36:03.0968 3012 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

22:36:03.0984 3012 IDriverT ( UnsignedFile.Multi.Generic ) - warning

22:36:03.0984 3012 IDriverT - detected UnsignedFile.Multi.Generic (1)

22:36:04.0046 3012 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:36:04.0125 3012 idsvc - ok

22:36:04.0156 3012 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:36:04.0312 3012 Imapi - ok

22:36:04.0343 3012 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe

22:36:04.0500 3012 ImapiService - ok

22:36:04.0515 3012 ini910u - ok

22:36:04.0562 3012 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

22:36:04.0703 3012 IntelIde - ok

22:36:04.0734 3012 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:36:04.0890 3012 intelppm - ok

22:36:04.0906 3012 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

22:36:05.0046 3012 Ip6Fw - ok

22:36:05.0078 3012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:36:05.0250 3012 IpFilterDriver - ok

22:36:05.0281 3012 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:36:05.0421 3012 IpInIp - ok

22:36:05.0468 3012 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:36:05.0890 3012 IpNat - ok

22:36:05.0937 3012 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:36:06.0093 3012 IPSec - ok

22:36:06.0125 3012 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:36:06.0218 3012 IRENUM - ok

22:36:06.0265 3012 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:36:06.0390 3012 isapnp - ok

22:36:06.0562 3012 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe

22:36:06.0593 3012 JavaQuickStarterService - ok

22:36:06.0656 3012 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:36:06.0812 3012 Kbdclass - ok

22:36:06.0859 3012 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:36:06.0984 3012 kbdhid - ok

22:36:07.0031 3012 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

22:36:07.0562 3012 kmixer - ok

22:36:07.0609 3012 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

22:36:07.0703 3012 KSecDD - ok

22:36:07.0750 3012 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll

22:36:08.0250 3012 lanmanserver - ok

22:36:08.0281 3012 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll

22:36:08.0390 3012 lanmanworkstation - ok

22:36:08.0390 3012 lbrtfdc - ok

22:36:08.0437 3012 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll

22:36:08.0593 3012 LmHosts - ok

22:36:08.0656 3012 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

22:36:24.0015 3012 MBAMSwissArmy - ok

22:36:24.0046 3012 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll

22:36:24.0265 3012 Messenger - ok

22:36:24.0296 3012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:36:24.0437 3012 mnmdd - ok

22:36:24.0484 3012 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe

22:36:24.0625 3012 mnmsrvc - ok

22:36:24.0640 3012 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

22:36:24.0796 3012 Modem - ok

22:36:24.0812 3012 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:36:24.0937 3012 Mouclass - ok

22:36:24.0953 3012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:36:25.0078 3012 mouhid - ok

22:36:25.0125 3012 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

22:36:25.0281 3012 MountMgr - ok

22:36:25.0390 3012 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

22:36:25.0406 3012 MozillaMaintenance - ok

22:36:25.0406 3012 mraid35x - ok

22:36:25.0437 3012 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:36:25.0890 3012 MRxDAV - ok

22:36:25.0937 3012 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:36:26.0015 3012 MRxSmb - ok

22:36:26.0062 3012 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe

22:36:26.0250 3012 MSDTC - ok

22:36:26.0250 3012 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

22:36:26.0406 3012 Msfs - ok

22:36:26.0421 3012 MSIServer - ok

22:36:26.0437 3012 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:36:26.0578 3012 MSKSSRV - ok

22:36:26.0593 3012 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:36:26.0718 3012 MSPCLOCK - ok

22:36:26.0734 3012 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

22:36:26.0875 3012 MSPQM - ok

22:36:26.0890 3012 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:36:27.0031 3012 mssmbios - ok

22:36:27.0031 3012 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

22:36:27.0234 3012 Mup - ok

22:36:27.0265 3012 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

22:36:27.0406 3012 NDIS - ok

22:36:27.0453 3012 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:36:27.0562 3012 NdisTapi - ok

22:36:27.0609 3012 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:36:27.0734 3012 Ndisuio - ok

22:36:27.0765 3012 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:36:27.0906 3012 NdisWan - ok

22:36:27.0921 3012 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

22:36:28.0625 3012 NDProxy - ok

22:36:28.0640 3012 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:36:28.0796 3012 NetBIOS - ok

22:36:28.0812 3012 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:36:28.0968 3012 NetBT - ok

22:36:29.0000 3012 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

22:36:29.0187 3012 NetDDE - ok

22:36:29.0187 3012 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

22:36:29.0328 3012 NetDDEdsdm - ok

22:36:29.0359 3012 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:36:29.0515 3012 Netlogon - ok

22:36:29.0562 3012 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll

22:36:30.0062 3012 Netman - ok

22:36:30.0171 3012 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:36:30.0203 3012 NetTcpPortSharing - ok

22:36:30.0265 3012 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll

22:36:30.0343 3012 Nla - ok

22:36:30.0421 3012 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

22:36:30.0562 3012 Npfs - ok

22:36:30.0640 3012 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

22:36:31.0203 3012 Ntfs - ok

22:36:31.0218 3012 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:36:31.0343 3012 NtLmSsp - ok

22:36:31.0406 3012 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll

22:36:31.0562 3012 NtmsSvc - ok

22:36:31.0593 3012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:36:31.0734 3012 Null - ok

22:36:31.0750 3012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:36:31.0890 3012 NwlnkFlt - ok

22:36:31.0906 3012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:36:32.0031 3012 NwlnkFwd - ok

22:36:32.0062 3012 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

22:36:32.0078 3012 OMCI ( UnsignedFile.Multi.Generic ) - warning

22:36:32.0078 3012 OMCI - detected UnsignedFile.Multi.Generic (1)

22:36:32.0109 3012 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

22:36:32.0187 3012 ossrv - ok

22:36:32.0281 3012 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys

22:36:32.0406 3012 P17 - ok

22:36:32.0468 3012 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

22:36:32.0593 3012 Parport - ok

22:36:32.0640 3012 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

22:36:32.0765 3012 PartMgr - ok

22:36:32.0796 3012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

22:36:32.0937 3012 ParVdm - ok

22:36:32.0953 3012 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

22:36:33.0078 3012 PCI - ok

22:36:33.0109 3012 PCIDump - ok

22:36:33.0109 3012 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

22:36:33.0312 3012 PCIIde - ok

22:36:33.0359 3012 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:36:33.0500 3012 Pcmcia - ok

22:36:33.0500 3012 PDCOMP - ok

22:36:33.0515 3012 PDFRAME - ok

22:36:33.0515 3012 PDRELI - ok

22:36:33.0515 3012 PDRFRAME - ok

22:36:33.0531 3012 perc2 - ok

22:36:33.0531 3012 perc2hib - ok

22:36:33.0578 3012 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe

22:36:33.0640 3012 PlugPlay - ok

22:36:33.0640 3012 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:36:33.0781 3012 PolicyAgent - ok

22:36:33.0796 3012 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:36:33.0968 3012 PptpMiniport - ok

22:36:33.0968 3012 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:36:34.0109 3012 ProtectedStorage - ok

22:36:34.0125 3012 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

22:36:34.0328 3012 PSched - ok

22:36:34.0359 3012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:36:34.0500 3012 Ptilink - ok

22:36:34.0546 3012 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:36:34.0578 3012 PxHelp20 - ok

22:36:34.0578 3012 ql1080 - ok

22:36:34.0593 3012 Ql10wnt - ok

22:36:34.0593 3012 ql12160 - ok

22:36:34.0593 3012 ql1240 - ok

22:36:34.0609 3012 ql1280 - ok

22:36:34.0625 3012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:36:34.0765 3012 RasAcd - ok

22:36:34.0796 3012 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll

22:36:34.0953 3012 RasAuto - ok

22:36:35.0000 3012 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:36:35.0140 3012 Rasl2tp - ok

22:36:35.0234 3012 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll

22:36:35.0703 3012 RasMan - ok

22:36:35.0734 3012 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:36:35.0859 3012 RasPppoe - ok

22:36:35.0859 3012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:36:36.0000 3012 Raspti - ok

22:36:36.0031 3012 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:36:36.0593 3012 Rdbss - ok

22:36:36.0609 3012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:36:36.0750 3012 RDPCDD - ok

22:36:36.0765 3012 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

22:36:37.0281 3012 RDPWD - ok

22:36:37.0312 3012 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe

22:36:37.0484 3012 RDSessMgr - ok

22:36:37.0531 3012 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:36:37.0671 3012 redbook - ok

22:36:37.0718 3012 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll

22:36:37.0859 3012 RemoteAccess - ok

22:36:37.0875 3012 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe

22:36:38.0015 3012 RpcLocator - ok

22:36:38.0078 3012 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll

22:36:38.0140 3012 RpcSs - ok

22:36:38.0187 3012 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

22:36:38.0390 3012 RSVP - ok

22:36:38.0468 3012 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:36:38.0593 3012 SamSs - ok

22:36:38.0593 3012 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe

22:36:38.0718 3012 SCardSvr - ok

22:36:38.0765 3012 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

22:36:38.0796 3012 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

22:36:38.0796 3012 SCDEmu - detected UnsignedFile.Multi.Generic (1)

22:36:38.0828 3012 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll

22:36:38.0984 3012 Schedule - ok

22:36:39.0015 3012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:36:39.0546 3012 Secdrv - ok

22:36:39.0593 3012 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll

22:36:39.0703 3012 seclogon - ok

22:36:39.0765 3012 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

22:36:39.0828 3012 senfilt ( UnsignedFile.Multi.Generic ) - warning

22:36:39.0828 3012 senfilt - detected UnsignedFile.Multi.Generic (1)

22:36:39.0859 3012 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll

22:36:39.0984 3012 SENS - ok

22:36:40.0031 3012 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

22:36:40.0187 3012 serenum - ok

22:36:40.0281 3012 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

22:36:40.0437 3012 Serial - ok

22:36:40.0468 3012 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:36:40.0578 3012 Sfloppy - ok

22:36:40.0625 3012 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll

22:36:40.0765 3012 SharedAccess - ok

22:36:40.0812 3012 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

22:36:41.0343 3012 ShellHWDetection - ok

22:36:41.0359 3012 Simbad - ok

22:36:41.0421 3012 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

22:36:41.0437 3012 smwdm ( UnsignedFile.Multi.Generic ) - warning

22:36:41.0437 3012 smwdm - detected UnsignedFile.Multi.Generic (1)

22:36:41.0437 3012 Sparrow - ok

22:36:41.0515 3012 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys

22:36:41.0531 3012 speedfan - ok

22:36:41.0578 3012 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

22:36:42.0031 3012 splitter - ok

22:36:42.0062 3012 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe

22:36:42.0625 3012 Spooler - ok

22:36:42.0640 3012 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

22:36:42.0718 3012 sr - ok

22:36:42.0750 3012 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll

22:36:42.0828 3012 srservice - ok

22:36:42.0890 3012 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

22:36:42.0953 3012 Srv - ok

22:36:42.0984 3012 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

22:36:43.0000 3012 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

22:36:43.0000 3012 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

22:36:43.0015 3012 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll

22:36:43.0125 3012 SSDPSRV - ok

22:36:43.0125 3012 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

22:36:43.0156 3012 ssrtln ( UnsignedFile.Multi.Generic ) - warning

22:36:43.0156 3012 ssrtln - detected UnsignedFile.Multi.Generic (1)

22:36:43.0187 3012 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll

22:36:43.0734 3012 stisvc - ok

22:36:43.0781 3012 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:36:43.0906 3012 swenum - ok

22:36:43.0968 3012 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

22:36:44.0093 3012 swmidi - ok

22:36:44.0093 3012 SwPrv - ok

22:36:44.0093 3012 symc810 - ok

22:36:44.0109 3012 symc8xx - ok

22:36:44.0109 3012 sym_hi - ok

22:36:44.0109 3012 sym_u3 - ok

22:36:44.0125 3012 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

22:36:44.0281 3012 sysaudio - ok

22:36:44.0312 3012 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe

22:36:44.0453 3012 SysmonLog - ok

22:36:44.0484 3012 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll

22:36:45.0000 3012 TapiSrv - ok

22:36:45.0046 3012 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:36:45.0125 3012 Tcpip - ok

22:36:45.0140 3012 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:36:45.0281 3012 TDPIPE - ok

22:36:45.0296 3012 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

22:36:45.0421 3012 TDTCP - ok

22:36:45.0468 3012 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:36:45.0609 3012 TermDD - ok

22:36:45.0656 3012 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll

22:36:45.0812 3012 TermService - ok

22:36:45.0843 3012 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys

22:36:45.0859 3012 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

22:36:45.0859 3012 tfsnboio - detected UnsignedFile.Multi.Generic (1)

22:36:45.0875 3012 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys

22:36:45.0875 3012 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

22:36:45.0875 3012 tfsncofs - detected UnsignedFile.Multi.Generic (1)

22:36:45.0921 3012 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys

22:36:45.0937 3012 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

22:36:45.0937 3012 tfsndrct - detected UnsignedFile.Multi.Generic (1)

22:36:45.0953 3012 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys

22:36:45.0953 3012 tfsndres ( UnsignedFile.Multi.Generic ) - warning

22:36:45.0953 3012 tfsndres - detected UnsignedFile.Multi.Generic (1)

22:36:45.0968 3012 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys

22:36:46.0000 3012 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

22:36:46.0000 3012 tfsnifs - detected UnsignedFile.Multi.Generic (1)

22:36:46.0015 3012 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys

22:36:46.0046 3012 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

22:36:46.0046 3012 tfsnopio - detected UnsignedFile.Multi.Generic (1)

22:36:46.0046 3012 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys

22:36:46.0062 3012 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

22:36:46.0062 3012 tfsnpool - detected UnsignedFile.Multi.Generic (1)

22:36:46.0078 3012 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys

22:36:46.0109 3012 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

22:36:46.0109 3012 tfsnudf - detected UnsignedFile.Multi.Generic (1)

22:36:46.0125 3012 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys

22:36:46.0125 3012 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

22:36:46.0125 3012 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

22:36:46.0171 3012 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

22:36:46.0734 3012 Themes - ok

22:36:46.0750 3012 TosIde - ok

22:36:46.0812 3012 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll

22:36:47.0000 3012 TrkWks - ok

22:36:47.0046 3012 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

22:36:47.0187 3012 Udfs - ok

22:36:47.0187 3012 ultra - ok

22:36:47.0234 3012 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

22:36:47.0765 3012 Update - ok

22:36:47.0812 3012 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll

22:36:48.0312 3012 upnphost - ok

22:36:48.0328 3012 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe

22:36:48.0468 3012 UPS - ok

22:36:48.0484 3012 USBAAPL - ok

22:36:48.0531 3012 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

22:36:48.0671 3012 usbaudio - ok

22:36:48.0812 3012 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:36:48.0937 3012 usbccgp - ok

22:36:48.0984 3012 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:36:49.0171 3012 usbehci - ok

22:36:49.0250 3012 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:36:49.0406 3012 usbhub - ok

22:36:49.0468 3012 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:36:49.0609 3012 usbprint - ok

22:36:49.0671 3012 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:36:49.0796 3012 usbscan - ok

22:36:49.0828 3012 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:36:49.0968 3012 USBSTOR - ok

22:36:50.0000 3012 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:36:50.0140 3012 usbuhci - ok

22:36:50.0234 3012 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe

22:36:50.0250 3012 usnjsvc - ok

22:36:50.0281 3012 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

22:36:50.0406 3012 VgaSave - ok

22:36:50.0406 3012 ViaIde - ok

22:36:50.0453 3012 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe

22:36:50.0453 3012 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning

22:36:50.0453 3012 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)

22:36:50.0500 3012 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

22:36:50.0625 3012 VolSnap - ok

22:36:50.0687 3012 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe

22:36:50.0796 3012 VSS - ok

22:36:50.0859 3012 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll

22:36:51.0015 3012 W32Time - ok

22:36:51.0031 3012 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:36:51.0187 3012 Wanarp - ok

22:36:51.0187 3012 WDICA - ok

22:36:51.0234 3012 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

22:36:51.0734 3012 wdmaud - ok

22:36:51.0765 3012 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll

22:36:52.0265 3012 WebClient - ok

22:36:52.0343 3012 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll

22:36:52.0484 3012 winmgmt - ok

22:36:52.0531 3012 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe

22:36:52.0562 3012 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning

22:36:52.0562 3012 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)

22:36:52.0593 3012 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\system32\mspmsnsv.dll

22:36:52.0734 3012 WmdmPmSN - ok

22:36:52.0796 3012 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:36:52.0984 3012 WmiApSrv - ok

22:36:53.0000 3012 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

22:36:53.0156 3012 WS2IFSL - ok

22:36:53.0187 3012 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll

22:36:53.0328 3012 wscsvc - ok

22:36:53.0375 3012 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll

22:36:53.0546 3012 WZCSVC - ok

22:36:53.0578 3012 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll

22:36:53.0734 3012 xmlprov - ok

22:36:53.0765 3012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:36:54.0218 3012 \Device\Harddisk0\DR0 - ok

22:36:54.0250 3012 Boot (0x1200) (458025f5e728ba8a94961948e6b94ff8) \Device\Harddisk0\DR0\Partition0

22:36:54.0250 3012 \Device\Harddisk0\DR0\Partition0 - ok

22:36:54.0250 3012 ============================================================

22:36:54.0250 3012 Scan finished

22:36:54.0250 3012 ============================================================

22:36:54.0375 3324 Detected object count: 25

22:36:54.0375 3324 Actual detected object count: 25

22:37:18.0718 3324 C:\WINDOWS\system32\DRIVERS\atapi.sys - copied to quarantine

22:37:18.0781 3324 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\atapi.sys) error 1813

22:37:19.0328 3324 Backup copy found, using it..

22:37:19.0359 3324 C:\WINDOWS\system32\DRIVERS\atapi.sys - will be cured on reboot

22:37:19.0359 3324 atapi ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure

22:37:19.0359 3324 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0359 3324 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0359 3324 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0359 3324 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0359 3324 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0359 3324 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0375 3324 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0375 3324 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0375 3324 fanio ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0375 3324 fanio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0375 3324 giveio ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0375 3324 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0375 3324 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0375 3324 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0390 3324 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0390 3324 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0390 3324 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0390 3324 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0390 3324 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0390 3324 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0390 3324 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0390 3324 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0390 3324 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0390 3324 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0390 3324 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0390 3324 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0406 3324 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0406 3324 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0406 3324 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0406 3324 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0406 3324 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0406 3324 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0406 3324 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0406 3324 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0406 3324 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0406 3324 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0406 3324 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0406 3324 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0406 3324 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0406 3324 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0421 3324 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0421 3324 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0421 3324 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0421 3324 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0421 3324 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0421 3324 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:19.0421 3324 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:19.0421 3324 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:37:47.0046 3944 Deinitialize success

[MrCharlie]

Next......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[bakan]

File was in C:\ComboFix\ComboFix.txt

This is all I got:

ComboFix 12-07-25.04 - Erikkita 07/24/2012 11:23:34.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.232 [GMT -4:00]

Running from: C:\Documents and Settings\Erikkita\Desktop\ComboFix.exe

[MrCharlie]

That's not it.....Go to Start > Run > copy and paste this in > "C:\ComboFix.txt" > hit OK

That should bring up the log, MrC

[bakan]

It says windows cannot find the file...

I did get a blue screen error when the computer tried to reboot first time, not sure if that matters..

[MrCharlie]

Delete your copy of ComboFix and download a fresh one to your desktop

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[bakan]

OK here it is...

ComboFix 12-07-25.04 - Erikkita 07/24/2012 13:03:05.2.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.380 [GMT -4:00]

Running from: c:\documents and settings\Erikkita\Desktop\ComboFix.exe

Command switches used :: /nombr

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Erikkita\Local Settings\Application Data\{B512A3C8-6934-405E-86F0-8A8166671E7E}

c:\documents and settings\Erikkita\Local Settings\Application Data\{B512A3C8-6934-405E-86F0-8A8166671E7E}\chrome.manifest

c:\documents and settings\Erikkita\Local Settings\Application Data\{B512A3C8-6934-405E-86F0-8A8166671E7E}\chrome\content\_cfg.js

c:\documents and settings\Erikkita\Local Settings\Application Data\{B512A3C8-6934-405E-86F0-8A8166671E7E}\chrome\content\overlay.xul

c:\documents and settings\Erikkita\Local Settings\Application Data\{B512A3C8-6934-405E-86F0-8A8166671E7E}\install.rdf

c:\windows\settings.reg

.

---- Previous Run -------

.

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd1fc0d24.~lk\0.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd1fc0d24.~lk\1.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd1fc0d24.~lk\2.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd1fc0d24.~lk\3.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd1fc0d24.~lk\4.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd1fc0d24.~lk\5.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd20004.~lk\0.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd20004.~lk\1.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd20004.~lk\2.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd20004.~lk\3.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd20004.~lk\4.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd20004.~lk\5.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd3007c.~lk\0.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd3007c.~lk\1.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd3007c.~lk\2.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd3007c.~lk\3.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd3007c.~lk\4.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd3007c.~lk\5.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4005a8.~lk\0.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4005a8.~lk\1.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4005a8.~lk\2.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4005a8.~lk\3.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4005a8.~lk\4.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4005a8.~lk\5.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4a0078.~lk\0.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4a0078.~lk\1.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4a0078.~lk\2.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4a0078.~lk\3.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4a0078.~lk\4.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd4a0078.~lk\5.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd5202b4.~lk\0.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd5202b4.~lk\1.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd5202b4.~lk\2.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd5202b4.~lk\3.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd5202b4.~lk\4.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd5202b4.~lk\5.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd7e09e0.~lk\0.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd7e09e0.~lk\1.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd7e09e0.~lk\2.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd7e09e0.~lk\3.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd7e09e0.~lk\4.mdd

c:\docume~1\Erikkita\LOCALS~1\Temp\wrd7e09e0.~lk\5.mdd

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\17781.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\450.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\8193.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\9514.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Erikkita\Application Data\PriceGong\Data\z.txt

c:\documents and settings\Erikkita\Local Settings\Temp\wrd1fc0d24.~lk\0.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd1fc0d24.~lk\1.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd1fc0d24.~lk\2.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd1fc0d24.~lk\3.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd1fc0d24.~lk\4.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd1fc0d24.~lk\5.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd20004.~lk\0.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd20004.~lk\1.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd20004.~lk\2.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd20004.~lk\3.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd20004.~lk\4.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd20004.~lk\5.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd3007c.~lk\0.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd3007c.~lk\1.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd3007c.~lk\2.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd3007c.~lk\3.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd3007c.~lk\4.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd3007c.~lk\5.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4005a8.~lk\0.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4005a8.~lk\1.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4005a8.~lk\2.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4005a8.~lk\3.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4005a8.~lk\4.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4005a8.~lk\5.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4a0078.~lk\0.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4a0078.~lk\1.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4a0078.~lk\2.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4a0078.~lk\3.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4a0078.~lk\4.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd4a0078.~lk\5.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd5202b4.~lk\0.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd5202b4.~lk\1.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd5202b4.~lk\2.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd5202b4.~lk\3.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd5202b4.~lk\4.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd5202b4.~lk\5.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd7e09e0.~lk\0.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd7e09e0.~lk\1.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd7e09e0.~lk\2.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd7e09e0.~lk\3.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd7e09e0.~lk\4.mdd

c:\documents and settings\Erikkita\Local Settings\Temp\wrd7e09e0.~lk\5.mdd

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))

.

.

2012-07-24 16:54 . 2012-07-24 16:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-07-24 16:49 . 2012-07-24 16:49 -------- d-----w- C:\found.000

2012-07-24 14:19 . 2012-07-24 14:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2012-07-24 02:37 . 2012-07-24 02:37 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-27 15:51 . 2012-07-21 20:48 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-27 15:51 . 2012-07-20 20:14 68576 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-06-27 15:51 . 2012-07-20 20:14 573920 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-06-27 15:51 . 2012-07-20 20:14 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-27 15:51 . 2012-07-20 20:14 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-06-27 15:51 . 2012-06-27 15:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-27 15:51 . 2012-06-27 15:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-24 02:38 . 2004-08-12 13:55 95360 ----a-w- c:\windows\system32\drivers\atapi.sys

2012-07-23 08:53 . 2011-05-08 02:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-03 17:46 . 2011-05-08 02:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2006-11-30 22:06 . 2006-11-30 22:06 774144 ----a-w- c:\program files\RngInterstitial.dll

2012-07-20 20:14 . 2011-04-17 03:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]

"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"P17Helper"="P17.dll" [2005-05-04 64512]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-11-22 53248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2004-08-23 22:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2004-01-07 05:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

.

S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [5/14/2012 4:35 PM 14464]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2011 5:13 AM 135664]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 5:34 PM 24652]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2011 5:13 AM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/7/2011 10:13 PM 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/27/2012 11:51 AM 113120]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PXHELP20

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 09:13]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 09:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Erikkita\Application Data\Mozilla\Firefox\Profiles\le4gir5h.default\

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-Fax Machine - (no file)

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-24 13:21

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\02\05\03\17\03\08?"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion*Xcevowelij]

"Csoki"=hex:41,01,37,03,42,05,3f,07,3b,09,49,0b,3b,0d,3a,0f,24,11,56,13,24,15,

53,17,2c,19,5e,1b,5a,1d,2b,1f,62,21,64,23,13,25,62,27,11,29,6e,2b,1f,2d,1a,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(204)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(264)

c:\windows\system32\WININET.dll

.

Completion time: 2012-07-24 13:27:30

ComboFix-quarantined-files.txt 2012-07-24 17:27

.

Pre-Run: 71,790,391,296 bytes free

Post-Run: 72,010,768,384 bytes free

.

- - End Of File - - 55D77EDEA442D60586AA61027BB7AEBC

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[bakan]

Search results on google are still being redirected to ad sites and google toolbar isn't working..

[MrCharlie]

Were's the log from Malwarebytes?? MrC

[bakan]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.07

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

Erikkita :: ERIKA [administrator]

7/24/2012 8:37:08 PM

mbam-log-2012-07-24 (20-37-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208226

Time elapsed: 12 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Please delete your copy of TDSSKiller and download a new one and run it as before, post the log, MrC

[bakan]

21:00:55.0812 3132 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

21:00:56.0187 3132 ============================================================

21:00:56.0187 3132 Current date / time: 2012/07/24 21:00:56.0187

21:00:56.0187 3132 SystemInfo:

21:00:56.0187 3132

21:00:56.0187 3132 OS Version: 5.1.2600 ServicePack: 2.0

21:00:56.0187 3132 Product type: Workstation

21:00:56.0187 3132 ComputerName: ERIKA

21:00:56.0187 3132 UserName: Erikkita

21:00:56.0187 3132 Windows directory: C:\WINDOWS

21:00:56.0187 3132 System windows directory: C:\WINDOWS

21:00:56.0187 3132 Processor architecture: Intel x86

21:00:56.0187 3132 Number of processors: 2

21:00:56.0187 3132 Page size: 0x1000

21:00:56.0187 3132 Boot type: Normal boot

21:00:56.0187 3132 ============================================================

21:00:59.0984 3132 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:01:00.0015 3132 ============================================================

21:01:00.0015 3132 \Device\Harddisk0\DR0:

21:01:00.0031 3132 MBR partitions:

21:01:00.0031 3132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x122E15AA

21:01:00.0031 3132 ============================================================

21:01:00.0078 3132 C: <-> \Device\Harddisk0\DR0\Partition0

21:01:00.0078 3132 ============================================================

21:01:00.0078 3132 Initialize success

21:01:00.0078 3132 ============================================================

21:01:29.0859 4092 ============================================================

21:01:29.0859 4092 Scan started

21:01:29.0859 4092 Mode: Manual; SigCheck; TDLFS;

21:01:29.0859 4092 ============================================================

21:01:30.0093 4092 Abiosdsk - ok

21:01:30.0093 4092 abp480n5 - ok

21:01:30.0140 4092 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:01:32.0687 4092 ACPI - ok

21:01:32.0734 4092 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:01:32.0921 4092 ACPIEC - ok

21:01:32.0921 4092 adpu160m - ok

21:01:32.0968 4092 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

21:01:33.0468 4092 aec - ok

21:01:33.0515 4092 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

21:01:33.0562 4092 AFD - ok

21:01:33.0578 4092 Aha154x - ok

21:01:33.0578 4092 aic78u2 - ok

21:01:33.0578 4092 aic78xx - ok

21:01:33.0625 4092 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll

21:01:33.0781 4092 Alerter - ok

21:01:33.0812 4092 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe

21:01:33.0921 4092 ALG - ok

21:01:33.0921 4092 AliIde - ok

21:01:33.0921 4092 amsint - ok

21:01:33.0937 4092 AppMgmt - ok

21:01:33.0937 4092 asc - ok

21:01:33.0953 4092 asc3350p - ok

21:01:33.0953 4092 asc3550 - ok

21:01:34.0062 4092 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:01:34.0140 4092 aspnet_state - ok

21:01:34.0156 4092 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:01:34.0312 4092 AsyncMac - ok

21:01:34.0343 4092 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:01:34.0500 4092 atapi - ok

21:01:34.0500 4092 Atdisk - ok

21:01:34.0562 4092 Ati HotKey Poller (4deaa162480367b232f3ee3a6d34084b) C:\WINDOWS\system32\Ati2evxx.exe

21:01:34.0625 4092 Ati HotKey Poller - ok

21:01:34.0687 4092 ATI Smart (2bdd1d3403827cd1af973a9cfad4edc7) C:\WINDOWS\system32\ati2sgag.exe

21:01:34.0765 4092 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

21:01:34.0765 4092 ATI Smart - detected UnsignedFile.Multi.Generic (1)

21:01:34.0828 4092 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

21:01:34.0921 4092 ati2mtag - ok

21:01:34.0921 4092 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:01:35.0093 4092 Atmarpc - ok

21:01:35.0140 4092 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll

21:01:35.0296 4092 AudioSrv - ok

21:01:35.0328 4092 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:01:35.0500 4092 audstub - ok

21:01:35.0531 4092 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:01:35.0687 4092 Beep - ok

21:01:35.0750 4092 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll

21:01:35.0968 4092 BITS - ok

21:01:35.0984 4092 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll

21:01:36.0156 4092 Browser - ok

21:01:36.0265 4092 catchme - ok

21:01:36.0312 4092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:01:36.0453 4092 cbidf2k - ok

21:01:36.0468 4092 cd20xrnt - ok

21:01:36.0484 4092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:01:36.0640 4092 Cdaudio - ok

21:01:36.0671 4092 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

21:01:36.0843 4092 Cdfs - ok

21:01:36.0843 4092 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:01:36.0984 4092 Cdrom - ok

21:01:37.0000 4092 Changer - ok

21:01:37.0015 4092 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe

21:01:37.0156 4092 CiSvc - ok

21:01:37.0171 4092 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe

21:01:37.0343 4092 ClipSrv - ok

21:01:37.0421 4092 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:01:37.0531 4092 clr_optimization_v2.0.50727_32 - ok

21:01:37.0546 4092 CmdIde - ok

21:01:37.0546 4092 COMSysApp - ok

21:01:37.0562 4092 Cpqarray - ok

21:01:37.0609 4092 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE

21:01:37.0640 4092 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

21:01:37.0640 4092 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

21:01:37.0656 4092 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll

21:01:37.0812 4092 CryptSvc - ok

21:01:37.0859 4092 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

21:01:37.0921 4092 ctsfm2k - ok

21:01:37.0921 4092 dac2w2k - ok

21:01:37.0937 4092 dac960nt - ok

21:01:37.0984 4092 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll

21:01:38.0093 4092 DcomLaunch - ok

21:01:38.0125 4092 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll

21:01:38.0578 4092 Dhcp - ok

21:01:38.0625 4092 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

21:01:38.0781 4092 Disk - ok

21:01:38.0781 4092 dmadmin - ok

21:01:38.0843 4092 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

21:01:39.0015 4092 dmboot - ok

21:01:39.0031 4092 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

21:01:39.0187 4092 dmio - ok

21:01:39.0203 4092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:01:39.0390 4092 dmload - ok

21:01:39.0421 4092 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll

21:01:39.0593 4092 dmserver - ok

21:01:39.0625 4092 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

21:01:39.0812 4092 DMusic - ok

21:01:39.0843 4092 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll

21:01:40.0343 4092 Dnscache - ok

21:01:40.0343 4092 dpti2o - ok

21:01:40.0359 4092 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

21:01:40.0531 4092 drmkaud - ok

21:01:40.0578 4092 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys

21:01:40.0593 4092 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

21:01:40.0593 4092 drvmcdb - detected UnsignedFile.Multi.Generic (1)

21:01:40.0609 4092 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys

21:01:40.0609 4092 drvnddm ( UnsignedFile.Multi.Generic ) - warning

21:01:40.0609 4092 drvnddm - detected UnsignedFile.Multi.Generic (1)

21:01:40.0656 4092 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

21:01:40.0718 4092 E100B - ok

21:01:40.0750 4092 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll

21:01:40.0921 4092 ERSvc - ok

21:01:40.0953 4092 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe

21:01:41.0031 4092 Eventlog - ok

21:01:41.0078 4092 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll

21:01:41.0140 4092 EventSystem - ok

21:01:41.0171 4092 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

21:01:41.0328 4092 Fastfat - ok

21:01:41.0359 4092 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

21:01:41.0859 4092 FastUserSwitchingCompatibility - ok

21:01:41.0875 4092 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

21:01:42.0031 4092 Fdc - ok

21:01:42.0062 4092 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

21:01:42.0218 4092 Fips - ok

21:01:42.0328 4092 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:01:42.0421 4092 FLEXnet Licensing Service - ok

21:01:42.0437 4092 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:01:42.0578 4092 Flpydisk - ok

21:01:42.0609 4092 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

21:01:43.0093 4092 FltMgr - ok

21:01:43.0187 4092 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:01:43.0203 4092 FontCache3.0.0.0 - ok

21:01:43.0218 4092 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:01:43.0375 4092 Fs_Rec - ok

21:01:43.0406 4092 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:01:43.0562 4092 Ftdisk - ok

21:01:43.0562 4092 GEARAspiWDM - ok

21:01:43.0593 4092 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:01:43.0734 4092 Gpc - ok

21:01:43.0812 4092 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

21:01:43.0828 4092 gupdate - ok

21:01:43.0843 4092 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

21:01:43.0843 4092 gupdatem - ok

21:01:43.0906 4092 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:01:44.0046 4092 helpsvc - ok

21:01:44.0093 4092 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll

21:01:44.0250 4092 HidServ - ok

21:01:44.0281 4092 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:01:44.0421 4092 hidusb - ok

21:01:44.0500 4092 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

21:01:44.0593 4092 HP Port Resolver - ok

21:01:44.0625 4092 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

21:01:44.0703 4092 HP Status Server - ok

21:01:44.0718 4092 hpn - ok

21:01:44.0750 4092 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:01:44.0843 4092 HPZid412 - ok

21:01:44.0843 4092 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

21:01:44.0906 4092 HPZipr12 - ok

21:01:44.0906 4092 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:01:44.0937 4092 HPZius12 - ok

21:01:44.0984 4092 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

21:01:45.0046 4092 HTTP - ok

21:01:45.0078 4092 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll

21:01:45.0234 4092 HTTPFilter - ok

21:01:45.0234 4092 i2omgmt - ok

21:01:45.0250 4092 i2omp - ok

21:01:45.0296 4092 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:01:45.0453 4092 i8042prt - ok

21:01:45.0562 4092 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

21:01:45.0578 4092 IDriverT ( UnsignedFile.Multi.Generic ) - warning

21:01:45.0578 4092 IDriverT - detected UnsignedFile.Multi.Generic (1)

21:01:45.0640 4092 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:01:45.0703 4092 idsvc - ok

21:01:45.0750 4092 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:01:45.0906 4092 Imapi - ok

21:01:45.0937 4092 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe

21:01:46.0093 4092 ImapiService - ok

21:01:46.0109 4092 ini910u - ok

21:01:46.0140 4092 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:01:46.0296 4092 IntelIde - ok

21:01:46.0375 4092 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:01:46.0531 4092 intelppm - ok

21:01:46.0546 4092 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

21:01:46.0687 4092 Ip6Fw - ok

21:01:46.0718 4092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:01:46.0859 4092 IpFilterDriver - ok

21:01:46.0859 4092 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:01:47.0000 4092 IpInIp - ok

21:01:47.0046 4092 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:01:47.0500 4092 IpNat - ok

21:01:47.0546 4092 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:01:47.0718 4092 IPSec - ok

21:01:47.0718 4092 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:01:47.0812 4092 IRENUM - ok

21:01:47.0843 4092 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:01:47.0984 4092 isapnp - ok

21:01:48.0093 4092 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe

21:01:48.0171 4092 JavaQuickStarterService - ok

21:01:48.0218 4092 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:01:48.0390 4092 Kbdclass - ok

21:01:48.0421 4092 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:01:48.0562 4092 kbdhid - ok

21:01:48.0593 4092 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

21:01:49.0093 4092 kmixer - ok

21:01:49.0125 4092 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

21:01:49.0250 4092 KSecDD - ok

21:01:49.0281 4092 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll

21:01:49.0796 4092 lanmanserver - ok

21:01:49.0843 4092 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll

21:01:49.0921 4092 lanmanworkstation - ok

21:01:49.0921 4092 lbrtfdc - ok

21:01:49.0984 4092 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll

21:01:50.0187 4092 LmHosts - ok

21:01:50.0203 4092 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll

21:01:50.0359 4092 Messenger - ok

21:01:50.0406 4092 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:01:50.0578 4092 mnmdd - ok

21:01:50.0625 4092 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe

21:01:50.0765 4092 mnmsrvc - ok

21:01:50.0796 4092 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

21:01:50.0953 4092 Modem - ok

21:01:50.0984 4092 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:01:51.0125 4092 Mouclass - ok

21:01:51.0125 4092 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:01:51.0281 4092 mouhid - ok

21:01:51.0312 4092 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

21:01:51.0453 4092 MountMgr - ok

21:01:51.0500 4092 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:01:51.0578 4092 MozillaMaintenance - ok

21:01:51.0578 4092 mraid35x - ok

21:01:51.0609 4092 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:01:52.0109 4092 MRxDAV - ok

21:01:52.0156 4092 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:01:52.0250 4092 MRxSmb - ok

21:01:52.0281 4092 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe

21:01:52.0421 4092 MSDTC - ok

21:01:52.0437 4092 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

21:01:52.0578 4092 Msfs - ok

21:01:52.0593 4092 MSIServer - ok

21:01:52.0625 4092 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:01:52.0765 4092 MSKSSRV - ok

21:01:52.0781 4092 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:01:52.0921 4092 MSPCLOCK - ok

21:01:52.0937 4092 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

21:01:53.0062 4092 MSPQM - ok

21:01:53.0109 4092 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:01:53.0265 4092 mssmbios - ok

21:01:53.0265 4092 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

21:01:53.0421 4092 Mup - ok

21:01:53.0437 4092 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

21:01:53.0593 4092 NDIS - ok

21:01:53.0625 4092 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:01:53.0765 4092 NdisTapi - ok

21:01:53.0765 4092 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:01:53.0921 4092 Ndisuio - ok

21:01:53.0921 4092 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:01:54.0062 4092 NdisWan - ok

21:01:54.0078 4092 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

21:01:54.0218 4092 NDProxy - ok

21:01:54.0218 4092 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:01:54.0343 4092 NetBIOS - ok

21:01:54.0390 4092 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:01:54.0531 4092 NetBT - ok

21:01:54.0562 4092 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

21:01:54.0703 4092 NetDDE - ok

21:01:54.0718 4092 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

21:01:54.0859 4092 NetDDEdsdm - ok

21:01:54.0875 4092 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:01:55.0031 4092 Netlogon - ok

21:01:55.0078 4092 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll

21:01:55.0578 4092 Netman - ok

21:01:55.0687 4092 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:01:55.0703 4092 NetTcpPortSharing - ok

21:01:55.0734 4092 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll

21:01:55.0812 4092 Nla - ok

21:01:55.0828 4092 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

21:01:55.0968 4092 Npfs - ok

21:01:56.0031 4092 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

21:01:56.0531 4092 Ntfs - ok

21:01:56.0546 4092 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:01:56.0671 4092 NtLmSsp - ok

21:01:56.0734 4092 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll

21:01:56.0906 4092 NtmsSvc - ok

21:01:56.0937 4092 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:01:57.0078 4092 Null - ok

21:01:57.0109 4092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:01:57.0250 4092 NwlnkFlt - ok

21:01:57.0265 4092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:01:57.0390 4092 NwlnkFwd - ok

21:01:57.0437 4092 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

21:01:57.0453 4092 OMCI ( UnsignedFile.Multi.Generic ) - warning

21:01:57.0453 4092 OMCI - detected UnsignedFile.Multi.Generic (1)

21:01:57.0484 4092 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

21:01:57.0515 4092 ossrv - ok

21:01:57.0609 4092 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys

21:01:57.0718 4092 P17 - ok

21:01:57.0765 4092 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

21:01:57.0921 4092 Parport - ok

21:01:57.0953 4092 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

21:01:58.0078 4092 PartMgr - ok

21:01:58.0093 4092 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:01:58.0281 4092 ParVdm - ok

21:01:58.0375 4092 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

21:01:58.0593 4092 PCI - ok

21:01:58.0593 4092 PCIDump - ok

21:01:58.0625 4092 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

21:01:58.0765 4092 PCIIde - ok

21:01:58.0812 4092 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:01:58.0968 4092 Pcmcia - ok

21:01:58.0968 4092 PDCOMP - ok

21:01:58.0968 4092 PDFRAME - ok

21:01:58.0984 4092 PDRELI - ok

21:01:58.0984 4092 PDRFRAME - ok

21:01:59.0000 4092 perc2 - ok

21:01:59.0000 4092 perc2hib - ok

21:01:59.0062 4092 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe

21:01:59.0140 4092 PlugPlay - ok

21:01:59.0156 4092 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:01:59.0296 4092 PolicyAgent - ok

21:01:59.0312 4092 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:01:59.0468 4092 PptpMiniport - ok

21:01:59.0468 4092 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:01:59.0609 4092 ProtectedStorage - ok

21:01:59.0609 4092 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

21:01:59.0765 4092 PSched - ok

21:01:59.0781 4092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:01:59.0921 4092 Ptilink - ok

21:01:59.0968 4092 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:02:00.0328 4092 PxHelp20 - ok

21:02:00.0328 4092 ql1080 - ok

21:02:00.0343 4092 Ql10wnt - ok

21:02:00.0343 4092 ql12160 - ok

21:02:00.0359 4092 ql1240 - ok

21:02:00.0359 4092 ql1280 - ok

21:02:00.0437 4092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:02:00.0593 4092 RasAcd - ok

21:02:00.0718 4092 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll

21:02:00.0859 4092 RasAuto - ok

21:02:00.0890 4092 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:02:01.0046 4092 Rasl2tp - ok

21:02:01.0078 4092 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll

21:02:01.0609 4092 RasMan - ok

21:02:01.0625 4092 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:02:01.0781 4092 RasPppoe - ok

21:02:01.0796 4092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:02:01.0953 4092 Raspti - ok

21:02:01.0984 4092 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:02:02.0515 4092 Rdbss - ok

21:02:02.0531 4092 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:02:02.0687 4092 RDPCDD - ok

21:02:02.0718 4092 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

21:02:03.0234 4092 RDPWD - ok

21:02:03.0343 4092 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe

21:02:03.0500 4092 RDSessMgr - ok

21:02:03.0546 4092 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:02:03.0703 4092 redbook - ok

21:02:03.0734 4092 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll

21:02:03.0875 4092 RemoteAccess - ok

21:02:03.0906 4092 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe

21:02:04.0046 4092 RpcLocator - ok

21:02:04.0093 4092 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll

21:02:04.0171 4092 RpcSs - ok

21:02:04.0203 4092 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

21:02:04.0359 4092 RSVP - ok

21:02:04.0406 4092 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:02:04.0531 4092 SamSs - ok

21:02:04.0546 4092 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe

21:02:04.0687 4092 SCardSvr - ok

21:02:04.0718 4092 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

21:02:04.0750 4092 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

21:02:04.0750 4092 SCDEmu - detected UnsignedFile.Multi.Generic (1)

21:02:04.0796 4092 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll

21:02:04.0968 4092 Schedule - ok

21:02:05.0000 4092 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:02:05.0500 4092 Secdrv - ok

21:02:05.0546 4092 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll

21:02:05.0671 4092 seclogon - ok

21:02:06.0046 4092 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

21:02:06.0093 4092 senfilt ( UnsignedFile.Multi.Generic ) - warning

21:02:06.0093 4092 senfilt - detected UnsignedFile.Multi.Generic (1)

21:02:06.0093 4092 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll

21:02:06.0234 4092 SENS - ok

21:02:06.0250 4092 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:02:06.0406 4092 serenum - ok

21:02:06.0406 4092 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

21:02:06.0546 4092 Serial - ok

21:02:06.0578 4092 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:02:06.0703 4092 Sfloppy - ok

21:02:06.0750 4092 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll

21:02:06.0906 4092 SharedAccess - ok

21:02:06.0937 4092 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

21:02:07.0437 4092 ShellHWDetection - ok

21:02:07.0453 4092 Simbad - ok

21:02:07.0500 4092 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

21:02:07.0531 4092 smwdm ( UnsignedFile.Multi.Generic ) - warning

21:02:07.0531 4092 smwdm - detected UnsignedFile.Multi.Generic (1)

21:02:07.0531 4092 Sparrow - ok

21:02:07.0578 4092 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

21:02:08.0062 4092 splitter - ok

21:02:08.0109 4092 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe

21:02:08.0625 4092 Spooler - ok

21:02:08.0656 4092 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

21:02:08.0750 4092 sr - ok

21:02:08.0781 4092 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll

21:02:08.0875 4092 srservice - ok

21:02:08.0921 4092 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

21:02:08.0984 4092 Srv - ok

21:02:09.0000 4092 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

21:02:09.0015 4092 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

21:02:09.0015 4092 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

21:02:09.0062 4092 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll

21:02:09.0140 4092 SSDPSRV - ok

21:02:09.0140 4092 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

21:02:09.0156 4092 ssrtln ( UnsignedFile.Multi.Generic ) - warning

21:02:09.0156 4092 ssrtln - detected UnsignedFile.Multi.Generic (1)

21:02:09.0203 4092 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll

21:02:09.0734 4092 stisvc - ok

21:02:09.0781 4092 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:02:09.0921 4092 swenum - ok

21:02:10.0000 4092 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

21:02:10.0125 4092 swmidi - ok

21:02:10.0140 4092 SwPrv - ok

21:02:10.0140 4092 symc810 - ok

21:02:10.0156 4092 symc8xx - ok

21:02:10.0156 4092 sym_hi - ok

21:02:10.0171 4092 sym_u3 - ok

21:02:10.0171 4092 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

21:02:10.0328 4092 sysaudio - ok

21:02:10.0343 4092 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe

21:02:10.0531 4092 SysmonLog - ok

21:02:10.0578 4092 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll

21:02:11.0140 4092 TapiSrv - ok

21:02:11.0187 4092 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:02:11.0281 4092 Tcpip - ok

21:02:11.0359 4092 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:02:11.0515 4092 TDPIPE - ok

21:02:11.0515 4092 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

21:02:11.0671 4092 TDTCP - ok

21:02:11.0703 4092 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:02:11.0859 4092 TermDD - ok

21:02:11.0890 4092 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll

21:02:12.0046 4092 TermService - ok

21:02:12.0093 4092 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys

21:02:12.0109 4092 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0109 4092 tfsnboio - detected UnsignedFile.Multi.Generic (1)

21:02:12.0109 4092 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys

21:02:12.0125 4092 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0125 4092 tfsncofs - detected UnsignedFile.Multi.Generic (1)

21:02:12.0125 4092 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys

21:02:12.0140 4092 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0140 4092 tfsndrct - detected UnsignedFile.Multi.Generic (1)

21:02:12.0171 4092 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys

21:02:12.0171 4092 tfsndres ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0171 4092 tfsndres - detected UnsignedFile.Multi.Generic (1)

21:02:12.0171 4092 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys

21:02:12.0203 4092 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0203 4092 tfsnifs - detected UnsignedFile.Multi.Generic (1)

21:02:12.0203 4092 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys

21:02:12.0234 4092 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0234 4092 tfsnopio - detected UnsignedFile.Multi.Generic (1)

21:02:12.0234 4092 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys

21:02:12.0234 4092 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0234 4092 tfsnpool - detected UnsignedFile.Multi.Generic (1)

21:02:12.0250 4092 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys

21:02:12.0281 4092 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0281 4092 tfsnudf - detected UnsignedFile.Multi.Generic (1)

21:02:12.0296 4092 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys

21:02:12.0296 4092 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

21:02:12.0296 4092 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

21:02:12.0359 4092 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

21:02:12.0843 4092 Themes - ok

21:02:12.0859 4092 TosIde - ok

21:02:12.0890 4092 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll

21:02:13.0046 4092 TrkWks - ok

21:02:13.0093 4092 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

21:02:13.0234 4092 Udfs - ok

21:02:13.0250 4092 ultra - ok

21:02:13.0296 4092 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

21:02:13.0812 4092 Update - ok

21:02:13.0859 4092 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll

21:02:14.0390 4092 upnphost - ok

21:02:14.0406 4092 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe

21:02:14.0562 4092 UPS - ok

21:02:14.0562 4092 USBAAPL - ok

21:02:14.0578 4092 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

21:02:14.0734 4092 usbaudio - ok

21:02:14.0750 4092 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:02:14.0875 4092 usbccgp - ok

21:02:14.0890 4092 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:02:15.0046 4092 usbehci - ok

21:02:15.0062 4092 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:02:15.0203 4092 usbhub - ok

21:02:15.0218 4092 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:02:15.0375 4092 usbprint - ok

21:02:15.0390 4092 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:02:15.0531 4092 usbscan - ok

21:02:15.0562 4092 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:02:15.0703 4092 USBSTOR - ok

21:02:15.0703 4092 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:02:15.0859 4092 usbuhci - ok

21:02:15.0890 4092 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

21:02:16.0031 4092 VgaSave - ok

21:02:16.0031 4092 ViaIde - ok

21:02:16.0125 4092 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe

21:02:16.0125 4092 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning

21:02:16.0125 4092 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)

21:02:16.0140 4092 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

21:02:16.0296 4092 VolSnap - ok

21:02:16.0343 4092 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe

21:02:16.0453 4092 VSS - ok

21:02:16.0515 4092 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll

21:02:16.0671 4092 W32Time - ok

21:02:16.0687 4092 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:02:16.0843 4092 Wanarp - ok

21:02:16.0859 4092 WDICA - ok

21:02:16.0890 4092 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

21:02:17.0437 4092 wdmaud - ok

21:02:17.0484 4092 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll

21:02:18.0000 4092 WebClient - ok

21:02:18.0078 4092 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:02:18.0218 4092 winmgmt - ok

21:02:18.0296 4092 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe

21:02:18.0328 4092 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning

21:02:18.0328 4092 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)

21:02:18.0359 4092 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\system32\mspmsnsv.dll

21:02:18.0500 4092 WmdmPmSN - ok

21:02:18.0562 4092 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:02:18.0718 4092 WmiApSrv - ok

21:02:18.0750 4092 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:02:18.0906 4092 WS2IFSL - ok

21:02:18.0937 4092 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll

21:02:19.0078 4092 wscsvc - ok

21:02:19.0093 4092 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll

21:02:19.0250 4092 wuauserv - ok

21:02:19.0281 4092 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll

21:02:19.0453 4092 WZCSVC - ok

21:02:19.0484 4092 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll

21:02:19.0625 4092 xmlprov - ok

21:02:19.0640 4092 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:02:19.0656 4092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

21:02:19.0656 4092 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

21:02:19.0687 4092 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:02:19.0687 4092 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:02:19.0703 4092 Boot (0x1200) (458025f5e728ba8a94961948e6b94ff8) \Device\Harddisk0\DR0\Partition0

21:02:19.0718 4092 \Device\Harddisk0\DR0\Partition0 - ok

21:02:19.0718 4092 ============================================================

21:02:19.0718 4092 Scan finished

21:02:19.0718 4092 ============================================================

21:02:19.0828 0152 Detected object count: 24

21:02:19.0828 0152 Actual detected object count: 24

21:03:36.0500 0152 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0500 0152 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0515 0152 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0515 0152 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0515 0152 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0515 0152 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0515 0152 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0515 0152 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0515 0152 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0515 0152 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0531 0152 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0531 0152 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0531 0152 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0531 0152 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0531 0152 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0531 0152 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0531 0152 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0531 0152 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0546 0152 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0546 0152 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0546 0152 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0546 0152 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0546 0152 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0546 0152 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0546 0152 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0546 0152 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0546 0152 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0546 0152 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0562 0152 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0562 0152 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0562 0152 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0562 0152 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0562 0152 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0562 0152 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0562 0152 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0562 0152 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0562 0152 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0562 0152 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0578 0152 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0578 0152 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0578 0152 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0578 0152 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:36.0578 0152 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:03:36.0578 0152 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:03:37.0328 0152 \Device\Harddisk0\DR0\# - copied to quarantine

21:03:37.0328 0152 \Device\Harddisk0\DR0 - copied to quarantine

21:03:37.0359 0152 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

21:03:37.0359 0152 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

21:03:37.0359 0152 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

21:03:37.0359 0152 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

21:03:37.0375 0152 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

21:03:37.0406 0152 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

21:03:37.0437 0152 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

21:03:37.0453 0152 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

21:03:37.0453 0152 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

21:03:37.0453 0152 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

21:03:37.0468 0152 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

21:03:37.0468 0152 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

21:03:37.0468 0152 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

21:03:37.0484 0152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

21:03:37.0500 0152 \Device\Harddisk0\DR0 - ok

21:03:37.0500 0152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

21:03:37.0500 0152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:03:37.0500 0152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

21:03:55.0093 1488 Deinitialize success

[MrCharlie]

21:03:37.0500 0152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:03:37.0500 0152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

21:03:55.0093 1488 Deinitialize success

Please run it again and just delete this one, MrC

[bakan]

21:18:14.0734 0236 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

21:18:14.0953 0236 ============================================================

21:18:14.0953 0236 Current date / time: 2012/07/24 21:18:14.0953

21:18:14.0953 0236 SystemInfo:

21:18:14.0953 0236

21:18:14.0953 0236 OS Version: 5.1.2600 ServicePack: 2.0

21:18:14.0953 0236 Product type: Workstation

21:18:14.0953 0236 ComputerName: ERIKA

21:18:14.0953 0236 UserName: Erikkita

21:18:14.0953 0236 Windows directory: C:\WINDOWS

21:18:14.0953 0236 System windows directory: C:\WINDOWS

21:18:14.0953 0236 Processor architecture: Intel x86

21:18:14.0953 0236 Number of processors: 2

21:18:14.0953 0236 Page size: 0x1000

21:18:14.0953 0236 Boot type: Normal boot

21:18:14.0953 0236 ============================================================

21:18:16.0656 0236 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:18:16.0656 0236 ============================================================

21:18:16.0656 0236 \Device\Harddisk0\DR0:

21:18:16.0656 0236 MBR partitions:

21:18:16.0656 0236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x122E15AA

21:18:16.0656 0236 ============================================================

21:18:16.0734 0236 C: <-> \Device\Harddisk0\DR0\Partition0

21:18:16.0765 0236 ============================================================

21:18:16.0765 0236 Initialize success

21:18:16.0765 0236 ============================================================

21:18:21.0484 2160 ============================================================

21:18:21.0484 2160 Scan started

21:18:21.0484 2160 Mode: Manual; SigCheck; TDLFS;

21:18:21.0484 2160 ============================================================

21:18:22.0484 2160 Abiosdsk - ok

21:18:22.0500 2160 abp480n5 - ok

21:18:22.0546 2160 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:18:24.0718 2160 ACPI - ok

21:18:24.0765 2160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:18:24.0953 2160 ACPIEC - ok

21:18:24.0968 2160 adpu160m - ok

21:18:25.0000 2160 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

21:18:25.0500 2160 aec - ok

21:18:25.0562 2160 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

21:18:25.0609 2160 AFD - ok

21:18:25.0625 2160 Aha154x - ok

21:18:25.0625 2160 aic78u2 - ok

21:18:25.0640 2160 aic78xx - ok

21:18:25.0687 2160 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll

21:18:25.0859 2160 Alerter - ok

21:18:25.0875 2160 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe

21:18:25.0984 2160 ALG - ok

21:18:26.0000 2160 AliIde - ok

21:18:26.0000 2160 amsint - ok

21:18:26.0000 2160 AppMgmt - ok

21:18:26.0015 2160 asc - ok

21:18:26.0015 2160 asc3350p - ok

21:18:26.0031 2160 asc3550 - ok

21:18:26.0140 2160 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:18:26.0203 2160 aspnet_state - ok

21:18:26.0234 2160 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:18:26.0375 2160 AsyncMac - ok

21:18:26.0406 2160 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:18:26.0546 2160 atapi - ok

21:18:26.0562 2160 Atdisk - ok

21:18:26.0609 2160 Ati HotKey Poller (4deaa162480367b232f3ee3a6d34084b) C:\WINDOWS\system32\Ati2evxx.exe

21:18:26.0687 2160 Ati HotKey Poller - ok

21:18:26.0734 2160 ATI Smart (2bdd1d3403827cd1af973a9cfad4edc7) C:\WINDOWS\system32\ati2sgag.exe

21:18:26.0812 2160 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

21:18:26.0812 2160 ATI Smart - detected UnsignedFile.Multi.Generic (1)

21:18:26.0859 2160 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

21:18:26.0953 2160 ati2mtag - ok

21:18:26.0968 2160 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:18:27.0171 2160 Atmarpc - ok

21:18:27.0218 2160 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll

21:18:27.0359 2160 AudioSrv - ok

21:18:27.0390 2160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:18:27.0546 2160 audstub - ok

21:18:27.0578 2160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:18:27.0734 2160 Beep - ok

21:18:27.0781 2160 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll

21:18:27.0984 2160 BITS - ok

21:18:28.0000 2160 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll

21:18:28.0156 2160 Browser - ok

21:18:28.0281 2160 catchme - ok

21:18:28.0312 2160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:18:28.0453 2160 cbidf2k - ok

21:18:28.0453 2160 cd20xrnt - ok

21:18:28.0484 2160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:18:28.0640 2160 Cdaudio - ok

21:18:28.0671 2160 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

21:18:28.0828 2160 Cdfs - ok

21:18:28.0843 2160 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:18:28.0984 2160 Cdrom - ok

21:18:28.0984 2160 Changer - ok

21:18:29.0015 2160 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe

21:18:29.0156 2160 CiSvc - ok

21:18:29.0171 2160 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe

21:18:29.0328 2160 ClipSrv - ok

21:18:29.0406 2160 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:18:29.0531 2160 clr_optimization_v2.0.50727_32 - ok

21:18:29.0546 2160 CmdIde - ok

21:18:29.0546 2160 COMSysApp - ok

21:18:29.0562 2160 Cpqarray - ok

21:18:29.0609 2160 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE

21:18:29.0640 2160 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

21:18:29.0640 2160 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

21:18:29.0671 2160 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll

21:18:29.0828 2160 CryptSvc - ok

21:18:29.0859 2160 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

21:18:29.0921 2160 ctsfm2k - ok

21:18:29.0937 2160 dac2w2k - ok

21:18:29.0937 2160 dac960nt - ok

21:18:29.0984 2160 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll

21:18:30.0093 2160 DcomLaunch - ok

21:18:30.0109 2160 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll

21:18:30.0546 2160 Dhcp - ok

21:18:30.0593 2160 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

21:18:30.0734 2160 Disk - ok

21:18:30.0750 2160 dmadmin - ok

21:18:30.0796 2160 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

21:18:30.0968 2160 dmboot - ok

21:18:30.0968 2160 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

21:18:31.0109 2160 dmio - ok

21:18:31.0140 2160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:18:31.0265 2160 dmload - ok

21:18:31.0296 2160 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll

21:18:31.0437 2160 dmserver - ok

21:18:31.0484 2160 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

21:18:31.0625 2160 DMusic - ok

21:18:31.0671 2160 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll

21:18:32.0109 2160 Dnscache - ok

21:18:32.0109 2160 dpti2o - ok

21:18:32.0140 2160 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

21:18:32.0265 2160 drmkaud - ok

21:18:32.0312 2160 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys

21:18:32.0328 2160 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

21:18:32.0328 2160 drvmcdb - detected UnsignedFile.Multi.Generic (1)

21:18:32.0343 2160 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys

21:18:32.0343 2160 drvnddm ( UnsignedFile.Multi.Generic ) - warning

21:18:32.0343 2160 drvnddm - detected UnsignedFile.Multi.Generic (1)

21:18:32.0390 2160 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

21:18:32.0453 2160 E100B - ok

21:18:32.0484 2160 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll

21:18:32.0640 2160 ERSvc - ok

21:18:32.0671 2160 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe

21:18:32.0765 2160 Eventlog - ok

21:18:32.0828 2160 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll

21:18:32.0890 2160 EventSystem - ok

21:18:32.0921 2160 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

21:18:33.0046 2160 Fastfat - ok

21:18:33.0093 2160 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

21:18:33.0562 2160 FastUserSwitchingCompatibility - ok

21:18:33.0578 2160 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

21:18:33.0734 2160 Fdc - ok

21:18:33.0765 2160 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

21:18:33.0890 2160 Fips - ok

21:18:34.0000 2160 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:18:34.0109 2160 FLEXnet Licensing Service - ok

21:18:34.0109 2160 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

21:18:34.0250 2160 Flpydisk - ok

21:18:34.0281 2160 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

21:18:34.0734 2160 FltMgr - ok

21:18:34.0828 2160 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:18:34.0843 2160 FontCache3.0.0.0 - ok

21:18:34.0875 2160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:18:35.0015 2160 Fs_Rec - ok

21:18:35.0031 2160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:18:35.0187 2160 Ftdisk - ok

21:18:35.0187 2160 GEARAspiWDM - ok

21:18:35.0218 2160 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:18:35.0343 2160 Gpc - ok

21:18:35.0437 2160 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

21:18:35.0453 2160 gupdate - ok

21:18:35.0453 2160 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

21:18:35.0453 2160 gupdatem - ok

21:18:35.0500 2160 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:18:35.0640 2160 helpsvc - ok

21:18:35.0671 2160 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll

21:18:35.0828 2160 HidServ - ok

21:18:35.0843 2160 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:18:35.0984 2160 hidusb - ok

21:18:36.0062 2160 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

21:18:36.0140 2160 HP Port Resolver - ok

21:18:36.0187 2160 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

21:18:36.0265 2160 HP Status Server - ok

21:18:36.0265 2160 hpn - ok

21:18:36.0296 2160 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:18:36.0375 2160 HPZid412 - ok

21:18:36.0390 2160 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

21:18:36.0437 2160 HPZipr12 - ok

21:18:36.0437 2160 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:18:36.0468 2160 HPZius12 - ok

21:18:36.0515 2160 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

21:18:36.0578 2160 HTTP - ok

21:18:36.0609 2160 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll

21:18:36.0765 2160 HTTPFilter - ok

21:18:36.0765 2160 i2omgmt - ok

21:18:36.0765 2160 i2omp - ok

21:18:36.0812 2160 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:18:36.0953 2160 i8042prt - ok

21:18:37.0062 2160 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

21:18:37.0093 2160 IDriverT ( UnsignedFile.Multi.Generic ) - warning

21:18:37.0093 2160 IDriverT - detected UnsignedFile.Multi.Generic (1)

21:18:37.0156 2160 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:18:37.0203 2160 idsvc - ok

21:18:37.0250 2160 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:18:37.0406 2160 Imapi - ok

21:18:37.0437 2160 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe

21:18:37.0593 2160 ImapiService - ok

21:18:37.0593 2160 ini910u - ok

21:18:37.0640 2160 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:18:37.0796 2160 IntelIde - ok

21:18:37.0828 2160 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:18:38.0000 2160 intelppm - ok

21:18:38.0015 2160 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

21:18:38.0156 2160 Ip6Fw - ok

21:18:38.0171 2160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:18:38.0328 2160 IpFilterDriver - ok

21:18:38.0328 2160 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:18:38.0484 2160 IpInIp - ok

21:18:38.0515 2160 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:18:38.0984 2160 IpNat - ok

21:18:39.0031 2160 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:18:39.0171 2160 IPSec - ok

21:18:39.0187 2160 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:18:39.0281 2160 IRENUM - ok

21:18:39.0296 2160 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:18:39.0421 2160 isapnp - ok

21:18:39.0546 2160 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe

21:18:39.0562 2160 JavaQuickStarterService - ok

21:18:39.0593 2160 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:18:39.0750 2160 Kbdclass - ok

21:18:39.0765 2160 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:18:39.0875 2160 kbdhid - ok

21:18:39.0921 2160 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

21:18:40.0390 2160 kmixer - ok

21:18:40.0453 2160 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

21:18:40.0546 2160 KSecDD - ok

21:18:40.0593 2160 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll

21:18:41.0046 2160 lanmanserver - ok

21:18:41.0078 2160 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll

21:18:41.0140 2160 lanmanworkstation - ok

21:18:41.0156 2160 lbrtfdc - ok

21:18:41.0187 2160 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll

21:18:41.0343 2160 LmHosts - ok

21:18:41.0359 2160 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll

21:18:41.0500 2160 Messenger - ok

21:18:41.0546 2160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:18:41.0687 2160 mnmdd - ok

21:18:41.0703 2160 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe

21:18:41.0828 2160 mnmsrvc - ok

21:18:41.0859 2160 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

21:18:42.0000 2160 Modem - ok

21:18:42.0031 2160 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:18:42.0156 2160 Mouclass - ok

21:18:42.0171 2160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:18:42.0312 2160 mouhid - ok

21:18:42.0328 2160 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

21:18:42.0468 2160 MountMgr - ok

21:18:42.0500 2160 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:18:42.0546 2160 MozillaMaintenance - ok

21:18:42.0562 2160 mraid35x - ok

21:18:42.0593 2160 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:18:43.0031 2160 MRxDAV - ok

21:18:43.0078 2160 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:18:43.0171 2160 MRxSmb - ok

21:18:43.0203 2160 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe

21:18:43.0328 2160 MSDTC - ok

21:18:43.0343 2160 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

21:18:43.0484 2160 Msfs - ok

21:18:43.0484 2160 MSIServer - ok

21:18:43.0531 2160 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:18:43.0656 2160 MSKSSRV - ok

21:18:43.0687 2160 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:18:43.0828 2160 MSPCLOCK - ok

21:18:43.0843 2160 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

21:18:43.0968 2160 MSPQM - ok

21:18:44.0000 2160 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:18:44.0140 2160 mssmbios - ok

21:18:44.0156 2160 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

21:18:44.0296 2160 Mup - ok

21:18:44.0312 2160 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

21:18:44.0468 2160 NDIS - ok

21:18:44.0515 2160 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:18:44.0625 2160 NdisTapi - ok

21:18:44.0656 2160 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:18:44.0796 2160 Ndisuio - ok

21:18:44.0812 2160 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:18:44.0937 2160 NdisWan - ok

21:18:44.0937 2160 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

21:18:45.0062 2160 NDProxy - ok

21:18:45.0093 2160 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:18:45.0218 2160 NetBIOS - ok

21:18:45.0234 2160 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:18:45.0359 2160 NetBT - ok

21:18:45.0406 2160 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

21:18:45.0531 2160 NetDDE - ok

21:18:45.0531 2160 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

21:18:45.0656 2160 NetDDEdsdm - ok

21:18:45.0671 2160 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:18:45.0812 2160 Netlogon - ok

21:18:45.0859 2160 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll

21:18:46.0359 2160 Netman - ok

21:18:46.0453 2160 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:18:46.0468 2160 NetTcpPortSharing - ok

21:18:46.0515 2160 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll

21:18:46.0578 2160 Nla - ok

21:18:46.0593 2160 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

21:18:46.0718 2160 Npfs - ok

21:18:46.0781 2160 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

21:18:47.0250 2160 Ntfs - ok

21:18:47.0265 2160 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:18:47.0406 2160 NtLmSsp - ok

21:18:47.0453 2160 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll

21:18:47.0625 2160 NtmsSvc - ok

21:18:47.0656 2160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:18:47.0812 2160 Null - ok

21:18:47.0828 2160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:18:47.0984 2160 NwlnkFlt - ok

21:18:48.0000 2160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:18:48.0125 2160 NwlnkFwd - ok

21:18:48.0171 2160 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

21:18:48.0187 2160 OMCI ( UnsignedFile.Multi.Generic ) - warning

21:18:48.0187 2160 OMCI - detected UnsignedFile.Multi.Generic (1)

21:18:48.0218 2160 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

21:18:48.0250 2160 ossrv - ok

21:18:48.0328 2160 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys

21:18:48.0484 2160 P17 - ok

21:18:48.0531 2160 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

21:18:48.0687 2160 Parport - ok

21:18:48.0703 2160 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

21:18:48.0859 2160 PartMgr - ok

21:18:48.0859 2160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:18:49.0000 2160 ParVdm - ok

21:18:49.0031 2160 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

21:18:49.0156 2160 PCI - ok

21:18:49.0156 2160 PCIDump - ok

21:18:49.0156 2160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

21:18:49.0281 2160 PCIIde - ok

21:18:49.0328 2160 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:18:49.0468 2160 Pcmcia - ok

21:18:49.0468 2160 PDCOMP - ok

21:18:49.0484 2160 PDFRAME - ok

21:18:49.0484 2160 PDRELI - ok

21:18:49.0484 2160 PDRFRAME - ok

21:18:49.0500 2160 perc2 - ok

21:18:49.0500 2160 perc2hib - ok

21:18:49.0546 2160 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe

21:18:49.0625 2160 PlugPlay - ok

21:18:49.0640 2160 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:18:49.0765 2160 PolicyAgent - ok

21:18:49.0796 2160 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:18:49.0921 2160 PptpMiniport - ok

21:18:49.0937 2160 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:18:50.0078 2160 ProtectedStorage - ok

21:18:50.0078 2160 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

21:18:50.0203 2160 PSched - ok

21:18:50.0218 2160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:18:50.0343 2160 Ptilink - ok

21:18:50.0359 2160 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:18:50.0515 2160 PxHelp20 - ok

21:18:50.0515 2160 ql1080 - ok

21:18:50.0531 2160 Ql10wnt - ok

21:18:50.0531 2160 ql12160 - ok

21:18:50.0546 2160 ql1240 - ok

21:18:50.0546 2160 ql1280 - ok

21:18:50.0593 2160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:18:50.0718 2160 RasAcd - ok

21:18:50.0750 2160 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll

21:18:50.0890 2160 RasAuto - ok

21:18:50.0921 2160 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:18:51.0078 2160 Rasl2tp - ok

21:18:51.0109 2160 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll

21:18:51.0609 2160 RasMan - ok

21:18:51.0625 2160 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:18:51.0750 2160 RasPppoe - ok

21:18:51.0765 2160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:18:51.0890 2160 Raspti - ok

21:18:51.0937 2160 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:18:52.0406 2160 Rdbss - ok

21:18:52.0421 2160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:18:52.0546 2160 RDPCDD - ok

21:18:52.0593 2160 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

21:18:53.0062 2160 RDPWD - ok

21:18:53.0109 2160 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe

21:18:53.0250 2160 RDSessMgr - ok

21:18:53.0296 2160 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:18:53.0437 2160 redbook - ok

21:18:53.0500 2160 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll

21:18:53.0625 2160 RemoteAccess - ok

21:18:53.0656 2160 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe

21:18:53.0796 2160 RpcLocator - ok

21:18:53.0859 2160 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll

21:18:53.0921 2160 RpcSs - ok

21:18:53.0953 2160 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

21:18:54.0109 2160 RSVP - ok

21:18:54.0140 2160 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

21:18:54.0281 2160 SamSs - ok

21:18:54.0281 2160 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe

21:18:54.0406 2160 SCardSvr - ok

21:18:54.0453 2160 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

21:18:54.0484 2160 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

21:18:54.0484 2160 SCDEmu - detected UnsignedFile.Multi.Generic (1)

21:18:54.0531 2160 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll

21:18:54.0687 2160 Schedule - ok

21:18:54.0734 2160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:18:55.0187 2160 Secdrv - ok

21:18:55.0218 2160 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll

21:18:55.0343 2160 seclogon - ok

21:18:55.0406 2160 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

21:18:55.0468 2160 senfilt ( UnsignedFile.Multi.Generic ) - warning

21:18:55.0468 2160 senfilt - detected UnsignedFile.Multi.Generic (1)

21:18:55.0468 2160 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll

21:18:55.0593 2160 SENS - ok

21:18:55.0609 2160 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:18:55.0765 2160 serenum - ok

21:18:55.0781 2160 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

21:18:55.0906 2160 Serial - ok

21:18:55.0937 2160 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:18:56.0062 2160 Sfloppy - ok

21:18:56.0109 2160 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll

21:18:56.0265 2160 SharedAccess - ok

21:18:56.0312 2160 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

21:18:56.0828 2160 ShellHWDetection - ok

21:18:56.0828 2160 Simbad - ok

21:18:56.0875 2160 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

21:18:56.0906 2160 smwdm ( UnsignedFile.Multi.Generic ) - warning

21:18:56.0906 2160 smwdm - detected UnsignedFile.Multi.Generic (1)

21:18:56.0921 2160 Sparrow - ok

21:18:56.0953 2160 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

21:18:57.0453 2160 splitter - ok

21:18:57.0500 2160 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe

21:18:58.0031 2160 Spooler - ok

21:18:58.0062 2160 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

21:18:58.0156 2160 sr - ok

21:18:58.0187 2160 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll

21:18:58.0265 2160 srservice - ok

21:18:58.0328 2160 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

21:18:58.0390 2160 Srv - ok

21:18:58.0406 2160 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

21:18:58.0406 2160 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

21:18:58.0406 2160 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

21:18:58.0437 2160 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll

21:18:58.0515 2160 SSDPSRV - ok

21:18:58.0531 2160 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

21:18:58.0531 2160 ssrtln ( UnsignedFile.Multi.Generic ) - warning

21:18:58.0531 2160 ssrtln - detected UnsignedFile.Multi.Generic (1)

21:18:58.0578 2160 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll

21:18:59.0078 2160 stisvc - ok

21:18:59.0109 2160 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:18:59.0265 2160 swenum - ok

21:18:59.0312 2160 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

21:18:59.0453 2160 swmidi - ok

21:18:59.0453 2160 SwPrv - ok

21:18:59.0468 2160 symc810 - ok

21:18:59.0468 2160 symc8xx - ok

21:18:59.0468 2160 sym_hi - ok

21:18:59.0484 2160 sym_u3 - ok

21:18:59.0500 2160 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

21:18:59.0640 2160 sysaudio - ok

21:18:59.0671 2160 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe

21:18:59.0812 2160 SysmonLog - ok

21:18:59.0859 2160 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll

21:19:00.0421 2160 TapiSrv - ok

21:19:00.0468 2160 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:19:00.0562 2160 Tcpip - ok

21:19:00.0593 2160 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:19:00.0750 2160 TDPIPE - ok

21:19:00.0765 2160 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

21:19:00.0890 2160 TDTCP - ok

21:19:00.0937 2160 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:19:01.0093 2160 TermDD - ok

21:19:01.0125 2160 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll

21:19:01.0265 2160 TermService - ok

21:19:01.0296 2160 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys

21:19:01.0312 2160 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0312 2160 tfsnboio - detected UnsignedFile.Multi.Generic (1)

21:19:01.0328 2160 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys

21:19:01.0328 2160 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0328 2160 tfsncofs - detected UnsignedFile.Multi.Generic (1)

21:19:01.0343 2160 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys

21:19:01.0359 2160 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0359 2160 tfsndrct - detected UnsignedFile.Multi.Generic (1)

21:19:01.0390 2160 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys

21:19:01.0390 2160 tfsndres ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0390 2160 tfsndres - detected UnsignedFile.Multi.Generic (1)

21:19:01.0390 2160 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys

21:19:01.0421 2160 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0421 2160 tfsnifs - detected UnsignedFile.Multi.Generic (1)

21:19:01.0421 2160 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys

21:19:01.0437 2160 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0437 2160 tfsnopio - detected UnsignedFile.Multi.Generic (1)

21:19:01.0437 2160 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys

21:19:01.0437 2160 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0437 2160 tfsnpool - detected UnsignedFile.Multi.Generic (1)

21:19:01.0453 2160 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys

21:19:01.0453 2160 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0453 2160 tfsnudf - detected UnsignedFile.Multi.Generic (1)

21:19:01.0468 2160 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys

21:19:01.0468 2160 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

21:19:01.0468 2160 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

21:19:01.0515 2160 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

21:19:01.0984 2160 Themes - ok

21:19:02.0000 2160 TosIde - ok

21:19:02.0031 2160 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll

21:19:02.0171 2160 TrkWks - ok

21:19:02.0218 2160 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

21:19:02.0343 2160 Udfs - ok

21:19:02.0343 2160 ultra - ok

21:19:02.0406 2160 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

21:19:02.0875 2160 Update - ok

21:19:02.0921 2160 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll

21:19:03.0406 2160 upnphost - ok

21:19:03.0421 2160 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe

21:19:03.0546 2160 UPS - ok

21:19:03.0546 2160 USBAAPL - ok

21:19:03.0578 2160 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

21:19:03.0703 2160 usbaudio - ok

21:19:03.0718 2160 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:19:03.0843 2160 usbccgp - ok

21:19:03.0859 2160 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:19:04.0015 2160 usbehci - ok

21:19:04.0015 2160 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:19:04.0140 2160 usbhub - ok

21:19:04.0171 2160 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:19:04.0312 2160 usbprint - ok

21:19:04.0328 2160 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:19:04.0453 2160 usbscan - ok

21:19:04.0484 2160 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:19:04.0609 2160 USBSTOR - ok

21:19:04.0609 2160 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:19:04.0750 2160 usbuhci - ok

21:19:04.0781 2160 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

21:19:04.0906 2160 VgaSave - ok

21:19:04.0906 2160 ViaIde - ok

21:19:05.0000 2160 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe

21:19:05.0000 2160 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning

21:19:05.0000 2160 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)

21:19:05.0015 2160 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

21:19:05.0156 2160 VolSnap - ok

21:19:05.0203 2160 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe

21:19:05.0296 2160 VSS - ok

21:19:05.0343 2160 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll

21:19:05.0484 2160 W32Time - ok

21:19:05.0515 2160 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:19:05.0671 2160 Wanarp - ok

21:19:05.0671 2160 WDICA - ok

21:19:05.0718 2160 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

21:19:06.0203 2160 wdmaud - ok

21:19:06.0250 2160 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll

21:19:06.0734 2160 WebClient - ok

21:19:06.0828 2160 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll

21:19:06.0953 2160 winmgmt - ok

21:19:07.0031 2160 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe

21:19:07.0062 2160 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning

21:19:07.0062 2160 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)

21:19:07.0093 2160 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\system32\mspmsnsv.dll

21:19:07.0218 2160 WmdmPmSN - ok

21:19:07.0265 2160 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

21:19:07.0421 2160 WmiApSrv - ok

21:19:07.0453 2160 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:19:07.0593 2160 WS2IFSL - ok

21:19:07.0625 2160 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll

21:19:07.0765 2160 wscsvc - ok

21:19:07.0781 2160 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll

21:19:07.0921 2160 wuauserv - ok

21:19:07.0968 2160 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll

21:19:08.0125 2160 WZCSVC - ok

21:19:08.0140 2160 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll

21:19:08.0281 2160 xmlprov - ok

21:19:08.0296 2160 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:19:08.0796 2160 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:19:08.0796 2160 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:19:08.0812 2160 Boot (0x1200) (458025f5e728ba8a94961948e6b94ff8) \Device\Harddisk0\DR0\Partition0

21:19:08.0812 2160 \Device\Harddisk0\DR0\Partition0 - ok

21:19:08.0828 2160 ============================================================

21:19:08.0828 2160 Scan finished

21:19:08.0828 2160 ============================================================

21:19:08.0953 1404 Detected object count: 23

21:19:08.0953 1404 Actual detected object count: 23

21:19:34.0718 1404 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0718 1404 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0718 1404 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0718 1404 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0718 1404 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0718 1404 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0718 1404 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0718 1404 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0734 1404 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0734 1404 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0734 1404 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0734 1404 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0734 1404 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0734 1404 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0734 1404 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0734 1404 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0734 1404 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0734 1404 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0734 1404 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0734 1404 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0734 1404 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0734 1404 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0750 1404 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0750 1404 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0750 1404 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0750 1404 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0750 1404 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0750 1404 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0750 1404 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0750 1404 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0750 1404 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0750 1404 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0750 1404 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0750 1404 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0750 1404 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0750 1404 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0765 1404 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0765 1404 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0765 1404 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0765 1404 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0765 1404 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0765 1404 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0765 1404 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:34.0765 1404 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:19:34.0781 1404 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

21:19:34.0781 1404 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

21:19:34.0796 1404 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

21:19:34.0796 1404 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

21:19:34.0843 1404 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

21:19:34.0843 1404 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

21:19:34.0843 1404 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

21:19:34.0890 1404 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

21:19:34.0890 1404 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

21:19:34.0890 1404 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

21:19:34.0906 1404 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

21:19:34.0906 1404 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

21:19:34.0906 1404 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

21:19:34.0906 1404 \Device\Harddisk0\DR0\TDLFS - deleted

21:19:34.0906 1404 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

21:19:40.0062 0976 Deinitialize success

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[bakan]

Running smoother..

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.12

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

Erikkita :: ERIKA [administrator]

7/24/2012 9:29:12 PM

mbam-log-2012-07-24 (21-29-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208023

Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[bakan]

Toolbar working and no redirects it seems!

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[bakan]

Based on the logs, was there something keylogging my password or was the breach not on this computer?

[MrCharlie]

No keyloggers but it is a backdoor trojan, a couple of liks to read:

http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99

http://www.geekstogo.com/190/what-is-a-backdoor-trojan/

MrC