Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse Crypt. aqlw persists [Closed]

Started by mr_sledgeka , May 04 2012 12:12 AM

  • This topic is locked This topic is locked

#1
mr_sledgeka
Posted 04 May 2012 - 12:12 AM

mr_sledgeka

    Member

  • Member
  • PipPip
  • 55 posts
Trojan Horse Crypt aqlw has been installed on my PC by mistake, I tried cleaning but every time I retart my PC it comes back. I need some expert directions I have already read through the forum and other forums tried different trojan removal software but trojan persists at the moment AVG is blocking it but keeps popping up on myscreen.

My system is Dell, MS Windows XP Home SP3, Intel Pentium 4 CPU 3.20GHZ, 1.0 RAM, Nividia Geforce FX 5200

Hope someone can help?

Thanks! :help:
  • 0

Advertisements

#2
maliprog
Posted 04 May 2012 - 02:51 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello mr_sledgeka and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • You must reply within 3 days or your topic will be closed

Step 1

Please restart in safe mode with networking:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now



Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#3
mr_sledgeka
Posted 04 May 2012 - 09:25 PM

mr_sledgeka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thanks maliprog

I will follow your directions and post the logs soon as possible. AVG is blocking the trojan but when I try accessing some sites like wikipedia and Tech forums its directing the browser to bogus sites that look professional but are hacked.

:cool:
  • 0

#4
mr_sledgeka
Posted 05 May 2012 - 03:53 AM

mr_sledgeka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here's the combofix log as requested: since I have reboot the computer back to normal no threats have been detected by AVG yet and PC seems to be running normal but waiting for more threats to occur if any.


ComboFix 12-05-04.03 - Brendan 05/05/2012 19:22:05.2.1 - x86 NETWORK
Running from: c:\downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\5BFDE0D65F999626.log
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 04:25 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-04 03:17 . 2012-05-04 03:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-03 23:34 . 2005-11-08 14:26 38400 ----a-w- c:\windows\system32\moveex.exe
2012-05-03 23:02 . 2012-05-03 23:02 -------- d-----w- C:\VundoFix Backups
2012-05-03 09:04 . 2012-05-03 09:06 -------- d-----w- c:\documents and settings\Brendan\Application Data\Xuwal
2012-05-03 09:04 . 2012-05-03 09:05 -------- d-----w- c:\documents and settings\Brendan\Application Data\Xiqiq
2012-05-03 09:04 . 2012-05-03 09:05 -------- d-----w- c:\documents and settings\Brendan\Application Data\Egoles
2012-05-03 09:04 . 2012-05-03 09:04 -------- d-----w- c:\documents and settings\Brendan\Application Data\Hyeml
2012-04-18 12:10 . 2012-05-03 00:22 -------- d-----w- c:\documents and settings\Brendan\Application Data\Nitro PDF
2012-04-18 12:06 . 2011-10-25 05:50 17704 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-04-18 12:06 . 2011-10-25 05:50 26408 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-04-18 12:06 . 2012-04-18 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2012-04-18 12:06 . 2012-04-18 12:06 -------- d-----w- c:\program files\Nitro PDF
2012-04-18 12:06 . 2012-04-18 12:06 -------- d-----w- c:\program files\Common Files\Nitro PDF
2012-04-18 12:04 . 2012-04-18 12:04 -------- d-----w- c:\documents and settings\Brendan\Application Data\Downloaded Installations
2012-04-18 00:48 . 2003-06-27 08:54 57344 ----a-w- c:\windows\CTREBOOT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 23:34 . 2007-04-23 12:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-14 23:34 . 2012-01-06 08:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 1101824]
"NOMAD Detector"="c:\program files\Creative\SBLive\PlayCenter2\CTNMRun.exe" [2002-03-04 18432]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-01-14 4697024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 191488]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 827392]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-06-01 86016]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-11-01 4085080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-01-31 26264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
erzi.exe [2012-5-3 137728]
loetir.exe [2012-5-3 215079]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
oxez.exe [2012-5-3 137728]
vafi.exe [2012-5-3 215079]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-5-18 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-04-09 10:14 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-04-09 10:23 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-11 05:36 133104 ----atw- c:\documents and settings\Brendan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 00:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 11:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 01:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 03:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-04-09 10:11 2595792 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NOMAD Detector"="c:\program files\Creative\SBLive\PlayCenter2\CTNMRun.exe"
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Brendan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-06 248656]
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-08-05 19572]
R1 sonypvd2;sonypvd2;c:\windows\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-07 269520]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-21 110752]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-10-25 196904]
R2 Vqtfk;Vqtfk;c:\windows\System32\Vqtfk.sys [1999-08-11 19936]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-11 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-09 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-09 27216]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [2009-08-24 406016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys [2008-09-07 47360]
R3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [x]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-01-11 27168]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-01-11 27168]
S0 Achernar;Achernar - SCSI Command Filters;c:\windows\System32\Drivers\Achernar.sys [2005-09-23 16855]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-21 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2007-02-02 30808]
S0 sonypvl2;sonypvl2; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-11 682232]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 sonypvf2;sonypvf2; [x]
S1 sonypvt2;sonypvt2; [x]
S3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\System32\Drivers\Aldebaran.sys [2005-09-23 21808]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-11 30432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 04484856
*Deregistered* - 04484856
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MaxtorFrontPanel1
zntport
Udfreadr_xp
sfhlp01
usbsermpt
ncupdatesvc
avgfwsrv
tzontservice
gemserv
ccsetmgr
Maplom
RAPIProtocol
BrSerIf
oraclesnmppeermasteragent
SE27mgmt
svv
CdaD10BA
icollectservice
siside
transcode360
asusgsb
CBTNDIS5
CTEDSPFX.DLL
imagedrv
prodrv06
dns4meclient
cobbmservice
umpusbxp
TNaviSrv
crystalaps
bthenum
cpntsrv
lilsgt
mafwboot
prevxagent
vaiomediaplatform-mobile-gateway
IBM_LLC2
ipsecmon
authsyssvc
btfirst
pcctlcom
aexnsclienttransport
iAimTV5
avcgbdr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 05:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:50]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:50]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392070450-808398348-4156111588-1009Core.job
- c:\documents and settings\Brendan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-13 05:36]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392070450-808398348-4156111588-1009UA.job
- c:\documents and settings\Brendan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-13 05:36]
.
2004-02-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 0<local>;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Inbox Search - tbr:iemenu
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Inbox\ctbr.dll
DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} - hxxp://icebergradio.com/aurora/1.0.2.259/client.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?P?????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?????????~?B~??????????@???????????????????B??????????????????????????`??????r?B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2392070450-808398348-4156111588-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\System32\ctmp3.acm
c:\windows\system32\ITIG726.acm
c:\windows\system32\sirenacm.dll
c:\windows\system32\vct3216.acm
c:\windows\system32\vct3216.dll
c:\windows\system32\MSMS001.vwp
c:\windows\system32\Mvoice.vwp
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll
.
- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-05-05 19:40:43
ComboFix-quarantined-files.txt 2012-05-05 09:40
ComboFix2.txt 2012-05-05 05:20
ComboFix3.txt 2008-08-20 11:22
.
Pre-Run: 31,611,555,840 bytes free
Post-Run: 31,594,872,832 bytes free
.
- - End Of File - - 58149121D59E3B522DF21D6F0B2D1DA0
  • 0

#5
mr_sledgeka
Posted 05 May 2012 - 03:55 AM

mr_sledgeka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here's the TDSS Killer log as requested. there was no Cure option so I selected skip as you instructed.

01:19:30.0156 1552 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
01:19:31.0171 1552 ============================================================
01:19:31.0171 1552 Current date / time: 2004/02/23 01:19:31.0171
01:19:31.0171 1552 SystemInfo:
01:19:31.0171 1552
01:19:31.0171 1552 OS Version: 5.1.2600 ServicePack: 3.0
01:19:31.0171 1552 Product type: Workstation
01:19:31.0171 1552 ComputerName: SHAMUS
01:19:31.0171 1552 UserName: Brendan
01:19:31.0171 1552 Windows directory: C:\WINDOWS
01:19:31.0171 1552 System windows directory: C:\WINDOWS
01:19:31.0171 1552 Processor architecture: Intel x86
01:19:31.0171 1552 Number of processors: 1
01:19:31.0171 1552 Page size: 0x1000
01:19:31.0171 1552 Boot type: Safe boot with network
01:19:31.0171 1552 ============================================================
01:19:34.0093 1552 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:19:34.0093 1552 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:19:34.0093 1552 Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:19:37.0843 1552 ============================================================
01:19:37.0843 1552 \Device\Harddisk0\DR0:
01:19:37.0843 1552 MBR partitions:
01:19:37.0843 1552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xDF741B9
01:19:37.0843 1552 \Device\Harddisk1\DR3:
01:19:37.0843 1552 MBR partitions:
01:19:37.0843 1552 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
01:19:37.0843 1552 \Device\Harddisk2\DR4:
01:19:37.0843 1552 MBR partitions:
01:19:37.0843 1552 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385830
01:19:37.0843 1552 ============================================================
01:19:37.0921 1552 C: <-> \Device\Harddisk0\DR0\Partition0
01:19:38.0015 1552 F: <-> \Device\Harddisk1\DR3\Partition0
01:19:38.0109 1552 D: <-> \Device\Harddisk2\DR4\Partition0
01:19:38.0125 1552 ============================================================
01:19:38.0125 1552 Initialize success
01:19:38.0125 1552 ============================================================
01:20:37.0171 1392 ============================================================
01:20:37.0171 1392 Scan started
01:20:37.0171 1392 Mode: Manual; SigCheck; TDLFS;
01:20:37.0171 1392 ============================================================
01:20:42.0234 1392 Abiosdsk - ok
01:20:42.0296 1392 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
01:20:44.0234 1392 abp480n5 - ok
01:20:44.0281 1392 Achernar (b346493850a5a7339ec0d45766050638) C:\WINDOWS\system32\Drivers\Achernar.sys
01:20:44.0328 1392 Achernar ( UnsignedFile.Multi.Generic ) - warning
01:20:44.0328 1392 Achernar - detected UnsignedFile.Multi.Generic (1)
01:20:44.0406 1392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:20:44.0562 1392 ACPI - ok
01:20:44.0609 1392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:20:44.0734 1392 ACPIEC - ok
01:20:44.0906 1392 AcrSch2Svc (4a00e527bb34fca0e458db1089f97b3b) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
01:20:44.0984 1392 AcrSch2Svc - ok
01:20:45.0078 1392 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
01:20:45.0109 1392 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
01:20:45.0109 1392 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
01:20:45.0156 1392 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
01:20:45.0281 1392 adpu160m - ok
01:20:45.0343 1392 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
01:20:45.0437 1392 aeaudio - ok
01:20:45.0531 1392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:20:45.0656 1392 aec - ok
01:20:45.0703 1392 aexnsclienttransport - ok
01:20:45.0765 1392 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
01:20:45.0890 1392 AFD - ok
01:20:45.0953 1392 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
01:20:46.0078 1392 agp440 - ok
01:20:46.0125 1392 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
01:20:46.0265 1392 agpCPQ - ok
01:20:46.0328 1392 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
01:20:46.0390 1392 Aha154x - ok
01:20:46.0421 1392 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
01:20:46.0546 1392 aic78u2 - ok
01:20:46.0593 1392 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
01:20:46.0734 1392 aic78xx - ok
01:20:46.0796 1392 Aldebaran (279c623fc19ea826f17b63389cec73ba) C:\WINDOWS\System32\Drivers\Aldebaran.sys
01:20:46.0812 1392 Aldebaran ( UnsignedFile.Multi.Generic ) - warning
01:20:46.0812 1392 Aldebaran - detected UnsignedFile.Multi.Generic (1)
01:20:46.0859 1392 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:20:47.0000 1392 Alerter - ok
01:20:47.0031 1392 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:20:47.0140 1392 ALG - ok
01:20:47.0187 1392 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
01:20:47.0328 1392 AliIde - ok
01:20:47.0359 1392 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
01:20:47.0500 1392 alim1541 - ok
01:20:47.0531 1392 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
01:20:47.0656 1392 amdagp - ok
01:20:47.0718 1392 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
01:20:47.0781 1392 amsint - ok
01:20:47.0875 1392 AnyDVD (2859c5ec3943911bf1e6458089a75f35) C:\WINDOWS\system32\Drivers\AnyDVD.sys
01:20:47.0968 1392 AnyDVD - ok
01:20:47.0984 1392 AppMgmt - ok
01:20:48.0046 1392 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
01:20:48.0171 1392 asc - ok
01:20:48.0218 1392 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
01:20:48.0265 1392 asc3350p - ok
01:20:48.0312 1392 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
01:20:48.0406 1392 asc3550 - ok
01:20:48.0515 1392 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
01:20:48.0546 1392 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
01:20:48.0546 1392 Aspi32 - detected UnsignedFile.Multi.Generic (1)
01:20:48.0718 1392 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:20:48.0765 1392 aspnet_state - ok
01:20:48.0781 1392 asusgsb - ok
01:20:48.0828 1392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:20:48.0953 1392 AsyncMac - ok
01:20:49.0000 1392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:20:49.0109 1392 atapi - ok
01:20:49.0125 1392 Atdisk - ok
01:20:49.0171 1392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:20:49.0312 1392 Atmarpc - ok
01:20:49.0359 1392 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:20:49.0484 1392 AudioSrv - ok
01:20:49.0515 1392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:20:49.0625 1392 audstub - ok
01:20:49.0671 1392 authsyssvc - ok
01:20:49.0703 1392 avcgbdr - ok
01:20:49.0781 1392 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
01:20:49.0781 1392 Avgfwdx - ok
01:20:49.0812 1392 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
01:20:49.0812 1392 Avgfwfd - ok
01:20:50.0125 1392 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files\AVG\AVG10\avgfws.exe
01:20:50.0265 1392 avgfws - ok
01:20:50.0390 1392 avgfwsrv - ok
01:20:50.0765 1392 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
01:20:51.0156 1392 AVGIDSAgent - ok
01:20:51.0343 1392 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
01:20:51.0359 1392 AVGIDSDriver - ok
01:20:51.0437 1392 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
01:20:51.0437 1392 AVGIDSEH - ok
01:20:51.0484 1392 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
01:20:51.0484 1392 AVGIDSFilter - ok
01:20:51.0546 1392 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
01:20:51.0562 1392 AVGIDSShim - ok
01:20:51.0640 1392 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
01:20:51.0671 1392 Avgldx86 - ok
01:20:51.0718 1392 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
01:20:51.0734 1392 Avgmfx86 - ok
01:20:51.0796 1392 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
01:20:51.0796 1392 Avgrkx86 - ok
01:20:51.0843 1392 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
01:20:51.0859 1392 Avgtdix - ok
01:20:52.0000 1392 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
01:20:52.0015 1392 avgwd - ok
01:20:52.0062 1392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:20:52.0187 1392 Beep - ok
01:20:52.0250 1392 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:20:52.0625 1392 BITS - ok
01:20:52.0656 1392 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:20:52.0796 1392 Browser - ok
01:20:52.0859 1392 BrSerIf - ok
01:20:52.0875 1392 btfirst - ok
01:20:52.0953 1392 bthenum (6ae16e3191823e1af2ddce6d759864a1) C:\WINDOWS\system32\LPDSVC.dll
01:20:53.0062 1392 bthenum - ok
01:20:53.0078 1392 bvrp_pci - ok
01:20:53.0187 1392 Capture Device Service (1778eba872274c1226d869cd9486847e) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
01:20:53.0203 1392 Capture Device Service - ok
01:20:53.0250 1392 catchme - ok
01:20:53.0296 1392 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
01:20:53.0437 1392 cbidf - ok
01:20:53.0453 1392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:20:53.0578 1392 cbidf2k - ok
01:20:53.0640 1392 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:20:53.0750 1392 CCDECODE - ok
01:20:53.0765 1392 ccsetmgr - ok
01:20:53.0796 1392 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
01:20:53.0859 1392 cd20xrnt - ok
01:20:53.0906 1392 CdaD10BA - ok
01:20:53.0968 1392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:20:54.0093 1392 Cdaudio - ok
01:20:54.0140 1392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:20:54.0250 1392 Cdfs - ok
01:20:54.0328 1392 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
01:20:54.0343 1392 cdrbsvsd ( UnsignedFile.Multi.Generic ) - warning
01:20:54.0343 1392 cdrbsvsd - detected UnsignedFile.Multi.Generic (1)
01:20:54.0390 1392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:20:54.0515 1392 Cdrom - ok
01:20:54.0546 1392 Changer - ok
01:20:54.0625 1392 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:20:54.0750 1392 CiSvc - ok
01:20:54.0812 1392 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:20:54.0921 1392 ClipSrv - ok
01:20:55.0109 1392 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:20:55.0171 1392 clr_optimization_v2.0.50727_32 - ok
01:20:55.0218 1392 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
01:20:55.0359 1392 CmdIde - ok
01:20:55.0406 1392 cobbmservice - ok
01:20:55.0437 1392 COMSysApp - ok
01:20:55.0515 1392 cpntsrv - ok
01:20:55.0593 1392 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
01:20:55.0703 1392 Cpqarray - ok
01:20:55.0765 1392 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
01:20:55.0781 1392 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
01:20:55.0781 1392 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
01:20:55.0843 1392 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:20:55.0968 1392 CryptSvc - ok
01:20:56.0015 1392 crystalaps - ok
01:20:56.0093 1392 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
01:20:56.0234 1392 dac2w2k - ok
01:20:56.0250 1392 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
01:20:56.0390 1392 dac960nt - ok
01:20:56.0484 1392 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
01:20:56.0656 1392 DcomLaunch - ok
01:20:56.0906 1392 DfSdkS (92ae26f2caf4a67e24a0ba6ddf32cc3c) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
01:20:56.0984 1392 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
01:20:56.0984 1392 DfSdkS - detected UnsignedFile.Multi.Generic (1)
01:20:57.0046 1392 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:20:57.0171 1392 Dhcp - ok
01:20:57.0234 1392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:20:57.0343 1392 Disk - ok
01:20:57.0359 1392 dmadmin - ok
01:20:57.0437 1392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:20:57.0593 1392 dmboot - ok
01:20:57.0640 1392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:20:57.0765 1392 dmio - ok
01:20:57.0828 1392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:20:57.0953 1392 dmload - ok
01:20:58.0015 1392 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:20:58.0140 1392 dmserver - ok
01:20:58.0171 1392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:20:58.0312 1392 DMusic - ok
01:20:58.0375 1392 dns4meclient - ok
01:20:58.0453 1392 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
01:20:58.0578 1392 Dnscache - ok
01:20:58.0671 1392 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:20:58.0812 1392 Dot3svc - ok
01:20:58.0875 1392 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
01:20:59.0000 1392 dpti2o - ok
01:20:59.0046 1392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:20:59.0156 1392 drmkaud - ok
01:20:59.0203 1392 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
01:20:59.0218 1392 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
01:20:59.0218 1392 drvmcdb - detected UnsignedFile.Multi.Generic (1)
01:20:59.0281 1392 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
01:20:59.0296 1392 drvnddm ( UnsignedFile.Multi.Generic ) - warning
01:20:59.0296 1392 drvnddm - detected UnsignedFile.Multi.Generic (1)
01:20:59.0359 1392 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:20:59.0375 1392 E100B - ok
01:20:59.0406 1392 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:20:59.0500 1392 EapHost - ok
01:20:59.0515 1392 EL90XBC - ok
01:20:59.0609 1392 ElbyCDIO (26e97ae9ac52bac9a5473187b8311f29) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
01:20:59.0609 1392 ElbyCDIO - ok
01:20:59.0640 1392 EPSON_PM_RPCV2_02 (5f933159fa1e72c233905cdf25cc254a) C:\WINDOWS\system32\E_S00RP2.EXE
01:20:59.0718 1392 EPSON_PM_RPCV2_02 - ok
01:20:59.0796 1392 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:20:59.0906 1392 ERSvc - ok
01:20:59.0984 1392 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
01:21:00.0109 1392 Eventlog - ok
01:21:00.0156 1392 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
01:21:00.0281 1392 EventSystem - ok
01:21:00.0312 1392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:21:00.0453 1392 Fastfat - ok
01:21:00.0531 1392 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
01:21:00.0671 1392 FastUserSwitchingCompatibility - ok
01:21:00.0750 1392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:21:00.0875 1392 Fdc - ok
01:21:00.0921 1392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:21:01.0031 1392 Fips - ok
01:21:01.0078 1392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:21:01.0187 1392 Flpydisk - ok
01:21:01.0250 1392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:21:01.0375 1392 FltMgr - ok
01:21:01.0468 1392 FNETDEVI (92fc10e8fcf01c36abd567f646b74658) C:\WINDOWS\system32\drivers\FNETDEVI.SYS
01:21:01.0484 1392 FNETDEVI ( UnsignedFile.Multi.Generic ) - warning
01:21:01.0484 1392 FNETDEVI - detected UnsignedFile.Multi.Generic (1)
01:21:01.0671 1392 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:21:01.0671 1392 FontCache3.0.0.0 - ok
01:21:01.0750 1392 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
01:21:01.0765 1392 fssfltr - ok
01:21:02.0000 1392 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
01:21:02.0031 1392 fsssvc - ok
01:21:02.0109 1392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:21:02.0250 1392 Fs_Rec - ok
01:21:02.0281 1392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:21:02.0406 1392 Ftdisk - ok
01:21:02.0453 1392 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
01:21:02.0562 1392 gameenum - ok
01:21:02.0593 1392 gemserv - ok
01:21:02.0656 1392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:21:02.0781 1392 Gpc - ok
01:21:02.0953 1392 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:21:02.0984 1392 gupdate - ok
01:21:03.0015 1392 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:21:03.0015 1392 gupdatem - ok
01:21:03.0109 1392 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:21:03.0125 1392 gusvc - ok
01:21:03.0234 1392 helpsvc - ok
01:21:03.0250 1392 HidServ - ok
01:21:03.0359 1392 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:21:03.0500 1392 hkmsvc - ok
01:21:03.0531 1392 hotcore2 (293141580bcd5ef191c2c9b632b37939) C:\WINDOWS\system32\drivers\hotcore2.sys
01:21:03.0546 1392 hotcore2 ( UnsignedFile.Multi.Generic ) - warning
01:21:03.0546 1392 hotcore2 - detected UnsignedFile.Multi.Generic (1)
01:21:03.0593 1392 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
01:21:03.0703 1392 hpn - ok
01:21:03.0781 1392 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
01:21:03.0906 1392 HSFHWBS2 - ok
01:21:04.0031 1392 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
01:21:04.0125 1392 HSF_DP - ok
01:21:04.0171 1392 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
01:21:04.0312 1392 HTTP - ok
01:21:04.0375 1392 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:21:04.0484 1392 HTTPFilter - ok
01:21:04.0531 1392 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:21:04.0656 1392 i2omgmt - ok
01:21:04.0687 1392 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
01:21:04.0812 1392 i2omp - ok
01:21:04.0843 1392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:21:04.0968 1392 i8042prt - ok
01:21:05.0046 1392 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
01:21:05.0156 1392 i81x - ok
01:21:05.0218 1392 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
01:21:05.0328 1392 iAimFP0 - ok
01:21:05.0390 1392 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
01:21:05.0500 1392 iAimFP1 - ok
01:21:05.0546 1392 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
01:21:05.0671 1392 iAimFP2 - ok
01:21:05.0718 1392 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
01:21:05.0828 1392 iAimFP3 - ok
01:21:05.0890 1392 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
01:21:06.0000 1392 iAimFP4 - ok
01:21:06.0078 1392 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
01:21:06.0187 1392 iAimTV0 - ok
01:21:06.0234 1392 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
01:21:06.0375 1392 iAimTV1 - ok
01:21:06.0390 1392 iAimTV2 - ok
01:21:06.0468 1392 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
01:21:06.0578 1392 iAimTV3 - ok
01:21:06.0625 1392 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
01:21:06.0718 1392 iAimTV4 - ok
01:21:06.0765 1392 iAimTV5 - ok
01:21:06.0812 1392 IBM_LLC2 - ok
01:21:07.0000 1392 Icecast-trunk (817f805c75a82ac2827d243d5c0a4445) C:\Program Files\Icecast2 Win32\icecastService.exe
01:21:07.0046 1392 Icecast-trunk ( UnsignedFile.Multi.Generic ) - warning
01:21:07.0046 1392 Icecast-trunk - detected UnsignedFile.Multi.Generic (1)
01:21:07.0078 1392 icollectservice - ok
01:21:07.0281 1392 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:21:07.0296 1392 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:21:07.0296 1392 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:21:07.0531 1392 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:21:07.0609 1392 idsvc - ok
01:21:07.0625 1392 imagedrv - ok
01:21:07.0750 1392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:21:07.0875 1392 Imapi - ok
01:21:07.0937 1392 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:21:08.0046 1392 ImapiService - ok
01:21:08.0125 1392 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
01:21:08.0250 1392 ini910u - ok
01:21:08.0328 1392 Intel® PROSet Monitoring Service (f2c6fb081b707863a0a21d639f325475) C:\WINDOWS\system32\IProsetMonitor.exe
01:21:08.0343 1392 Intel® PROSet Monitoring Service - ok
01:21:08.0390 1392 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:21:08.0500 1392 IntelIde - ok
01:21:08.0531 1392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:21:08.0640 1392 intelppm - ok
01:21:08.0671 1392 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:21:08.0796 1392 ip6fw - ok
01:21:08.0828 1392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:21:08.0953 1392 IpFilterDriver - ok
01:21:09.0015 1392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:21:09.0125 1392 IpInIp - ok
01:21:09.0156 1392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:21:09.0281 1392 IpNat - ok
01:21:09.0312 1392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:21:09.0453 1392 IPSec - ok
01:21:09.0515 1392 ipsecmon - ok
01:21:09.0562 1392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:21:09.0687 1392 IRENUM - ok
01:21:09.0734 1392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:21:09.0843 1392 isapnp - ok
01:21:10.0109 1392 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
01:21:10.0156 1392 JavaQuickStarterService - ok
01:21:10.0203 1392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:21:10.0312 1392 Kbdclass - ok
01:21:10.0343 1392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:21:10.0484 1392 kmixer - ok
01:21:10.0515 1392 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
01:21:10.0640 1392 KSecDD - ok
01:21:10.0687 1392 lanmanserver (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
01:21:10.0812 1392 lanmanserver - ok
01:21:10.0859 1392 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
01:21:11.0031 1392 lanmanworkstation - ok
01:21:11.0062 1392 lbrtfdc - ok
01:21:11.0140 1392 lilsgt - ok
01:21:11.0218 1392 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:21:11.0328 1392 LmHosts - ok
01:21:11.0359 1392 mafwboot - ok
01:21:11.0390 1392 Maplom - ok
01:21:11.0406 1392 MaxtorFrontPanel1 - ok
01:21:11.0453 1392 MBAMSwissArmy - ok
01:21:11.0593 1392 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
01:21:11.0609 1392 MDM - ok
01:21:11.0656 1392 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:21:11.0687 1392 mdmxsdk - ok
01:21:11.0734 1392 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:21:11.0859 1392 Messenger - ok
01:21:11.0984 1392 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:21:12.0000 1392 Microsoft Office Groove Audit Service - ok
01:21:12.0078 1392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:21:12.0218 1392 mnmdd - ok
01:21:12.0281 1392 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
01:21:12.0406 1392 mnmsrvc - ok
01:21:12.0484 1392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:21:12.0593 1392 Modem - ok
01:21:12.0656 1392 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:21:12.0781 1392 MODEMCSA - ok
01:21:12.0828 1392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:21:12.0953 1392 Mouclass - ok
01:21:13.0015 1392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:21:13.0109 1392 MountMgr - ok
01:21:13.0156 1392 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
01:21:13.0265 1392 MPE - ok
01:21:13.0296 1392 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
01:21:13.0390 1392 mraid35x - ok
01:21:13.0453 1392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:21:13.0578 1392 MRxDAV - ok
01:21:13.0625 1392 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:21:13.0765 1392 MRxSmb - ok
01:21:13.0796 1392 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
01:21:13.0890 1392 MSDTC - ok
01:21:13.0968 1392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:21:14.0078 1392 Msfs - ok
01:21:14.0109 1392 MSIServer - ok
01:21:14.0156 1392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:21:14.0281 1392 MSKSSRV - ok
01:21:14.0312 1392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:21:14.0437 1392 MSPCLOCK - ok
01:21:14.0484 1392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:21:14.0593 1392 MSPQM - ok
01:21:14.0656 1392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:21:14.0781 1392 mssmbios - ok
01:21:14.0843 1392 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:21:14.0953 1392 MSTEE - ok
01:21:15.0015 1392 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
01:21:15.0140 1392 Mup - ok
01:21:15.0281 1392 MySQL - ok
01:21:15.0312 1392 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:21:15.0437 1392 NABTSFEC - ok
01:21:15.0515 1392 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:21:15.0625 1392 napagent - ok
01:21:15.0640 1392 ncupdatesvc - ok
01:21:15.0687 1392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:21:15.0828 1392 NDIS - ok
01:21:15.0890 1392 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
01:21:15.0906 1392 ndiscm ( UnsignedFile.Multi.Generic ) - warning
01:21:15.0906 1392 ndiscm - detected UnsignedFile.Multi.Generic (1)
01:21:15.0953 1392 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:21:16.0078 1392 NdisIP - ok
01:21:16.0109 1392 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:21:16.0218 1392 NdisTapi - ok
01:21:16.0265 1392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:21:16.0375 1392 Ndisuio - ok
01:21:16.0453 1392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:21:16.0578 1392 NdisWan - ok
01:21:16.0640 1392 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
01:21:16.0734 1392 NDProxy - ok
01:21:16.0765 1392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:21:16.0875 1392 NetBIOS - ok
01:21:16.0937 1392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:21:17.0062 1392 NetBT - ok
01:21:17.0140 1392 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:21:17.0265 1392 NetDDE - ok
01:21:17.0296 1392 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:21:17.0421 1392 NetDDEdsdm - ok
01:21:17.0468 1392 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:21:17.0578 1392 Netlogon - ok
01:21:17.0640 1392 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:21:17.0765 1392 Netman - ok
01:21:17.0906 1392 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:21:17.0921 1392 NetTcpPortSharing - ok
01:21:18.0109 1392 NitroReaderDriverReadSpool2 (6b6894a77d9a0404b4efddf8f840e9a3) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
01:21:18.0140 1392 NitroReaderDriverReadSpool2 - ok
01:21:18.0234 1392 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
01:21:18.0343 1392 Nla - ok
01:21:18.0406 1392 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
01:21:18.0500 1392 nm - ok
01:21:18.0546 1392 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
01:21:18.0703 1392 nmwcd - ok
01:21:18.0734 1392 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\WINDOWS\system32\drivers\ccdcmbo.sys
01:21:18.0781 1392 nmwcdc - ok
01:21:18.0859 1392 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
01:21:19.0015 1392 nmwcdcj - ok
01:21:19.0046 1392 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
01:21:19.0078 1392 nmwcdcm - ok
01:21:19.0093 1392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:21:19.0234 1392 Npfs - ok
01:21:19.0312 1392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:21:19.0468 1392 Ntfs - ok
01:21:19.0546 1392 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
01:21:19.0640 1392 NtLmSsp - ok
01:21:19.0703 1392 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:21:19.0843 1392 NtmsSvc - ok
01:21:19.0875 1392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:21:20.0000 1392 Null - ok
01:21:20.0203 1392 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:21:20.0453 1392 nv - ok
01:21:20.0609 1392 NVSvc (be4a98439a5e26cbc70db20e996938dc) C:\WINDOWS\System32\nvsvc32.exe
01:21:20.0625 1392 NVSvc - ok
01:21:20.0703 1392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:21:20.0828 1392 NwlnkFlt - ok
01:21:20.0875 1392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:21:20.0984 1392 NwlnkFwd - ok
01:21:21.0156 1392 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:21:21.0187 1392 odserv - ok
01:21:21.0265 1392 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
01:21:21.0281 1392 omci ( UnsignedFile.Multi.Generic ) - warning
01:21:21.0281 1392 omci - detected UnsignedFile.Multi.Generic (1)
01:21:21.0296 1392 oraclesnmppeermasteragent - ok
01:21:21.0375 1392 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:21:21.0390 1392 ose - ok
01:21:21.0500 1392 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
01:21:21.0656 1392 P16X - ok
01:21:21.0843 1392 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
01:21:21.0953 1392 P3 - ok
01:21:22.0015 1392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:21:22.0156 1392 Parport - ok
01:21:22.0218 1392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:21:22.0359 1392 PartMgr - ok
01:21:22.0406 1392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:21:22.0515 1392 ParVdm - ok
01:21:22.0562 1392 pavboot (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys
01:21:22.0578 1392 pavboot - ok
01:21:22.0625 1392 pcctlcom - ok
01:21:22.0703 1392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:21:22.0812 1392 PCI - ok
01:21:22.0859 1392 PCIDump - ok
01:21:22.0921 1392 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:21:23.0031 1392 PCIIde - ok
01:21:23.0062 1392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:21:23.0187 1392 Pcmcia - ok
01:21:23.0250 1392 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
01:21:23.0265 1392 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
01:21:23.0265 1392 Pcouffin - detected UnsignedFile.Multi.Generic (1)
01:21:23.0281 1392 pctplsg - ok
01:21:23.0312 1392 PDCOMP - ok
01:21:23.0343 1392 PDFRAME - ok
01:21:23.0375 1392 PDRELI - ok
01:21:23.0421 1392 PDRFRAME - ok
01:21:23.0531 1392 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
01:21:23.0640 1392 perc2 - ok
01:21:23.0671 1392 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
01:21:23.0781 1392 perc2hib - ok
01:21:23.0875 1392 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
01:21:23.0890 1392 PfModNT ( UnsignedFile.Multi.Generic ) - warning
01:21:23.0890 1392 PfModNT - detected UnsignedFile.Multi.Generic (1)
01:21:24.0015 1392 pgfilter - ok
01:21:24.0093 1392 PID_0920 (9b4aff0adade21cba680e074f6be600b) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
01:21:24.0546 1392 PID_0920 - ok
01:21:24.0609 1392 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
01:21:24.0750 1392 PlugPlay - ok
01:21:24.0828 1392 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:21:24.0937 1392 PolicyAgent - ok
01:21:25.0000 1392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:21:25.0125 1392 PptpMiniport - ok
01:21:25.0187 1392 PQNTDrv (474543751522111dd7c0cf09e17f6d9f) C:\WINDOWS\system32\drivers\PQNTDrv.sys
01:21:25.0203 1392 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
01:21:25.0203 1392 PQNTDrv - detected UnsignedFile.Multi.Generic (1)
01:21:25.0265 1392 prevxagent - ok
01:21:25.0312 1392 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
01:21:25.0421 1392 Processor - ok
01:21:25.0437 1392 prodrv06 - ok
01:21:25.0453 1392 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:21:25.0562 1392 ProtectedStorage - ok
01:21:25.0609 1392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:21:25.0734 1392 PSched - ok
01:21:25.0781 1392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:21:25.0890 1392 Ptilink - ok
01:21:25.0968 1392 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
01:21:25.0968 1392 PxHelp20 - ok
01:21:26.0046 1392 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
01:21:26.0171 1392 ql1080 - ok
01:21:26.0218 1392 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
01:21:26.0328 1392 Ql10wnt - ok
01:21:26.0359 1392 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
01:21:26.0500 1392 ql12160 - ok
01:21:26.0531 1392 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
01:21:26.0640 1392 ql1240 - ok
01:21:26.0656 1392 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
01:21:26.0796 1392 ql1280 - ok
01:21:26.0843 1392 RAPIProtocol - ok
01:21:26.0906 1392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:21:27.0031 1392 RasAcd - ok
01:21:27.0078 1392 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:21:27.0203 1392 RasAuto - ok
01:21:27.0250 1392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:21:27.0390 1392 Rasl2tp - ok
01:21:27.0468 1392 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:21:27.0593 1392 RasMan - ok
01:21:27.0640 1392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:21:27.0765 1392 RasPppoe - ok
01:21:27.0812 1392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:21:27.0921 1392 Raspti - ok
01:21:27.0968 1392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:21:28.0093 1392 Rdbss - ok
01:21:28.0140 1392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:21:28.0281 1392 RDPCDD - ok
01:21:28.0328 1392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:21:28.0437 1392 rdpdr - ok
01:21:28.0515 1392 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
01:21:28.0640 1392 RDPWD - ok
01:21:28.0718 1392 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:21:28.0843 1392 RDSessMgr - ok
01:21:28.0890 1392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:21:29.0000 1392 redbook - ok
01:21:29.0109 1392 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:21:29.0218 1392 RemoteAccess - ok
01:21:29.0281 1392 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
01:21:29.0390 1392 RpcLocator - ok
01:21:29.0484 1392 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll
01:21:29.0609 1392 RpcSs - ok
01:21:29.0640 1392 RRNetCap (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
01:21:29.0656 1392 RRNetCap - ok
01:21:29.0687 1392 RRNetCapMP (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
01:21:29.0687 1392 RRNetCapMP - ok
01:21:29.0734 1392 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
01:21:29.0843 1392 RSVP - ok
01:21:29.0906 1392 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:21:30.0000 1392 SamSs - ok
01:21:30.0078 1392 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:21:30.0218 1392 SCardSvr - ok
01:21:30.0250 1392 SCDEmu (e7daf42e58f66c1539a68ef462f64027) C:\WINDOWS\system32\drivers\SCDEmu.sys
01:21:30.0265 1392 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
01:21:30.0265 1392 SCDEmu - detected UnsignedFile.Multi.Generic (1)
01:21:30.0343 1392 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:21:30.0484 1392 Schedule - ok
01:21:30.0515 1392 SE27mgmt - ok
01:21:30.0578 1392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:21:30.0703 1392 Secdrv - ok
01:21:30.0765 1392 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:21:30.0859 1392 seclogon - ok
01:21:30.0937 1392 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:21:31.0062 1392 SENS - ok
01:21:31.0093 1392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:21:31.0218 1392 serenum - ok
01:21:31.0281 1392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:21:31.0406 1392 Serial - ok
01:21:31.0625 1392 ServiceLayer (78546cd2eca6dd6bdcd4b13048621f88) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
01:21:31.0656 1392 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
01:21:31.0656 1392 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
01:21:31.0734 1392 sfhlp01 - ok
01:21:31.0796 1392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:21:31.0906 1392 Sfloppy - ok
01:21:31.0984 1392 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:21:32.0140 1392 SharedAccess - ok
01:21:32.0234 1392 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
01:21:32.0343 1392 ShellHWDetection - ok
01:21:32.0375 1392 Simbad - ok
01:21:32.0484 1392 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
01:21:32.0593 1392 sisagp - ok
01:21:32.0640 1392 siside - ok
01:21:32.0703 1392 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:21:32.0828 1392 SLIP - ok
01:21:32.0906 1392 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
01:21:32.0968 1392 smwdm - ok
01:21:33.0015 1392 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
01:21:33.0031 1392 snapman - ok
01:21:33.0531 1392 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
01:21:34.0062 1392 SNPSTD3 - ok
01:21:34.0265 1392 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) C:\WINDOWS\system32\DRIVERS\sonypvd2.sys
01:21:34.0281 1392 sonypvd2 ( UnsignedFile.Multi.Generic ) - warning
01:21:34.0281 1392 sonypvd2 - detected UnsignedFile.Multi.Generic (1)
01:21:34.0343 1392 sonypvf2 (810caa0bf9325cd10c87127aed3f9ff2) C:\WINDOWS\system32\drivers\sonypvf2.sys
01:21:34.0406 1392 sonypvf2 ( UnsignedFile.Multi.Generic ) - warning
01:21:34.0406 1392 sonypvf2 - detected UnsignedFile.Multi.Generic (1)
01:21:34.0453 1392 sonypvl2 (4efce4ce7813b8c4d7c526ad3b821fe9) C:\WINDOWS\system32\drivers\sonypvl2.sys
01:21:34.0468 1392 sonypvl2 ( UnsignedFile.Multi.Generic ) - warning
01:21:34.0468 1392 sonypvl2 - detected UnsignedFile.Multi.Generic (1)
01:21:34.0531 1392 sonypvt2 (04be0be6b50bac71de235c0cb766268c) C:\WINDOWS\system32\drivers\sonypvt2.sys
01:21:34.0578 1392 sonypvt2 ( UnsignedFile.Multi.Generic ) - warning
01:21:34.0578 1392 sonypvt2 - detected UnsignedFile.Multi.Generic (1)
01:21:34.0625 1392 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
01:21:34.0687 1392 Sparrow - ok
01:21:34.0750 1392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:21:34.0875 1392 splitter - ok
01:21:34.0953 1392 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
01:21:35.0093 1392 Spooler - ok
01:21:35.0171 1392 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
01:21:35.0203 1392 sptd - ok
01:21:35.0265 1392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:21:35.0406 1392 sr - ok
01:21:35.0468 1392 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:21:35.0625 1392 srservice - ok
01:21:35.0671 1392 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
01:21:35.0843 1392 Srv - ok
01:21:35.0875 1392 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
01:21:35.0890 1392 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
01:21:35.0890 1392 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
01:21:35.0921 1392 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:21:36.0046 1392 SSDPSRV - ok
01:21:36.0093 1392 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
01:21:36.0109 1392 ssrtln ( UnsignedFile.Multi.Generic ) - warning
01:21:36.0109 1392 ssrtln - detected UnsignedFile.Multi.Generic (1)
01:21:36.0156 1392 StatusAgent4 (453811dda054e871f8b397a38821c511) C:\WINDOWS\system32\SAgent4.exe
01:21:36.0187 1392 StatusAgent4 - ok
01:21:36.0250 1392 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:21:36.0390 1392 stisvc - ok
01:21:36.0468 1392 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:21:36.0562 1392 streamip - ok
01:21:36.0609 1392 svv - ok
01:21:36.0671 1392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:21:36.0765 1392 swenum - ok
01:21:36.0796 1392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:21:36.0937 1392 swmidi - ok
01:21:36.0953 1392 SwPrv - ok
01:21:37.0031 1392 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
01:21:37.0140 1392 symc810 - ok
01:21:37.0171 1392 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
01:21:37.0281 1392 symc8xx - ok
01:21:37.0312 1392 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
01:21:37.0437 1392 sym_hi - ok
01:21:37.0500 1392 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
01:21:37.0609 1392 sym_u3 - ok
01:21:37.0671 1392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:21:37.0781 1392 sysaudio - ok
01:21:37.0843 1392 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:21:37.0984 1392 SysmonLog - ok
01:21:38.0046 1392 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:21:38.0171 1392 TapiSrv - ok
01:21:38.0218 1392 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
01:21:38.0234 1392 tbhsd - ok
01:21:38.0265 1392 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:21:38.0390 1392 Tcpip - ok
01:21:38.0468 1392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:21:38.0593 1392 TDPIPE - ok
01:21:38.0640 1392 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
01:21:38.0687 1392 tdrpman - ok
01:21:38.0718 1392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:21:38.0843 1392 TDTCP - ok
01:21:38.0875 1392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:21:39.0000 1392 TermDD - ok
01:21:39.0046 1392 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:21:39.0171 1392 TermService - ok
01:21:39.0250 1392 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
01:21:39.0265 1392 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0265 1392 tfsnboio - detected UnsignedFile.Multi.Generic (1)
01:21:39.0296 1392 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
01:21:39.0312 1392 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0312 1392 tfsncofs - detected UnsignedFile.Multi.Generic (1)
01:21:39.0359 1392 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
01:21:39.0375 1392 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0375 1392 tfsndrct - detected UnsignedFile.Multi.Generic (1)
01:21:39.0406 1392 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
01:21:39.0406 1392 tfsndres ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0406 1392 tfsndres - detected UnsignedFile.Multi.Generic (1)
01:21:39.0468 1392 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
01:21:39.0515 1392 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0515 1392 tfsnifs - detected UnsignedFile.Multi.Generic (1)
01:21:39.0562 1392 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
01:21:39.0593 1392 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0593 1392 tfsnopio - detected UnsignedFile.Multi.Generic (1)
01:21:39.0640 1392 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
01:21:39.0656 1392 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0656 1392 tfsnpool - detected UnsignedFile.Multi.Generic (1)
01:21:39.0734 1392 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
01:21:39.0750 1392 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0750 1392 tfsnudf - detected UnsignedFile.Multi.Generic (1)
01:21:39.0796 1392 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
01:21:39.0828 1392 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
01:21:39.0828 1392 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
01:21:39.0875 1392 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
01:21:40.0000 1392 Themes - ok
01:21:40.0046 1392 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
01:21:40.0046 1392 tifsfilter - ok
01:21:40.0093 1392 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
01:21:40.0125 1392 timounter - ok
01:21:40.0187 1392 TNaviSrv - ok
01:21:40.0250 1392 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
01:21:40.0359 1392 TosIde - ok
01:21:40.0421 1392 transcode360 - ok
01:21:40.0515 1392 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:21:40.0640 1392 TrkWks - ok
01:21:40.0859 1392 TryAndDecideService (bc236bbb0b16049392e020e53f17d04c) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
01:21:40.0875 1392 TryAndDecideService - ok
01:21:40.0906 1392 tzontservice - ok
01:21:40.0968 1392 U81xbus (8452977e2331af70652c3a4c28d2706d) C:\WINDOWS\system32\DRIVERS\U81xbus.sys
01:21:41.0000 1392 U81xbus ( UnsignedFile.Multi.Generic ) - warning
01:21:41.0000 1392 U81xbus - detected UnsignedFile.Multi.Generic (1)
01:21:41.0062 1392 U81xmdfl (e39c410fcd87570e36dcc34f6d2502b7) C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
01:21:41.0078 1392 U81xmdfl ( UnsignedFile.Multi.Generic ) - warning
01:21:41.0078 1392 U81xmdfl - detected UnsignedFile.Multi.Generic (1)
01:21:41.0125 1392 U81xmdm (eb0bbf5d8c53f1abe7911907b276a0b6) C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
01:21:41.0156 1392 U81xmdm ( UnsignedFile.Multi.Generic ) - warning
01:21:41.0156 1392 U81xmdm - detected UnsignedFile.Multi.Generic (1)
01:21:41.0203 1392 Udfreadr_xp - ok
01:21:41.0265 1392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:21:41.0390 1392 Udfs - ok
01:21:41.0484 1392 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
01:21:41.0546 1392 ultra - ok
01:21:41.0562 1392 umpusbxp - ok
01:21:41.0609 1392 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\System32\wdfmgr.exe
01:21:41.0671 1392 UMWdf - ok
01:21:41.0765 1392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:21:41.0921 1392 Update - ok
01:21:41.0984 1392 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:21:42.0109 1392 upnphost - ok
01:21:42.0156 1392 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:21:42.0281 1392 UPS - ok
01:21:42.0375 1392 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:21:42.0515 1392 usbaudio - ok
01:21:42.0593 1392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:21:42.0703 1392 usbccgp - ok
01:21:42.0781 1392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:21:42.0890 1392 usbehci - ok
01:21:42.0937 1392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:21:43.0078 1392 usbhub - ok
01:21:43.0125 1392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:21:43.0234 1392 usbprint - ok
01:21:43.0265 1392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:21:43.0390 1392 usbscan - ok
01:21:43.0406 1392 usbsermpt - ok
01:21:43.0468 1392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:21:43.0593 1392 USBSTOR - ok
01:21:43.0640 1392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:21:43.0734 1392 usbuhci - ok
01:21:43.0781 1392 vaiomediaplatform-mobile-gateway - ok
01:21:43.0859 1392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:21:43.0953 1392 VgaSave - ok
01:21:44.0000 1392 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
01:21:44.0125 1392 viaagp - ok
01:21:44.0156 1392 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
01:21:44.0265 1392 ViaIde - ok
01:21:44.0312 1392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:21:44.0421 1392 VolSnap - ok
01:21:44.0500 1392 Vqtfk (671f9c3a6da576db62d47937628ef79b) C:\WINDOWS\System32\Vqtfk.sys
01:21:44.0515 1392 Vqtfk ( UnsignedFile.Multi.Generic ) - warning
01:21:44.0515 1392 Vqtfk - detected UnsignedFile.Multi.Generic (1)
01:21:44.0609 1392 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:21:44.0718 1392 VSS - ok
01:21:44.0796 1392 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:21:44.0937 1392 w32time - ok
01:21:44.0984 1392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:21:45.0125 1392 Wanarp - ok
01:21:45.0140 1392 wanatw - ok
01:21:45.0218 1392 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:21:45.0250 1392 Wdf01000 - ok
01:21:45.0265 1392 WDICA - ok
01:21:45.0328 1392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:21:45.0453 1392 wdmaud - ok
01:21:45.0500 1392 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:21:45.0625 1392 WebClient - ok
01:21:45.0703 1392 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:21:45.0781 1392 winachsf - ok
01:21:45.0937 1392 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:21:46.0062 1392 winmgmt - ok
01:21:46.0203 1392 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe
01:21:46.0218 1392 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
01:21:46.0218 1392 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
01:21:46.0281 1392 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
01:21:46.0343 1392 WmdmPmSN - ok
01:21:46.0406 1392 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
01:21:46.0531 1392 WmiApSrv - ok
01:21:46.0703 1392 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
01:21:46.0781 1392 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
01:21:46.0781 1392 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
01:21:46.0859 1392 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:21:46.0890 1392 WpdUsb - ok
01:21:46.0953 1392 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:21:47.0078 1392 WS2IFSL - ok
01:21:47.0125 1392 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:21:47.0265 1392 wscsvc - ok
01:21:47.0328 1392 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:21:47.0453 1392 WSTCODEC - ok
01:21:47.0515 1392 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:21:47.0703 1392 wuauserv - ok
01:21:47.0765 1392 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:21:47.0859 1392 WudfPf - ok
01:21:47.0921 1392 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
01:21:47.0953 1392 WudfSvc - ok
01:21:48.0046 1392 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:21:48.0171 1392 WZCSVC - ok
01:21:48.0234 1392 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:21:48.0359 1392 xmlprov - ok
01:21:48.0515 1392 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:21:48.0562 1392 YahooAUService - ok
01:21:48.0609 1392 zntport - ok
01:21:48.0703 1392 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:21:49.0031 1392 \Device\Harddisk0\DR0 - ok
01:21:49.0078 1392 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
01:21:49.0203 1392 \Device\Harddisk1\DR3 - ok
01:21:53.0078 1392 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
01:21:53.0218 1392 \Device\Harddisk2\DR4 - ok
01:21:53.0250 1392 Boot (0x1200) (706e285002e471278e7bcbba97f4e061) \Device\Harddisk0\DR0\Partition0
01:21:53.0250 1392 \Device\Harddisk0\DR0\Partition0 - ok
01:21:53.0265 1392 Boot (0x1200) (419eeda1c6afb28ddfc4845d07fe1b99) \Device\Harddisk1\DR3\Partition0
01:21:53.0265 1392 \Device\Harddisk1\DR3\Partition0 - ok
01:21:53.0281 1392 Boot (0x1200) (12ba6ac496d4ec235cb61987985cbbf7) \Device\Harddisk2\DR4\Partition0
01:21:53.0296 1392 \Device\Harddisk2\DR4\Partition0 - ok
01:21:53.0312 1392 ============================================================
01:21:53.0312 1392 Scan finished
01:21:53.0312 1392 ============================================================
01:21:53.0468 1688 Detected object count: 41
01:21:53.0468 1688 Actual detected object count: 41
01:23:32.0953 1688 Achernar ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:32.0953 1688 Achernar ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:32.0968 1688 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:32.0968 1688 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:32.0984 1688 Aldebaran ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:32.0984 1688 Aldebaran ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0000 1688 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0000 1688 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0015 1688 cdrbsvsd ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0015 1688 cdrbsvsd ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0031 1688 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0031 1688 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0031 1688 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0031 1688 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0046 1688 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0046 1688 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0062 1688 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0062 1688 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0093 1688 FNETDEVI ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0093 1688 FNETDEVI ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0093 1688 hotcore2 ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0109 1688 hotcore2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0109 1688 Icecast-trunk ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0109 1688 Icecast-trunk ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0125 1688 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0125 1688 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0140 1688 ndiscm ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0140 1688 ndiscm ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0156 1688 omci ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0156 1688 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0171 1688 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0171 1688 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0171 1688 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0171 1688 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0187 1688 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0187 1688 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0203 1688 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0203 1688 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0218 1688 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0218 1688 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0234 1688 sonypvd2 ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0234 1688 sonypvd2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0250 1688 sonypvf2 ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0250 1688 sonypvf2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0250 1688 sonypvl2 ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0250 1688 sonypvl2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0265 1688 sonypvt2 ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0265 1688 sonypvt2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0281 1688 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0281 1688 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0296 1688 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0296 1688 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0312 1688 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0312 1688 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0328 1688 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0328 1688 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0328 1688 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0328 1688 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0359 1688 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0359 1688 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0375 1688 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0375 1688 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0390 1688 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0390 1688 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0390 1688 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0390 1688 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0406 1688 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0406 1688 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0421 1688 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0421 1688 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0437 1688 U81xbus ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0437 1688 U81xbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0453 1688 U81xmdfl ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0453 1688 U81xmdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0468 1688 U81xmdm ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0468 1688 U81xmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0468 1688 Vqtfk ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0468 1688 Vqtfk ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0484 1688 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0484 1688 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:23:33.0500 1688 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
01:23:33.0500 1688 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:25:40.0640 1536 Deinitialize success
  • 0

#6
maliprog
Posted 06 May 2012 - 11:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mr_sledgeka,

How is your system now? Problems?

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#7
maliprog
Posted 14 May 2012 - 02:25 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
mr_sledgeka
Posted 15 May 2012 - 02:30 AM

mr_sledgeka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I downloaded Kaspersky Virus Removal Tool as instructed , opened it and tried to scan my system but it just stalled even after 3 hours when I looked at the tool it had not scanned anything?. My PC was frozen that I had to turn it off at the Power outlet(which is not good) again I tried the same procedure and the same happen. Not sure why this is happening?

Generally my system has been fine except that generic variations of the virus have arisen that AVG keeps blocking.

I do have Trend Micro Rootkillbuster removal tool on my system so I scanned and the tool identified traces of the virus but could not remove all of the generic variations. I have posted that log if its any use to you, if not please advise.



--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
MBR unsupported disk type
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Scheduler
Root : 486bfc0
SubKey : Scheduler
ValueName : LastTimeSecond
Data : 41
ValueType : 4
AccessType: 0
FullLength: 45
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Scheduler
Root : 486bfc0
SubKey : Scheduler
ValueName : LastTimeMinute
Data : 1
ValueType : 4
AccessType: 0
FullLength: 45
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Scheduler
Root : 486bfc0
SubKey : Scheduler
ValueName : LastTimeHour
Data : 1
ValueType : 4
AccessType: 0
FullLength: 45
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Scheduler
Root : 486bfc0
SubKey : Scheduler
ValueName : LastDateDay
Data : 23
ValueType : 4
AccessType: 0
FullLength: 45
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Scheduler
Root : 486bfc0
SubKey : Scheduler
ValueName : LastDateMonth
Data : 2
ValueType : 4
AccessType: 0
FullLength: 45
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Scheduler
Root : 486bfc0
SubKey : Scheduler
ValueName : LastDateYear
Data : 2004
ValueType : 4
AccessType: 0
FullLength: 45
DataSize : 4
6 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAdjustPrivilegesToken
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8058d0a1
CurrentHandler : 0xb7adc690
ServiceNumber : 0xb
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwClose
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805678dd
CurrentHandler : 0xb7adcf94
ServiceNumber : 0x19
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwConnectPort
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805879eb
CurrentHandler : 0xb7adddc8
ServiceNumber : 0x1f
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEvent
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8056d57a
CurrentHandler : 0xb7ade312
ServiceNumber : 0x23
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateFile
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8056cdc0
CurrentHandler : 0xb7add270
ServiceNumber : 0x25
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057065d
CurrentHandler : 0xb7adb500
ServiceNumber : 0x29
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80578037
CurrentHandler : 0xb7ade1f8
ServiceNumber : 0x2b
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateNamedPipeFile
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80583f3f
CurrentHandler : 0xb7adc27e
ServiceNumber : 0x2c
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreatePort
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805975b1
CurrentHandler : 0xb7ade0cc
ServiceNumber : 0x2e
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSection
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805652b3
CurrentHandler : 0xb7adc426
ServiceNumber : 0x32
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSemaphore
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057243b
CurrentHandler : 0xb7ade432
ServiceNumber : 0x33
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8058e63f
CurrentHandler : 0xb7adcc1c
ServiceNumber : 0x35
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateWaitablePort
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805db124
CurrentHandler : 0xb7ade162
ServiceNumber : 0x38
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDebugActiveProcess
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8065b1cd
CurrentHandler : 0xb7adfb1a
ServiceNumber : 0x39
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805952be
CurrentHandler : 0xb7adbb0a
ServiceNumber : 0x3f
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteValueKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80592d50
CurrentHandler : 0xb7adbebe
ServiceNumber : 0x41
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeviceIoControlFile
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8058efad
CurrentHandler : 0xb7add6f2
ServiceNumber : 0x42
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDuplicateObject
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805715e0
CurrentHandler : 0xb7ae0d26
ServiceNumber : 0x44
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80570d64
CurrentHandler : 0xb7adc00a
ServiceNumber : 0x47
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateValueKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8059066b
CurrentHandler : 0xb7adc0a2
ServiceNumber : 0x49
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFsControlFile
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057aab5
CurrentHandler : 0xb7add500
ServiceNumber : 0x54
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805a3af1
CurrentHandler : 0xb7adfc0c
ServiceNumber : 0x61
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805aed5d
CurrentHandler : 0xb7adb4dc
ServiceNumber : 0x62
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadKey2
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805aeb9a
CurrentHandler : 0xb7adb4ee
ServiceNumber : 0x63
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMapViewOfSection
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80573b61
CurrentHandler : 0xb7ae0374
ServiceNumber : 0x6c
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8058a68d
CurrentHandler : 0xb7adc1ce
ServiceNumber : 0x6f
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEvent
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057dcdd
CurrentHandler : 0xb7ade3a8
ServiceNumber : 0x72
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenFile
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8056cd5b
CurrentHandler : 0xb7add016
ServiceNumber : 0x74
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80568d59
CurrentHandler : 0xb7adb6c0
ServiceNumber : 0x77
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenMutant
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805780e5
CurrentHandler : 0xb7ade288
ServiceNumber : 0x78
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805717c7
CurrentHandler : 0xb7adc8cc
ServiceNumber : 0x7a
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80570fd7
CurrentHandler : 0xb7ae010e
ServiceNumber : 0x7d
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSemaphore
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8059efc5
CurrentHandler : 0xb7ade4c8
ServiceNumber : 0x7e
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8058a1bd
CurrentHandler : 0xb7adc7be
ServiceNumber : 0x80
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80570a6d
CurrentHandler : 0xb7adc13a
ServiceNumber : 0xa0
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryMultipleValueKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8064e320
CurrentHandler : 0xb7adbd72
ServiceNumber : 0xa1
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQuerySection
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057d4cc
CurrentHandler : 0xb7ae06ae
ServiceNumber : 0xa7
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryValueKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8056a1f1
CurrentHandler : 0xb7adb99c
ServiceNumber : 0xb1
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueueApcThread
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8059108b
CurrentHandler : 0xb7adffa0
ServiceNumber : 0xb4
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRenameKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8064e79e
CurrentHandler : 0xb7adbc2c
ServiceNumber : 0xc0
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwReplaceKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8064f0fa
CurrentHandler : 0xb7adaf16
ServiceNumber : 0xc1
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwReplyPort
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057ccda
CurrentHandler : 0xb7ade82c
ServiceNumber : 0xc2
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwReplyWaitReceivePort
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8056b82e
CurrentHandler : 0xb7ade6f2
ServiceNumber : 0xc3
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRequestWaitReplyPort
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80576ce6
CurrentHandler : 0xb7adf8b4
ServiceNumber : 0xc8
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRestoreKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8064ec91
CurrentHandler : 0xb7adb28e
ServiceNumber : 0xcc
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwResumeThread
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8058ecb2
CurrentHandler : 0xb7ae0bc8
ServiceNumber : 0xce
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSaveKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8064ed92
CurrentHandler : 0xb7adaeae
ServiceNumber : 0xcf
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSecureConnectPort
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8058f4de
CurrentHandler : 0xb7addb0e
ServiceNumber : 0xd2
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetContextThread
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8062dcdf
CurrentHandler : 0xb7adce38
ServiceNumber : 0xd5
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationToken
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805a86f0
CurrentHandler : 0xb7adf154
ServiceNumber : 0xe6
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSecurityObject
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8059b19b
CurrentHandler : 0xb7adfdaa
ServiceNumber : 0xed
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805a7bdd
CurrentHandler : 0xb7ae07fe
ServiceNumber : 0xf0
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80572889
CurrentHandler : 0xb7adb816
ServiceNumber : 0xf7
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendProcess
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8062f8c1
CurrentHandler : 0xb7ae08f0
ServiceNumber : 0xfd
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendThread
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805e045e
CurrentHandler : 0xb7ae0a2a
ServiceNumber : 0xfe
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x80649ce3
CurrentHandler : 0xb7adfa3e
ServiceNumber : 0xff
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805822e0
CurrentHandler : 0xb7adca68
ServiceNumber : 0x101
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057b885
CurrentHandler : 0xb7adc9c8
ServiceNumber : 0x102
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwUnmapViewOfSection
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x805736e6
CurrentHandler : 0xb7ae0552
ServiceNumber : 0x10b
ModuleName : 3350756drv.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path : C:\WINDOWS\system32\DRIVERS\3350756drv.sys
OriginalHandler : 0x8057e420
CurrentHandler : 0xb7adcb52
ServiceNumber : 0x115
ModuleName : 3350756drv.sys
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.
  • 0

#9
maliprog
Posted 15 May 2012 - 02:34 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Generally my system has been fine except that generic variations of the virus have arisen that AVG keeps blocking.


What do you mean by this? AVG still finds malware?

Can you give me path or info where does AVG finds it? Removal report or any AVG log.
  • 0

#10
mr_sledgeka
Posted 15 May 2012 - 05:27 AM

mr_sledgeka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
When AVG blocks the virus it comes up sometimes as 'Generic variations' of the Trojan horse. I have attached a screen shot of AVG Virus Vault log which has path destinations look at the ones for today 15.5.2012.

Attached Thumbnails

  • AVG Virus Vault Log.jpg

  • 0

#11
maliprog
Posted 15 May 2012 - 05:30 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I see it now. We just need to empty your restore point.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#12
mr_sledgeka
Posted 16 May 2012 - 02:22 AM

mr_sledgeka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I downloaded OTL to the desktop tried opening it and it keeps crashing. I restarted the PC and tried downloading OTL again it crashed again.What other tool can I use?
  • 0

#13
maliprog
Posted 16 May 2012 - 03:05 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
It's OK. You can do this manually too.

Follow This link and just Disable and then Enable System Restore one time.

After this test your system. It should be good as new :)
  • 0

#14
maliprog
Posted 20 May 2012 - 11:26 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mr_sledgeka,

Are you still with me? Did you manage to do last step?
  • 0

#15
maliprog
Posted 23 May 2012 - 11:22 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP