Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have Dr Watson errors on my computer [Solved]

Started by gary55 , May 14 2012 06:08 PM

  • This topic is locked This topic is locked

#16
CompCav
Posted 16 May 2012 - 08:11 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the log.

Please run both tools and report the logs for Post #14


Regards,

CompCav
  • 0

Advertisements

#17
gary55
Posted 16 May 2012 - 08:54 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
i ran both mgadiag and wvcheck but i can find wv check info only. here it is below...

The mgadiag check said it was genuine. can you tell me where it went on my computer? so i can copy and paste it to you?

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2247_16-05-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-03-08 12:24:07
Last Success Time for Update Download: 2011-02-10 12:27:07
Last Success Time for Update Installation: 2011-02-10 22:10:51


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 2247_16-05-2012 --------
  • 0

#18
CompCav
Posted 16 May 2012 - 09:22 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts

The mgadiag check said it was genuine. can you tell me where it went on my computer?

Click the Copy button on the page where it shows the data when the tool runs, then come back here and in the reply area right click and then click paste and it will put it here then click add reply.
  • 0

#19
gary55
Posted 17 May 2012 - 05:51 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Great! it worked. I have posted the info below. thank you!




Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-P8J86-GM386-WW82G
Windows Product Key Hash: zuDGxECwTu4/qCnR6knA0/htpgw=
Windows Product ID: 00740-311-4279823-22720
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {CE36B575-68D9-4333-A7BA-1BB4723A04FE}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-b063_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_78155E4D-232-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CE36B575-68D9-4333-A7BA-1BB4723A04FE}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WW82G</PKey><PID>00740-311-4279823-22720</PID><PIDType>5</PIDType><SID>S-1-5-21-725345543-57989841-1644491937</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq dc5100 SFF(RA198US)</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786C2 v01.07</Version><SMBIOSVersion major="2" minor="3"/><Date>20050825000000.000000+000</Date></BIOS><HWID>8D413F470184407D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17087</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 9C19:Compaq Computer Corporation|1155C:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|EAF8:Compaq Computer Corporation|11583:Compaq Computer Corporation|11583:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company|EAF8:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
  • 0

#20
CompCav
Posted 17 May 2012 - 07:23 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Step 2.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

Please post:

ComboFix.txt
TDSSKiller log

Update me on any changes in your computer issues
  • 0

#21
gary55
Posted 18 May 2012 - 03:54 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
combofix did not run. it stalled. what should i do next? thank you...
  • 0

#22
CompCav
Posted 18 May 2012 - 03:59 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try to run it in safe mode with networking and make sure if it reboots to send it back into safe mode to finish.
  • 0

#23
gary55
Posted 18 May 2012 - 05:05 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
it ran for about 2 minutes in safe mode with networking and then stalled. (combofix)

ran tdss and no cure situation came up. here's the results Thanks again...

19:37:47.0437 1164 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
19:37:47.0453 1164 ============================================================
19:37:47.0453 1164 Current date / time: 2012/05/18 19:37:47.0453
19:37:47.0453 1164 SystemInfo:
19:37:47.0453 1164
19:37:47.0453 1164 OS Version: 5.1.2600 ServicePack: 3.0
19:37:47.0453 1164 Product type: Workstation
19:37:47.0453 1164 ComputerName: GARY-0587134ADE
19:37:47.0453 1164 UserName: Gary
19:37:47.0453 1164 Windows directory: C:\WINDOWS
19:37:47.0453 1164 System windows directory: C:\WINDOWS
19:37:47.0453 1164 Processor architecture: Intel x86
19:37:47.0453 1164 Number of processors: 2
19:37:47.0453 1164 Page size: 0x1000
19:37:47.0453 1164 Boot type: Normal boot
19:37:47.0453 1164 ============================================================
19:37:48.0671 1164 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:37:48.0671 1164 Drive \Device\Harddisk1\DR4 - Size: 0x3DF80000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:37:48.0671 1164 ============================================================
19:37:48.0671 1164 \Device\Harddisk0\DR0:
19:37:48.0671 1164 MBR partitions:
19:37:48.0671 1164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D73C3B1
19:37:48.0703 1164 \Device\Harddisk1\DR4:
19:37:48.0703 1164 MBR partitions:
19:37:48.0703 1164 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0x1EFBE0
19:37:48.0703 1164 ============================================================
19:37:48.0734 1164 C: <-> \Device\Harddisk0\DR0\Partition0
19:37:48.0734 1164 ============================================================
19:37:48.0734 1164 Initialize success
19:37:48.0734 1164 ============================================================
19:39:28.0468 3292 ============================================================
19:39:28.0468 3292 Scan started
19:39:28.0468 3292 Mode: Manual; SigCheck; TDLFS;
19:39:28.0468 3292 ============================================================
19:39:28.0656 3292 Abiosdsk - ok
19:39:28.0656 3292 abp480n5 - ok
19:39:28.0703 3292 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:39:30.0093 3292 ACPI - ok
19:39:30.0109 3292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:39:30.0265 3292 ACPIEC - ok
19:39:30.0328 3292 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:30.0343 3292 AdobeFlashPlayerUpdateSvc - ok
19:39:30.0343 3292 adpu160m - ok
19:39:30.0453 3292 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
19:39:30.0484 3292 AdvancedSystemCareService5 - ok
19:39:30.0515 3292 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
19:39:30.0531 3292 aeaudio ( UnsignedFile.Multi.Generic ) - warning
19:39:30.0531 3292 aeaudio - detected UnsignedFile.Multi.Generic (1)
19:39:30.0562 3292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:39:30.0687 3292 aec - ok
19:39:30.0734 3292 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:39:30.0765 3292 AFD - ok
19:39:30.0781 3292 Aha154x - ok
19:39:30.0781 3292 aic78u2 - ok
19:39:30.0781 3292 aic78xx - ok
19:39:30.0812 3292 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:39:30.0953 3292 Alerter - ok
19:39:30.0968 3292 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:39:31.0031 3292 ALG - ok
19:39:31.0031 3292 AliIde - ok
19:39:31.0031 3292 amsint - ok
19:39:31.0046 3292 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:39:31.0109 3292 AppMgmt - ok
19:39:31.0109 3292 asc - ok
19:39:31.0109 3292 asc3350p - ok
19:39:31.0125 3292 asc3550 - ok
19:39:31.0140 3292 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
19:39:31.0156 3292 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
19:39:31.0156 3292 ASPI32 - detected UnsignedFile.Multi.Generic (1)
19:39:31.0203 3292 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:39:31.0234 3292 aspnet_state - ok
19:39:31.0265 3292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:39:31.0390 3292 AsyncMac - ok
19:39:31.0421 3292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:39:31.0546 3292 atapi - ok
19:39:31.0546 3292 Atdisk - ok
19:39:31.0562 3292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:39:31.0703 3292 Atmarpc - ok
19:39:31.0703 3292 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:39:31.0828 3292 AudioSrv - ok
19:39:31.0859 3292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:39:31.0968 3292 audstub - ok
19:39:32.0000 3292 b57w2k (5175e788bcd1cb7345ab21f3e14369d2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:39:32.0031 3292 b57w2k - ok
19:39:32.0062 3292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:39:32.0187 3292 Beep - ok
19:39:32.0218 3292 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:39:32.0359 3292 BITS - ok
19:39:32.0390 3292 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
19:39:32.0421 3292 Blfp - ok
19:39:32.0453 3292 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:39:32.0578 3292 Browser - ok
19:39:32.0593 3292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:39:32.0734 3292 cbidf2k - ok
19:39:32.0765 3292 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:39:32.0875 3292 CCDECODE - ok
19:39:32.0890 3292 cd20xrnt - ok
19:39:32.0906 3292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:39:33.0031 3292 Cdaudio - ok
19:39:33.0062 3292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:39:33.0171 3292 Cdfs - ok
19:39:33.0203 3292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:39:33.0328 3292 Cdrom - ok
19:39:33.0328 3292 Changer - ok
19:39:33.0359 3292 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:39:33.0468 3292 CiSvc - ok
19:39:33.0484 3292 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:39:33.0609 3292 ClipSrv - ok
19:39:33.0640 3292 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:33.0687 3292 clr_optimization_v2.0.50727_32 - ok
19:39:33.0687 3292 CmdIde - ok
19:39:33.0687 3292 COMSysApp - ok
19:39:33.0703 3292 Cpqarray - ok
19:39:33.0734 3292 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:39:33.0859 3292 CryptSvc - ok
19:39:33.0875 3292 dac2w2k - ok
19:39:33.0875 3292 dac960nt - ok
19:39:33.0906 3292 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:39:33.0953 3292 DcomLaunch - ok
19:39:33.0984 3292 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:39:34.0109 3292 Dhcp - ok
19:39:34.0125 3292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:39:34.0250 3292 Disk - ok
19:39:34.0265 3292 dmadmin - ok
19:39:34.0312 3292 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:39:34.0453 3292 dmboot - ok
19:39:34.0484 3292 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:39:34.0609 3292 dmio - ok
19:39:34.0640 3292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:39:34.0750 3292 dmload - ok
19:39:34.0765 3292 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:39:34.0890 3292 dmserver - ok
19:39:34.0921 3292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:39:35.0046 3292 DMusic - ok
19:39:35.0078 3292 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
19:39:35.0187 3292 Dnscache - ok
19:39:35.0218 3292 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:39:35.0359 3292 Dot3svc - ok
19:39:35.0359 3292 dpti2o - ok
19:39:35.0390 3292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:39:35.0515 3292 drmkaud - ok
19:39:35.0531 3292 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:39:35.0640 3292 EapHost - ok
19:39:35.0656 3292 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:39:35.0781 3292 ERSvc - ok
19:39:35.0828 3292 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:39:35.0843 3292 Eventlog - ok
19:39:35.0890 3292 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:39:35.0921 3292 EventSystem - ok
19:39:35.0953 3292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:39:36.0078 3292 Fastfat - ok
19:39:36.0093 3292 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:39:36.0218 3292 FastUserSwitchingCompatibility - ok
19:39:36.0250 3292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:39:36.0359 3292 Fdc - ok
19:39:36.0375 3292 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:39:36.0515 3292 Fips - ok
19:39:36.0515 3292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:39:36.0625 3292 Flpydisk - ok
19:39:36.0656 3292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:39:36.0765 3292 FltMgr - ok
19:39:36.0843 3292 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:39:36.0859 3292 FontCache3.0.0.0 - ok
19:39:36.0890 3292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:39:37.0000 3292 Fs_Rec - ok
19:39:37.0015 3292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:39:37.0140 3292 Ftdisk - ok
19:39:37.0156 3292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:39:37.0171 3292 GEARAspiWDM - ok
19:39:37.0203 3292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:39:37.0328 3292 Gpc - ok
19:39:37.0390 3292 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:39:37.0515 3292 helpsvc - ok
19:39:37.0515 3292 HidServ - ok
19:39:37.0546 3292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:39:37.0671 3292 HidUsb - ok
19:39:37.0703 3292 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:39:37.0828 3292 hkmsvc - ok
19:39:37.0828 3292 hpn - ok
19:39:37.0843 3292 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:39:37.0953 3292 HPZid412 - ok
19:39:37.0953 3292 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:39:37.0984 3292 HPZipr12 - ok
19:39:38.0000 3292 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:39:38.0046 3292 HPZius12 - ok
19:39:38.0093 3292 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:39:38.0140 3292 HTTP - ok
19:39:38.0156 3292 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:39:38.0296 3292 HTTPFilter - ok
19:39:38.0296 3292 i2omgmt - ok
19:39:38.0296 3292 i2omp - ok
19:39:38.0328 3292 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:39:38.0453 3292 i8042prt - ok
19:39:38.0671 3292 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:39:38.0921 3292 ialm - ok
19:39:39.0046 3292 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:39:39.0078 3292 idsvc - ok
19:39:39.0156 3292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:39:39.0296 3292 Imapi - ok
19:39:39.0328 3292 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:39:39.0437 3292 ImapiService - ok
19:39:39.0453 3292 ini910u - ok
19:39:39.0484 3292 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:39:39.0609 3292 IntelIde - ok
19:39:39.0625 3292 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:39:39.0765 3292 intelppm - ok
19:39:39.0781 3292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:39:39.0890 3292 Ip6Fw - ok
19:39:39.0921 3292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:39:40.0046 3292 IpFilterDriver - ok
19:39:40.0062 3292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:39:40.0171 3292 IpInIp - ok
19:39:40.0187 3292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:39:40.0312 3292 IpNat - ok
19:39:40.0343 3292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:39:40.0453 3292 IPSec - ok
19:39:40.0468 3292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:39:40.0515 3292 IRENUM - ok
19:39:40.0562 3292 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:39:40.0671 3292 isapnp - ok
19:39:40.0765 3292 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:39:40.0765 3292 JavaQuickStarterService - ok
19:39:40.0796 3292 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:39:40.0937 3292 Kbdclass - ok
19:39:40.0953 3292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:39:41.0078 3292 kmixer - ok
19:39:41.0171 3292 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
19:39:41.0187 3292 Kodak AiO Network Discovery Service - ok
19:39:41.0218 3292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:39:41.0281 3292 KSecDD - ok
19:39:41.0312 3292 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:39:41.0359 3292 LanmanServer - ok
19:39:41.0390 3292 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:39:41.0421 3292 lanmanworkstation - ok
19:39:41.0421 3292 lbrtfdc - ok
19:39:41.0453 3292 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:39:41.0578 3292 LmHosts - ok
19:39:41.0593 3292 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:39:41.0734 3292 Messenger - ok
19:39:41.0765 3292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:39:41.0875 3292 mnmdd - ok
19:39:41.0890 3292 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:39:42.0015 3292 mnmsrvc - ok
19:39:42.0031 3292 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:39:42.0156 3292 Modem - ok
19:39:42.0171 3292 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:39:42.0312 3292 Mouclass - ok
19:39:42.0328 3292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:39:42.0453 3292 MountMgr - ok
19:39:42.0453 3292 mraid35x - ok
19:39:42.0468 3292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:39:42.0593 3292 MRxDAV - ok
19:39:42.0640 3292 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:39:42.0703 3292 MRxSmb - ok
19:39:42.0750 3292 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:39:42.0890 3292 MSDTC - ok
19:39:42.0921 3292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:39:43.0046 3292 Msfs - ok
19:39:43.0046 3292 MSIServer - ok
19:39:43.0078 3292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:39:43.0203 3292 MSKSSRV - ok
19:39:43.0234 3292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:39:43.0359 3292 MSPCLOCK - ok
19:39:43.0375 3292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:39:43.0500 3292 MSPQM - ok
19:39:43.0531 3292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:39:43.0640 3292 mssmbios - ok
19:39:43.0656 3292 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:39:43.0796 3292 MSTEE - ok
19:39:43.0812 3292 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:39:43.0921 3292 Mup - ok
19:39:43.0937 3292 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:39:44.0062 3292 NABTSFEC - ok
19:39:44.0093 3292 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:39:44.0218 3292 napagent - ok
19:39:44.0250 3292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:39:44.0375 3292 NDIS - ok
19:39:44.0390 3292 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:39:44.0500 3292 NdisIP - ok
19:39:44.0531 3292 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:39:44.0640 3292 NdisTapi - ok
19:39:44.0656 3292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:39:44.0765 3292 Ndisuio - ok
19:39:44.0781 3292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:39:44.0906 3292 NdisWan - ok
19:39:44.0906 3292 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:39:44.0953 3292 NDProxy - ok
19:39:44.0984 3292 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
19:39:45.0000 3292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:45.0000 3292 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:45.0031 3292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:39:45.0140 3292 NetBIOS - ok
19:39:45.0156 3292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:39:45.0265 3292 NetBT - ok
19:39:45.0296 3292 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:39:45.0406 3292 NetDDE - ok
19:39:45.0406 3292 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:39:45.0515 3292 NetDDEdsdm - ok
19:39:45.0546 3292 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:39:45.0656 3292 Netlogon - ok
19:39:45.0671 3292 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:39:45.0796 3292 Netman - ok
19:39:45.0875 3292 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:45.0890 3292 NetTcpPortSharing - ok
19:39:45.0953 3292 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
19:39:46.0000 3292 Nla - ok
19:39:46.0062 3292 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
19:39:46.0125 3292 nmservice - ok
19:39:46.0171 3292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:39:46.0296 3292 Npfs - ok
19:39:46.0359 3292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:39:46.0484 3292 Ntfs - ok
19:39:46.0500 3292 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:39:46.0609 3292 NtLmSsp - ok
19:39:46.0640 3292 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:39:46.0765 3292 NtmsSvc - ok
19:39:46.0796 3292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:39:46.0906 3292 Null - ok
19:39:46.0921 3292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:39:47.0046 3292 NwlnkFlt - ok
19:39:47.0109 3292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:39:47.0250 3292 NwlnkFwd - ok
19:39:48.0062 3292 nywuko (344770974dce3c039b48d27bd4e9a114) C:\WINDOWS\system32\bgrps.dll
19:39:48.0062 3292 Suspicious file (NoAccess): C:\WINDOWS\system32\bgrps.dll. md5: 344770974dce3c039b48d27bd4e9a114
19:39:48.0062 3292 nywuko ( LockedFile.Multi.Generic ) - warning
19:39:48.0062 3292 nywuko - detected LockedFile.Multi.Generic (1)
19:39:49.0000 3292 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:39:49.0171 3292 Parport - ok
19:39:49.0703 3292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:39:49.0859 3292 PartMgr - ok
19:39:49.0906 3292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:39:50.0046 3292 ParVdm - ok
19:39:50.0296 3292 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:39:50.0437 3292 PCI - ok
19:39:50.0437 3292 PCIDump - ok
19:39:50.0500 3292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
19:39:50.0640 3292 PCIIde - ok
19:39:51.0328 3292 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:39:51.0500 3292 Pcmcia - ok
19:39:51.0500 3292 PDCOMP - ok
19:39:51.0500 3292 PDFRAME - ok
19:39:51.0515 3292 PDRELI - ok
19:39:51.0515 3292 PDRFRAME - ok
19:39:51.0515 3292 perc2 - ok
19:39:51.0531 3292 perc2hib - ok
19:39:52.0250 3292 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
19:39:52.0375 3292 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
19:39:52.0375 3292 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
19:39:52.0468 3292 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:39:52.0484 3292 PlugPlay - ok
19:39:52.0531 3292 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
19:39:52.0546 3292 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:52.0546 3292 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:52.0593 3292 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
19:39:52.0593 3292 pnarp - ok
19:39:52.0593 3292 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:39:52.0765 3292 PolicyAgent - ok
19:39:52.0796 3292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:39:52.0984 3292 PptpMiniport - ok
19:39:52.0984 3292 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:39:53.0140 3292 ProtectedStorage - ok
19:39:53.0171 3292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:39:53.0359 3292 PSched - ok
19:39:53.0375 3292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:39:53.0546 3292 Ptilink - ok
19:39:53.0593 3292 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
19:39:53.0593 3292 purendis - ok
19:39:53.0625 3292 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:39:53.0640 3292 PxHelp20 - ok
19:39:53.0640 3292 ql1080 - ok
19:39:53.0656 3292 Ql10wnt - ok
19:39:53.0656 3292 ql12160 - ok
19:39:53.0671 3292 ql1240 - ok
19:39:53.0671 3292 ql1280 - ok
19:39:53.0703 3292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:39:53.0859 3292 RasAcd - ok
19:39:53.0890 3292 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:39:54.0062 3292 RasAuto - ok
19:39:54.0109 3292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:39:54.0265 3292 Rasl2tp - ok
19:39:54.0281 3292 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:39:54.0437 3292 RasMan - ok
19:39:54.0453 3292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:39:54.0609 3292 RasPppoe - ok
19:39:54.0625 3292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:39:54.0750 3292 Raspti - ok
19:39:54.0953 3292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:39:55.0062 3292 Rdbss - ok
19:39:55.0078 3292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:39:55.0171 3292 RDPCDD - ok
19:39:55.0218 3292 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:39:55.0328 3292 rdpdr - ok
19:39:55.0359 3292 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:39:55.0468 3292 RDPWD - ok
19:39:55.0500 3292 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:39:55.0609 3292 RDSessMgr - ok
19:39:55.0640 3292 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:39:55.0734 3292 redbook - ok
19:39:55.0796 3292 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:39:55.0953 3292 RemoteAccess - ok
19:39:55.0984 3292 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:39:56.0093 3292 RemoteRegistry - ok
19:39:56.0109 3292 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:39:56.0375 3292 RpcLocator - ok
19:39:56.0421 3292 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:39:56.0453 3292 RpcSs - ok
19:39:56.0484 3292 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:39:56.0593 3292 RSVP - ok
19:39:56.0625 3292 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:39:56.0734 3292 SamSs - ok
19:39:56.0765 3292 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:39:56.0890 3292 SCardSvr - ok
19:39:56.0921 3292 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:39:57.0031 3292 Schedule - ok
19:39:57.0062 3292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:39:57.0109 3292 Secdrv - ok
19:39:57.0140 3292 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:39:57.0250 3292 seclogon - ok
19:39:57.0250 3292 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:39:57.0375 3292 SENS - ok
19:39:57.0390 3292 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:39:57.0484 3292 serenum - ok
19:39:57.0500 3292 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:39:57.0609 3292 Serial - ok
19:39:57.0625 3292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:39:57.0734 3292 Sfloppy - ok
19:39:57.0875 3292 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:39:58.0000 3292 SharedAccess - ok
19:39:58.0031 3292 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:39:58.0140 3292 ShellHWDetection - ok
19:39:58.0140 3292 Simbad - ok
19:39:58.0171 3292 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:39:58.0281 3292 SLIP - ok
19:39:58.0328 3292 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys
19:39:58.0390 3292 smwdm ( UnsignedFile.Multi.Generic ) - warning
19:39:58.0390 3292 smwdm - detected UnsignedFile.Multi.Generic (1)
19:39:58.0453 3292 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
19:39:58.0468 3292 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
19:39:58.0468 3292 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
19:39:58.0468 3292 Sparrow - ok
19:39:58.0484 3292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:39:58.0609 3292 splitter - ok
19:39:58.0640 3292 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:39:58.0656 3292 Spooler - ok
19:39:58.0687 3292 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:39:58.0750 3292 sr - ok
19:39:58.0781 3292 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:39:58.0828 3292 srservice - ok
19:39:58.0875 3292 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
19:39:58.0890 3292 Srv - ok
19:39:58.0953 3292 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:39:59.0015 3292 SSDPSRV - ok
19:39:59.0093 3292 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:39:59.0203 3292 stisvc - ok
19:39:59.0218 3292 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:39:59.0343 3292 streamip - ok
19:39:59.0375 3292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:39:59.0468 3292 swenum - ok
19:39:59.0500 3292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:39:59.0609 3292 swmidi - ok
19:39:59.0625 3292 SwPrv - ok
19:39:59.0625 3292 symc810 - ok
19:39:59.0625 3292 symc8xx - ok
19:39:59.0640 3292 sym_hi - ok
19:39:59.0640 3292 sym_u3 - ok
19:39:59.0671 3292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:39:59.0781 3292 sysaudio - ok
19:39:59.0812 3292 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:39:59.0937 3292 SysmonLog - ok
19:39:59.0953 3292 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:40:00.0062 3292 TapiSrv - ok
19:40:00.0093 3292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:40:00.0109 3292 Tcpip - ok
19:40:00.0140 3292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:40:00.0250 3292 TDPIPE - ok
19:40:00.0250 3292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:40:00.0359 3292 TDTCP - ok
19:40:00.0375 3292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:40:00.0484 3292 TermDD - ok
19:40:00.0500 3292 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:40:00.0609 3292 TermService - ok
19:40:00.0640 3292 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:40:00.0734 3292 Themes - ok
19:40:00.0765 3292 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:40:00.0828 3292 TlntSvr - ok
19:40:00.0828 3292 TosIde - ok
19:40:00.0859 3292 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:40:00.0968 3292 TrkWks - ok
19:40:01.0000 3292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:40:01.0109 3292 Udfs - ok
19:40:01.0125 3292 ultra - ok
19:40:01.0203 3292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:40:01.0328 3292 Update - ok
19:40:01.0343 3292 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:40:01.0421 3292 upnphost - ok
19:40:01.0421 3292 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:40:01.0531 3292 UPS - ok
19:40:01.0546 3292 USBAAPL - ok
19:40:01.0593 3292 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:40:01.0734 3292 usbaudio - ok
19:40:01.0750 3292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:40:01.0875 3292 usbccgp - ok
19:40:01.0890 3292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:40:02.0015 3292 usbehci - ok
19:40:02.0031 3292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:40:02.0156 3292 usbhub - ok
19:40:02.0187 3292 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:40:02.0312 3292 usbprint - ok
19:40:02.0312 3292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:40:02.0421 3292 usbscan - ok
19:40:02.0437 3292 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
19:40:02.0546 3292 usbser - ok
19:40:02.0593 3292 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:02.0718 3292 usbstor - ok
19:40:02.0750 3292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:40:02.0859 3292 usbuhci - ok
19:40:02.0875 3292 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:40:03.0000 3292 usbvideo - ok
19:40:03.0031 3292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:40:03.0140 3292 VgaSave - ok
19:40:03.0140 3292 ViaIde - ok
19:40:03.0437 3292 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:40:03.0578 3292 VolSnap - ok
19:40:03.0593 3292 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:40:03.0671 3292 VSS - ok
19:40:03.0687 3292 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:40:03.0812 3292 W32Time - ok
19:40:03.0843 3292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:40:03.0953 3292 Wanarp - ok
19:40:03.0968 3292 WDICA - ok
19:40:04.0000 3292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:40:04.0125 3292 wdmaud - ok
19:40:04.0140 3292 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:40:04.0250 3292 WebClient - ok
19:40:04.0296 3292 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:40:04.0406 3292 winmgmt - ok
19:40:04.0437 3292 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
19:40:04.0562 3292 WmdmPmSN - ok
19:40:04.0609 3292 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:40:04.0671 3292 Wmi - ok
19:40:04.0687 3292 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:40:04.0796 3292 WmiAcpi - ok
19:40:04.0828 3292 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:40:04.0953 3292 WmiApSrv - ok
19:40:04.0968 3292 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:40:05.0093 3292 WS2IFSL - ok
19:40:05.0125 3292 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:40:05.0250 3292 wscsvc - ok
19:40:05.0281 3292 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:40:05.0390 3292 WSTCODEC - ok
19:40:05.0406 3292 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:40:05.0515 3292 wuauserv - ok
19:40:05.0562 3292 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:40:05.0687 3292 WZCSVC - ok
19:40:05.0703 3292 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:40:05.0812 3292 xmlprov - ok
19:40:05.0812 3292 yywpfqv - ok
19:40:05.0828 3292 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
19:40:05.0890 3292 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:40:05.0890 3292 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:40:05.0890 3292 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
19:40:06.0046 3292 \Device\Harddisk1\DR4 - ok
19:40:06.0062 3292 Boot (0x1200) (3e6940b1d7b8e7a80923199b265b76f1) \Device\Harddisk0\DR0\Partition0
19:40:06.0062 3292 \Device\Harddisk0\DR0\Partition0 - ok
19:40:06.0062 3292 Boot (0x1200) (1dc3a9cfb2056ac5af7603387d3904a0) \Device\Harddisk1\DR4\Partition0
19:40:06.0062 3292 \Device\Harddisk1\DR4\Partition0 - ok
19:40:06.0062 3292 ============================================================
19:40:06.0062 3292 Scan finished
19:40:06.0062 3292 ============================================================
19:40:06.0171 0480 Detected object count: 9
19:40:06.0171 0480 Actual detected object count: 9
19:41:01.0953 0480 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:01.0953 0480 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:01.0953 0480 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:01.0953 0480 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:01.0953 0480 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:01.0953 0480 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:01.0953 0480 nywuko ( LockedFile.Multi.Generic ) - skipped by user
19:41:01.0953 0480 nywuko ( LockedFile.Multi.Generic ) - User select action: Skip
19:41:01.0953 0480 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:01.0953 0480 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:01.0968 0480 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:01.0968 0480 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:01.0968 0480 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:01.0968 0480 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:01.0968 0480 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:01.0968 0480 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:01.0968 0480 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:41:01.0968 0480 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:46:26.0625 3432 ============================================================
19:46:26.0625 3432 Scan started
19:46:26.0625 3432 Mode: Manual; SigCheck; TDLFS;
19:46:26.0625 3432 ============================================================
19:46:26.0781 3432 Abiosdsk - ok
19:46:26.0781 3432 abp480n5 - ok
19:46:26.0812 3432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:27.0015 3432 ACPI - ok
19:46:27.0031 3432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:27.0156 3432 ACPIEC - ok
19:46:27.0218 3432 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:27.0234 3432 AdobeFlashPlayerUpdateSvc - ok
19:46:27.0234 3432 adpu160m - ok
19:46:27.0343 3432 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
19:46:27.0375 3432 AdvancedSystemCareService5 - ok
19:46:27.0406 3432 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
19:46:27.0421 3432 aeaudio ( UnsignedFile.Multi.Generic ) - warning
19:46:27.0421 3432 aeaudio - detected UnsignedFile.Multi.Generic (1)
19:46:27.0453 3432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:46:27.0562 3432 aec - ok
19:46:27.0609 3432 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:46:27.0625 3432 AFD - ok
19:46:27.0640 3432 Aha154x - ok
19:46:27.0640 3432 aic78u2 - ok
19:46:27.0640 3432 aic78xx - ok
19:46:27.0671 3432 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:46:27.0781 3432 Alerter - ok
19:46:27.0796 3432 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:46:27.0843 3432 ALG - ok
19:46:27.0843 3432 AliIde - ok
19:46:27.0843 3432 amsint - ok
19:46:27.0859 3432 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:46:27.0906 3432 AppMgmt - ok
19:46:27.0921 3432 asc - ok
19:46:27.0921 3432 asc3350p - ok
19:46:27.0921 3432 asc3550 - ok
19:46:27.0953 3432 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
19:46:27.0953 3432 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
19:46:27.0953 3432 ASPI32 - detected UnsignedFile.Multi.Generic (1)
19:46:28.0015 3432 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:46:28.0015 3432 aspnet_state - ok
19:46:28.0046 3432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:28.0156 3432 AsyncMac - ok
19:46:28.0187 3432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:28.0296 3432 atapi - ok
19:46:28.0296 3432 Atdisk - ok
19:46:28.0312 3432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:28.0437 3432 Atmarpc - ok
19:46:28.0453 3432 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:46:28.0562 3432 AudioSrv - ok
19:46:28.0593 3432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:28.0703 3432 audstub - ok
19:46:28.0718 3432 b57w2k (5175e788bcd1cb7345ab21f3e14369d2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:46:28.0734 3432 b57w2k - ok
19:46:28.0765 3432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:28.0875 3432 Beep - ok
19:46:28.0921 3432 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:46:29.0046 3432 BITS - ok
19:46:29.0078 3432 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
19:46:29.0093 3432 Blfp - ok
19:46:29.0125 3432 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:46:29.0234 3432 Browser - ok
19:46:29.0250 3432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:29.0359 3432 cbidf2k - ok
19:46:29.0390 3432 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:46:29.0500 3432 CCDECODE - ok
19:46:29.0500 3432 cd20xrnt - ok
19:46:29.0531 3432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:29.0625 3432 Cdaudio - ok
19:46:29.0656 3432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:29.0750 3432 Cdfs - ok
19:46:29.0781 3432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:29.0890 3432 Cdrom - ok
19:46:29.0906 3432 Changer - ok
19:46:29.0921 3432 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:46:30.0015 3432 CiSvc - ok
19:46:30.0031 3432 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:46:30.0140 3432 ClipSrv - ok
19:46:30.0171 3432 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:30.0187 3432 clr_optimization_v2.0.50727_32 - ok
19:46:30.0187 3432 CmdIde - ok
19:46:30.0203 3432 COMSysApp - ok
19:46:30.0203 3432 Cpqarray - ok
19:46:30.0234 3432 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:46:30.0343 3432 CryptSvc - ok
19:46:30.0343 3432 dac2w2k - ok
19:46:30.0359 3432 dac960nt - ok
19:46:30.0406 3432 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:46:30.0421 3432 DcomLaunch - ok
19:46:30.0453 3432 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:46:30.0562 3432 Dhcp - ok
19:46:30.0593 3432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:30.0718 3432 Disk - ok
19:46:30.0718 3432 dmadmin - ok
19:46:30.0781 3432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:30.0906 3432 dmboot - ok
19:46:30.0921 3432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:46:31.0015 3432 dmio - ok
19:46:31.0031 3432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:31.0140 3432 dmload - ok
19:46:31.0156 3432 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:46:31.0265 3432 dmserver - ok
19:46:31.0296 3432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:31.0406 3432 DMusic - ok
19:46:31.0421 3432 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
19:46:31.0531 3432 Dnscache - ok
19:46:31.0546 3432 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:46:31.0656 3432 Dot3svc - ok
19:46:31.0656 3432 dpti2o - ok
19:46:31.0687 3432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:31.0781 3432 drmkaud - ok
19:46:31.0796 3432 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:46:31.0921 3432 EapHost - ok
19:46:31.0937 3432 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:46:32.0046 3432 ERSvc - ok
19:46:32.0078 3432 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:46:32.0093 3432 Eventlog - ok
19:46:32.0140 3432 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:46:32.0156 3432 EventSystem - ok
19:46:32.0203 3432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:32.0312 3432 Fastfat - ok
19:46:32.0328 3432 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:46:32.0421 3432 FastUserSwitchingCompatibility - ok
19:46:32.0437 3432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:46:32.0546 3432 Fdc - ok
19:46:32.0562 3432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:46:32.0671 3432 Fips - ok
19:46:32.0703 3432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:46:32.0796 3432 Flpydisk - ok
19:46:32.0828 3432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:46:32.0937 3432 FltMgr - ok
19:46:33.0015 3432 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:46:33.0015 3432 FontCache3.0.0.0 - ok
19:46:33.0046 3432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:33.0156 3432 Fs_Rec - ok
19:46:33.0171 3432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:33.0281 3432 Ftdisk - ok
19:46:33.0312 3432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:46:33.0328 3432 GEARAspiWDM - ok
19:46:33.0343 3432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:33.0453 3432 Gpc - ok
19:46:33.0531 3432 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:46:33.0640 3432 helpsvc - ok
19:46:33.0640 3432 HidServ - ok
19:46:33.0671 3432 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:33.0765 3432 HidUsb - ok
19:46:33.0796 3432 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:46:33.0890 3432 hkmsvc - ok
19:46:33.0906 3432 hpn - ok
19:46:33.0921 3432 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:46:33.0968 3432 HPZid412 - ok
19:46:33.0968 3432 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:46:34.0000 3432 HPZipr12 - ok
19:46:34.0031 3432 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:46:34.0062 3432 HPZius12 - ok
19:46:34.0093 3432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:34.0109 3432 HTTP - ok
19:46:34.0140 3432 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:46:34.0234 3432 HTTPFilter - ok
19:46:34.0250 3432 i2omgmt - ok
19:46:34.0250 3432 i2omp - ok
19:46:34.0281 3432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:46:34.0390 3432 i8042prt - ok
19:46:34.0609 3432 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:46:34.0734 3432 ialm - ok
19:46:34.0906 3432 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:46:34.0937 3432 idsvc - ok
19:46:35.0015 3432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:35.0109 3432 Imapi - ok
19:46:35.0140 3432 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:46:35.0250 3432 ImapiService - ok
19:46:35.0250 3432 ini910u - ok
19:46:35.0281 3432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:46:35.0390 3432 IntelIde - ok
19:46:35.0421 3432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:35.0531 3432 intelppm - ok
19:46:35.0546 3432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:46:35.0640 3432 Ip6Fw - ok
19:46:35.0671 3432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:35.0781 3432 IpFilterDriver - ok
19:46:35.0781 3432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:35.0875 3432 IpInIp - ok
19:46:35.0921 3432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:36.0031 3432 IpNat - ok
19:46:36.0046 3432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:36.0140 3432 IPSec - ok
19:46:36.0171 3432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:36.0218 3432 IRENUM - ok
19:46:36.0265 3432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:36.0359 3432 isapnp - ok
19:46:36.0421 3432 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:46:36.0437 3432 JavaQuickStarterService - ok
19:46:36.0468 3432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:36.0578 3432 Kbdclass - ok
19:46:36.0609 3432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:36.0734 3432 kmixer - ok
19:46:36.0859 3432 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
19:46:36.0875 3432 Kodak AiO Network Discovery Service - ok
19:46:36.0906 3432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:36.0921 3432 KSecDD - ok
19:46:36.0953 3432 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:46:36.0984 3432 LanmanServer - ok
19:46:37.0015 3432 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:46:37.0046 3432 lanmanworkstation - ok
19:46:37.0046 3432 lbrtfdc - ok
19:46:37.0078 3432 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:46:37.0187 3432 LmHosts - ok
19:46:37.0203 3432 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:46:37.0328 3432 Messenger - ok
19:46:37.0359 3432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:37.0468 3432 mnmdd - ok
19:46:37.0500 3432 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:46:37.0593 3432 mnmsrvc - ok
19:46:37.0625 3432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:46:37.0734 3432 Modem - ok
19:46:37.0765 3432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:37.0875 3432 Mouclass - ok
19:46:37.0890 3432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:38.0015 3432 MountMgr - ok
19:46:38.0015 3432 mraid35x - ok
19:46:38.0031 3432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:38.0140 3432 MRxDAV - ok
19:46:38.0203 3432 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:38.0218 3432 MRxSmb - ok
19:46:38.0250 3432 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:46:38.0359 3432 MSDTC - ok
19:46:38.0375 3432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:38.0500 3432 Msfs - ok
19:46:38.0500 3432 MSIServer - ok
19:46:38.0531 3432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:38.0656 3432 MSKSSRV - ok
19:46:38.0687 3432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:38.0796 3432 MSPCLOCK - ok
19:46:38.0812 3432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:38.0921 3432 MSPQM - ok
19:46:38.0953 3432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:39.0062 3432 mssmbios - ok
19:46:39.0078 3432 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:46:39.0203 3432 MSTEE - ok
19:46:39.0218 3432 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:46:39.0312 3432 Mup - ok
19:46:39.0359 3432 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:46:39.0468 3432 NABTSFEC - ok
19:46:39.0500 3432 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:46:39.0625 3432 napagent - ok
19:46:39.0640 3432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:39.0750 3432 NDIS - ok
19:46:39.0781 3432 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:46:39.0890 3432 NdisIP - ok
19:46:39.0906 3432 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:40.0015 3432 NdisTapi - ok
19:46:40.0046 3432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:40.0156 3432 Ndisuio - ok
19:46:40.0171 3432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:40.0296 3432 NdisWan - ok
19:46:40.0328 3432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:40.0343 3432 NDProxy - ok
19:46:40.0359 3432 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
19:46:40.0375 3432 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:46:40.0375 3432 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:46:40.0406 3432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:40.0531 3432 NetBIOS - ok
19:46:40.0546 3432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:40.0656 3432 NetBT - ok
19:46:40.0687 3432 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:46:40.0796 3432 NetDDE - ok
19:46:40.0796 3432 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:46:40.0890 3432 NetDDEdsdm - ok
19:46:40.0921 3432 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:41.0031 3432 Netlogon - ok
19:46:41.0062 3432 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:46:41.0171 3432 Netman - ok
19:46:41.0265 3432 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:41.0265 3432 NetTcpPortSharing - ok
19:46:41.0296 3432 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
19:46:41.0312 3432 Nla - ok
19:46:41.0390 3432 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
19:46:41.0421 3432 nmservice - ok
19:46:41.0468 3432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:41.0578 3432 Npfs - ok
19:46:41.0640 3432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:41.0750 3432 Ntfs - ok
19:46:41.0765 3432 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:41.0875 3432 NtLmSsp - ok
19:46:41.0906 3432 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:46:42.0015 3432 NtmsSvc - ok
19:46:42.0031 3432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:42.0140 3432 Null - ok
19:46:42.0171 3432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:42.0281 3432 NwlnkFlt - ok
19:46:42.0281 3432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:42.0375 3432 NwlnkFwd - ok
19:46:42.0406 3432 nywuko (344770974dce3c039b48d27bd4e9a114) C:\WINDOWS\system32\bgrps.dll
19:46:42.0406 3432 Suspicious file (NoAccess): C:\WINDOWS\system32\bgrps.dll. md5: 344770974dce3c039b48d27bd4e9a114
19:46:42.0406 3432 nywuko ( LockedFile.Multi.Generic ) - warning
19:46:42.0406 3432 nywuko - detected LockedFile.Multi.Generic (1)
19:46:42.0437 3432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:46:42.0546 3432 Parport - ok
19:46:42.0562 3432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:42.0671 3432 PartMgr - ok
19:46:42.0703 3432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:42.0812 3432 ParVdm - ok
19:46:42.0843 3432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:42.0953 3432 PCI - ok
19:46:42.0968 3432 PCIDump - ok
19:46:42.0968 3432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
19:46:43.0078 3432 PCIIde - ok
19:46:43.0078 3432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:43.0187 3432 Pcmcia - ok
19:46:43.0187 3432 PDCOMP - ok
19:46:43.0203 3432 PDFRAME - ok
19:46:43.0203 3432 PDRELI - ok
19:46:43.0203 3432 PDRFRAME - ok
19:46:43.0203 3432 perc2 - ok
19:46:43.0218 3432 perc2hib - ok
19:46:43.0328 3432 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
19:46:43.0359 3432 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
19:46:43.0359 3432 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
19:46:43.0390 3432 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:46:43.0406 3432 PlugPlay - ok
19:46:43.0437 3432 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
19:46:43.0453 3432 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:46:43.0453 3432 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:46:43.0468 3432 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
19:46:43.0484 3432 pnarp - ok
19:46:43.0484 3432 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:43.0578 3432 PolicyAgent - ok
19:46:43.0609 3432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:43.0703 3432 PptpMiniport - ok
19:46:43.0718 3432 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:43.0812 3432 ProtectedStorage - ok
19:46:43.0828 3432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:43.0921 3432 PSched - ok
19:46:43.0953 3432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:44.0062 3432 Ptilink - ok
19:46:44.0093 3432 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
19:46:44.0093 3432 purendis - ok
19:46:44.0125 3432 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:46:44.0140 3432 PxHelp20 - ok
19:46:44.0140 3432 ql1080 - ok
19:46:44.0140 3432 Ql10wnt - ok
19:46:44.0140 3432 ql12160 - ok
19:46:44.0156 3432 ql1240 - ok
19:46:44.0156 3432 ql1280 - ok
19:46:44.0171 3432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:44.0265 3432 RasAcd - ok
19:46:44.0296 3432 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:46:44.0406 3432 RasAuto - ok
19:46:44.0437 3432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:44.0546 3432 Rasl2tp - ok
19:46:44.0578 3432 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:46:44.0671 3432 RasMan - ok
19:46:44.0687 3432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:44.0781 3432 RasPppoe - ok
19:46:44.0812 3432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:44.0921 3432 Raspti - ok
19:46:44.0953 3432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:45.0062 3432 Rdbss - ok
19:46:45.0078 3432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:45.0171 3432 RDPCDD - ok
19:46:45.0218 3432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:45.0328 3432 rdpdr - ok
19:46:45.0359 3432 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:45.0468 3432 RDPWD - ok
19:46:45.0500 3432 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:46:45.0593 3432 RDSessMgr - ok
19:46:45.0609 3432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:45.0718 3432 redbook - ok
19:46:45.0750 3432 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:46:45.0875 3432 RemoteAccess - ok
19:46:45.0906 3432 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:46:46.0015 3432 RemoteRegistry - ok
19:46:46.0046 3432 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:46:46.0140 3432 RpcLocator - ok
19:46:46.0187 3432 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:46:46.0203 3432 RpcSs - ok
19:46:46.0234 3432 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:46:46.0359 3432 RSVP - ok
19:46:46.0390 3432 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:46.0500 3432 SamSs - ok
19:46:46.0531 3432 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:46:46.0656 3432 SCardSvr - ok
19:46:46.0687 3432 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:46:46.0796 3432 Schedule - ok
19:46:46.0812 3432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:46.0875 3432 Secdrv - ok
19:46:46.0890 3432 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:46:47.0000 3432 seclogon - ok
19:46:47.0000 3432 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:46:47.0109 3432 SENS - ok
19:46:47.0140 3432 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:46:47.0234 3432 serenum - ok
19:46:47.0250 3432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:46:47.0343 3432 Serial - ok
19:46:47.0359 3432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:47.0484 3432 Sfloppy - ok
19:46:47.0515 3432 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:46:47.0640 3432 SharedAccess - ok
19:46:47.0656 3432 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:46:47.0765 3432 ShellHWDetection - ok
19:46:47.0765 3432 Simbad - ok
19:46:47.0796 3432 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:46:47.0890 3432 SLIP - ok
19:46:47.0937 3432 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys
19:46:47.0968 3432 smwdm ( UnsignedFile.Multi.Generic ) - warning
19:46:47.0968 3432 smwdm - detected UnsignedFile.Multi.Generic (1)
19:46:48.0031 3432 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
19:46:48.0046 3432 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
19:46:48.0046 3432 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
19:46:48.0062 3432 Sparrow - ok
19:46:48.0078 3432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:46:48.0187 3432 splitter - ok
19:46:48.0218 3432 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:46:48.0234 3432 Spooler - ok
19:46:48.0265 3432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:48.0328 3432 sr - ok
19:46:48.0343 3432 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:46:48.0390 3432 srservice - ok
19:46:48.0437 3432 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:48.0453 3432 Srv - ok
19:46:48.0515 3432 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:46:48.0578 3432 SSDPSRV - ok
19:46:48.0609 3432 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:46:48.0734 3432 stisvc - ok
19:46:48.0750 3432 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:46:48.0875 3432 streamip - ok
19:46:48.0906 3432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:49.0015 3432 swenum - ok
19:46:49.0046 3432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:49.0156 3432 swmidi - ok
19:46:49.0156 3432 SwPrv - ok
19:46:49.0171 3432 symc810 - ok
19:46:49.0171 3432 symc8xx - ok
19:46:49.0171 3432 sym_hi - ok
19:46:49.0187 3432 sym_u3 - ok
19:46:49.0203 3432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:49.0312 3432 sysaudio - ok
19:46:49.0343 3432 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:46:49.0437 3432 SysmonLog - ok
19:46:49.0468 3432 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:46:49.0562 3432 TapiSrv - ok
19:46:49.0609 3432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:49.0640 3432 Tcpip - ok
19:46:49.0671 3432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:49.0765 3432 TDPIPE - ok
19:46:49.0781 3432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:49.0875 3432 TDTCP - ok
19:46:49.0890 3432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:50.0000 3432 TermDD - ok
19:46:50.0015 3432 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:46:50.0109 3432 TermService - ok
19:46:50.0140 3432 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:46:50.0250 3432 Themes - ok
19:46:50.0281 3432 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:46:50.0343 3432 TlntSvr - ok
19:46:50.0343 3432 TosIde - ok
19:46:50.0359 3432 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:46:50.0468 3432 TrkWks - ok
19:46:50.0500 3432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:50.0609 3432 Udfs - ok
19:46:50.0609 3432 ultra - ok
19:46:50.0640 3432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:50.0750 3432 Update - ok
19:46:50.0765 3432 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:46:50.0828 3432 upnphost - ok
19:46:50.0843 3432 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:46:50.0953 3432 UPS - ok
19:46:50.0968 3432 USBAAPL - ok
19:46:50.0984 3432 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:46:51.0093 3432 usbaudio - ok
19:46:51.0125 3432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:51.0234 3432 usbccgp - ok
19:46:51.0265 3432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:51.0375 3432 usbehci - ok
19:46:51.0390 3432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:51.0500 3432 usbhub - ok
19:46:51.0531 3432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:46:51.0640 3432 usbprint - ok
19:46:51.0656 3432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:51.0750 3432 usbscan - ok
19:46:51.0781 3432 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
19:46:51.0875 3432 usbser - ok
19:46:51.0906 3432 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:52.0015 3432 usbstor - ok
19:46:52.0031 3432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:46:52.0125 3432 usbuhci - ok
19:46:52.0156 3432 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:46:52.0250 3432 usbvideo - ok
19:46:52.0281 3432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:46:52.0390 3432 VgaSave - ok
19:46:52.0406 3432 ViaIde - ok
19:46:52.0421 3432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:52.0531 3432 VolSnap - ok
19:46:52.0562 3432 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:46:52.0625 3432 VSS - ok
19:46:52.0656 3432 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:46:52.0765 3432 W32Time - ok
19:46:52.0796 3432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:52.0921 3432 Wanarp - ok
19:46:52.0921 3432 WDICA - ok
19:46:52.0953 3432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:53.0062 3432 wdmaud - ok
19:46:53.0093 3432 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:46:53.0203 3432 WebClient - ok
19:46:53.0265 3432 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:46:53.0390 3432 winmgmt - ok
19:46:53.0421 3432 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
19:46:53.0546 3432 WmdmPmSN - ok
19:46:53.0593 3432 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:46:53.0640 3432 Wmi - ok
19:46:53.0671 3432 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:46:53.0765 3432 WmiAcpi - ok
19:46:53.0796 3432 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:46:53.0921 3432 WmiApSrv - ok
19:46:53.0937 3432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:46:54.0062 3432 WS2IFSL - ok
19:46:54.0078 3432 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:46:54.0203 3432 wscsvc - ok
19:46:54.0218 3432 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:46:54.0312 3432 WSTCODEC - ok
19:46:54.0343 3432 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:46:54.0468 3432 wuauserv - ok
19:46:54.0500 3432 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:46:54.0625 3432 WZCSVC - ok
19:46:54.0640 3432 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:46:54.0750 3432 xmlprov - ok
19:46:54.0750 3432 yywpfqv - ok
19:46:54.0781 3432 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
19:46:54.0828 3432 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:46:54.0828 3432 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:46:54.0843 3432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
19:46:54.0953 3432 \Device\Harddisk1\DR4 - ok
19:46:54.0953 3432 Boot (0x1200) (3e6940b1d7b8e7a80923199b265b76f1) \Device\Harddisk0\DR0\Partition0
19:46:54.0953 3432 \Device\Harddisk0\DR0\Partition0 - ok
19:46:54.0953 3432 Boot (0x1200) (1dc3a9cfb2056ac5af7603387d3904a0) \Device\Harddisk1\DR4\Partition0
19:46:54.0953 3432 \Device\Harddisk1\DR4\Partition0 - ok
19:46:54.0953 3432 ============================================================
19:46:54.0953 3432 Scan finished
19:46:54.0953 3432 ============================================================
19:46:54.0968 3360 Detected object count: 9
19:46:54.0968 3360 Actual detected object count: 9
19:48:00.0890 3360 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:00.0890 3360 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:48:00.0890 3360 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:00.0890 3360 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:48:00.0890 3360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:00.0890 3360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:48:00.0890 3360 nywuko ( LockedFile.Multi.Generic ) - skipped by user
19:48:00.0890 3360 nywuko ( LockedFile.Multi.Generic ) - User select action: Skip
19:48:00.0890 3360 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:00.0890 3360 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:48:00.0906 3360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:00.0906 3360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:48:00.0906 3360 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:00.0906 3360 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:48:00.0906 3360 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:00.0906 3360 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:48:00.0906 3360 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:48:00.0906 3360 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Edited by gary55, 18 May 2012 - 05:51 PM.

  • 0

#24
CompCav
Posted 18 May 2012 - 06:21 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Please rerun TDSSKiller but when you get to the stage to select an action please select Delete for this:

\Device\Harddisk0\DR0 ( TDSS File System )


Step 2.

As far as ComboFix it sometimes acts up like this so there is one more option to run:

Delete your current copy of ComboFix.
Download it again but save it as george

Then try to run it. If it still stalls out then please delete it again and redownload it and do not change the name this time.
Press Windows key + R

Then copy and paste this line in the box.

"C:\Documents and Settings\Gary\Desktop\Combofix" /nombr

Click OK


Step 3.

Please post:

TDSSKiller log
Combofix.txt



And provide an update on your computer issues.
  • 1

#25
gary55
Posted 18 May 2012 - 09:09 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
i re ran the TDSS and deleted the '\Device\Harddisk0\DR0 line. For some reason combofix would not run as George or a new downloaded copy of it NOT re-named!

This is the info after i deleted the line you advised me to (Device\Harddisk0\DR0}
My computer doesn't always error and freeze. when it does, it usually starts with Internet explorer error msg, then Dr Watson Error msg, then any various error msg that appear in the same type looking box as the first 2 do.. sometimes i can continue to use Windows. Then other times it freezes...no mouse/keyboard response etc. So i Ctrl-Alt-Del to get to restart. Ubuntu OS (when I choose it) will run just fine. is there any hope? Thanks for all your efforts!



22:56:05.0343 1068 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
22:56:05.0343 1068 ============================================================
22:56:05.0343 1068 Current date / time: 2012/05/18 22:56:05.0343
22:56:05.0343 1068 SystemInfo:
22:56:05.0343 1068
22:56:05.0343 1068 OS Version: 5.1.2600 ServicePack: 3.0
22:56:05.0343 1068 Product type: Workstation
22:56:05.0343 1068 ComputerName: GARY-0587134ADE
22:56:05.0343 1068 UserName: Gary
22:56:05.0343 1068 Windows directory: C:\WINDOWS
22:56:05.0343 1068 System windows directory: C:\WINDOWS
22:56:05.0343 1068 Processor architecture: Intel x86
22:56:05.0343 1068 Number of processors: 2
22:56:05.0343 1068 Page size: 0x1000
22:56:05.0343 1068 Boot type: Normal boot
22:56:05.0343 1068 ============================================================
22:56:06.0578 1068 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:56:06.0578 1068 ============================================================
22:56:06.0578 1068 \Device\Harddisk0\DR0:
22:56:06.0578 1068 MBR partitions:
22:56:06.0578 1068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D73C3B1
22:56:06.0625 1068 ============================================================
22:56:06.0656 1068 C: <-> \Device\Harddisk0\DR0\Partition0
22:56:06.0656 1068 ============================================================
22:56:06.0656 1068 Initialize success
22:56:06.0656 1068 ============================================================
22:56:15.0031 3744 ============================================================
22:56:15.0031 3744 Scan started
22:56:15.0031 3744 Mode: Manual; SigCheck; TDLFS;
22:56:15.0031 3744 ============================================================
22:56:15.0328 3744 Abiosdsk - ok
22:56:15.0328 3744 abp480n5 - ok
22:56:15.0375 3744 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:56:16.0468 3744 ACPI - ok
22:56:16.0484 3744 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:56:16.0640 3744 ACPIEC - ok
22:56:16.0703 3744 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:56:16.0718 3744 AdobeFlashPlayerUpdateSvc - ok
22:56:16.0718 3744 adpu160m - ok
22:56:16.0828 3744 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
22:56:16.0859 3744 AdvancedSystemCareService5 - ok
22:56:16.0890 3744 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
22:56:16.0906 3744 aeaudio ( UnsignedFile.Multi.Generic ) - warning
22:56:16.0906 3744 aeaudio - detected UnsignedFile.Multi.Generic (1)
22:56:16.0937 3744 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:56:17.0062 3744 aec - ok
22:56:17.0093 3744 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:56:17.0140 3744 AFD - ok
22:56:17.0156 3744 Aha154x - ok
22:56:17.0156 3744 aic78u2 - ok
22:56:17.0156 3744 aic78xx - ok
22:56:17.0187 3744 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:56:17.0328 3744 Alerter - ok
22:56:17.0343 3744 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:56:17.0406 3744 ALG - ok
22:56:17.0406 3744 AliIde - ok
22:56:17.0406 3744 amsint - ok
22:56:17.0437 3744 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:56:17.0484 3744 AppMgmt - ok
22:56:17.0500 3744 asc - ok
22:56:17.0500 3744 asc3350p - ok
22:56:17.0500 3744 asc3550 - ok
22:56:17.0531 3744 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
22:56:17.0531 3744 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
22:56:17.0531 3744 ASPI32 - detected UnsignedFile.Multi.Generic (1)
22:56:17.0593 3744 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:56:17.0609 3744 aspnet_state - ok
22:56:17.0625 3744 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:56:17.0765 3744 AsyncMac - ok
22:56:17.0796 3744 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:56:17.0921 3744 atapi - ok
22:56:17.0921 3744 Atdisk - ok
22:56:17.0953 3744 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:56:18.0078 3744 Atmarpc - ok
22:56:18.0093 3744 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:56:18.0218 3744 AudioSrv - ok
22:56:18.0250 3744 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:56:18.0359 3744 audstub - ok
22:56:18.0421 3744 b57w2k (5175e788bcd1cb7345ab21f3e14369d2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:56:18.0437 3744 b57w2k - ok
22:56:18.0484 3744 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:56:18.0593 3744 Beep - ok
22:56:18.0640 3744 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:56:18.0796 3744 BITS - ok
22:56:18.0812 3744 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
22:56:18.0843 3744 Blfp - ok
22:56:18.0890 3744 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:56:19.0015 3744 Browser - ok
22:56:19.0093 3744 catchme - ok
22:56:19.0109 3744 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:56:19.0250 3744 cbidf2k - ok
22:56:19.0281 3744 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:56:19.0390 3744 CCDECODE - ok
22:56:19.0390 3744 cd20xrnt - ok
22:56:19.0437 3744 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:56:19.0562 3744 Cdaudio - ok
22:56:19.0593 3744 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:56:19.0703 3744 Cdfs - ok
22:56:19.0734 3744 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:56:19.0843 3744 Cdrom - ok
22:56:19.0843 3744 Changer - ok
22:56:19.0859 3744 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:56:19.0984 3744 CiSvc - ok
22:56:19.0984 3744 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:56:20.0109 3744 ClipSrv - ok
22:56:20.0156 3744 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:20.0187 3744 clr_optimization_v2.0.50727_32 - ok
22:56:20.0187 3744 CmdIde - ok
22:56:20.0203 3744 COMSysApp - ok
22:56:20.0203 3744 Cpqarray - ok
22:56:20.0234 3744 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:56:20.0375 3744 CryptSvc - ok
22:56:20.0375 3744 dac2w2k - ok
22:56:20.0375 3744 dac960nt - ok
22:56:20.0437 3744 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:56:20.0500 3744 DcomLaunch - ok
22:56:20.0531 3744 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:56:20.0656 3744 Dhcp - ok
22:56:20.0671 3744 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:56:20.0796 3744 Disk - ok
22:56:20.0812 3744 dmadmin - ok
22:56:20.0859 3744 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:56:21.0000 3744 dmboot - ok
22:56:21.0015 3744 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:56:21.0125 3744 dmio - ok
22:56:21.0140 3744 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:56:21.0250 3744 dmload - ok
22:56:21.0265 3744 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:56:21.0390 3744 dmserver - ok
22:56:21.0453 3744 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:56:21.0609 3744 DMusic - ok
22:56:21.0625 3744 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
22:56:21.0750 3744 Dnscache - ok
22:56:21.0796 3744 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:56:21.0921 3744 Dot3svc - ok
22:56:21.0921 3744 dpti2o - ok
22:56:21.0953 3744 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:56:22.0078 3744 drmkaud - ok
22:56:22.0093 3744 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:56:22.0218 3744 EapHost - ok
22:56:22.0234 3744 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:56:22.0359 3744 ERSvc - ok
22:56:22.0406 3744 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:56:22.0421 3744 Eventlog - ok
22:56:22.0484 3744 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:56:22.0515 3744 EventSystem - ok
22:56:22.0546 3744 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:56:22.0687 3744 Fastfat - ok
22:56:22.0703 3744 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
22:56:22.0828 3744 FastUserSwitchingCompatibility - ok
22:56:22.0843 3744 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:56:22.0968 3744 Fdc - ok
22:56:22.0968 3744 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:56:23.0093 3744 Fips - ok
22:56:23.0125 3744 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:56:23.0234 3744 Flpydisk - ok
22:56:23.0250 3744 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:56:23.0375 3744 FltMgr - ok
22:56:23.0468 3744 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:56:23.0468 3744 FontCache3.0.0.0 - ok
22:56:23.0500 3744 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:56:23.0609 3744 Fs_Rec - ok
22:56:23.0625 3744 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:56:23.0750 3744 Ftdisk - ok
22:56:23.0765 3744 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:56:23.0781 3744 GEARAspiWDM - ok
22:56:23.0796 3744 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:56:23.0921 3744 Gpc - ok
22:56:23.0984 3744 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:56:24.0109 3744 helpsvc - ok
22:56:24.0109 3744 HidServ - ok
22:56:24.0140 3744 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:56:24.0265 3744 HidUsb - ok
22:56:24.0296 3744 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:56:24.0406 3744 hkmsvc - ok
22:56:24.0406 3744 hpn - ok
22:56:24.0437 3744 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:56:24.0531 3744 HPZid412 - ok
22:56:24.0546 3744 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:56:24.0578 3744 HPZipr12 - ok
22:56:24.0593 3744 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:56:24.0625 3744 HPZius12 - ok
22:56:24.0671 3744 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:56:24.0718 3744 HTTP - ok
22:56:24.0750 3744 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:56:24.0859 3744 HTTPFilter - ok
22:56:24.0859 3744 i2omgmt - ok
22:56:24.0875 3744 i2omp - ok
22:56:24.0906 3744 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:56:25.0015 3744 i8042prt - ok
22:56:25.0234 3744 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:56:25.0500 3744 ialm - ok
22:56:25.0656 3744 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:56:25.0703 3744 idsvc - ok
22:56:25.0781 3744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:56:25.0906 3744 Imapi - ok
22:56:25.0937 3744 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:56:26.0046 3744 ImapiService - ok
22:56:26.0046 3744 ini910u - ok
22:56:26.0078 3744 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:56:26.0187 3744 IntelIde - ok
22:56:26.0218 3744 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:56:26.0343 3744 intelppm - ok
22:56:26.0359 3744 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:56:26.0468 3744 Ip6Fw - ok
22:56:26.0500 3744 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:56:26.0609 3744 IpFilterDriver - ok
22:56:26.0625 3744 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:56:26.0734 3744 IpInIp - ok
22:56:26.0765 3744 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:56:26.0875 3744 IpNat - ok
22:56:26.0906 3744 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:56:27.0015 3744 IPSec - ok
22:56:27.0046 3744 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:56:27.0109 3744 IRENUM - ok
22:56:27.0140 3744 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:56:27.0250 3744 isapnp - ok
22:56:27.0328 3744 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
22:56:27.0343 3744 JavaQuickStarterService - ok
22:56:27.0343 3744 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:56:27.0484 3744 Kbdclass - ok
22:56:27.0500 3744 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:56:27.0625 3744 kmixer - ok
22:56:27.0734 3744 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
22:56:27.0750 3744 Kodak AiO Network Discovery Service - ok
22:56:27.0781 3744 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:56:27.0843 3744 KSecDD - ok
22:56:27.0875 3744 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:56:27.0937 3744 LanmanServer - ok
22:56:27.0968 3744 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:56:28.0015 3744 lanmanworkstation - ok
22:56:28.0015 3744 lbrtfdc - ok
22:56:28.0046 3744 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:56:28.0171 3744 LmHosts - ok
22:56:28.0203 3744 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:56:28.0328 3744 Messenger - ok
22:56:28.0343 3744 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:56:28.0453 3744 mnmdd - ok
22:56:28.0468 3744 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:56:28.0578 3744 mnmsrvc - ok
22:56:28.0609 3744 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:56:28.0734 3744 Modem - ok
22:56:28.0750 3744 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:56:28.0875 3744 Mouclass - ok
22:56:28.0890 3744 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:56:29.0000 3744 MountMgr - ok
22:56:29.0015 3744 mraid35x - ok
22:56:29.0031 3744 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:56:29.0140 3744 MRxDAV - ok
22:56:29.0187 3744 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:56:29.0218 3744 MRxSmb - ok
22:56:29.0250 3744 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:56:29.0359 3744 MSDTC - ok
22:56:29.0375 3744 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:56:29.0500 3744 Msfs - ok
22:56:29.0500 3744 MSIServer - ok
22:56:29.0531 3744 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:56:29.0656 3744 MSKSSRV - ok
22:56:29.0687 3744 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:56:29.0796 3744 MSPCLOCK - ok
22:56:29.0812 3744 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:56:29.0937 3744 MSPQM - ok
22:56:29.0953 3744 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:56:30.0062 3744 mssmbios - ok
22:56:30.0093 3744 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:56:30.0218 3744 MSTEE - ok
22:56:30.0234 3744 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:56:30.0343 3744 Mup - ok
22:56:30.0375 3744 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:56:30.0500 3744 NABTSFEC - ok
22:56:30.0531 3744 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:56:30.0656 3744 napagent - ok
22:56:30.0671 3744 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:56:30.0781 3744 NDIS - ok
22:56:30.0812 3744 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:56:30.0921 3744 NdisIP - ok
22:56:30.0937 3744 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:56:31.0046 3744 NdisTapi - ok
22:56:31.0078 3744 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:56:31.0171 3744 Ndisuio - ok
22:56:31.0187 3744 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:56:31.0296 3744 NdisWan - ok
22:56:31.0312 3744 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:56:31.0359 3744 NDProxy - ok
22:56:31.0375 3744 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
22:56:31.0390 3744 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:56:31.0390 3744 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:56:31.0421 3744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:56:31.0546 3744 NetBIOS - ok
22:56:31.0562 3744 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:56:31.0671 3744 NetBT - ok
22:56:31.0703 3744 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:56:31.0812 3744 NetDDE - ok
22:56:31.0812 3744 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:56:31.0937 3744 NetDDEdsdm - ok
22:56:31.0968 3744 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:32.0093 3744 Netlogon - ok
22:56:32.0109 3744 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:56:32.0234 3744 Netman - ok
22:56:32.0312 3744 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:56:32.0328 3744 NetTcpPortSharing - ok
22:56:32.0359 3744 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
22:56:32.0406 3744 Nla - ok
22:56:32.0500 3744 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
22:56:32.0562 3744 nmservice - ok
22:56:32.0593 3744 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:56:32.0718 3744 Npfs - ok
22:56:32.0781 3744 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:56:32.0906 3744 Ntfs - ok
22:56:32.0921 3744 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:33.0015 3744 NtLmSsp - ok
22:56:33.0062 3744 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:56:33.0171 3744 NtmsSvc - ok
22:56:33.0203 3744 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:56:33.0312 3744 Null - ok
22:56:33.0328 3744 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:56:33.0453 3744 NwlnkFlt - ok
22:56:33.0453 3744 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:56:33.0562 3744 NwlnkFwd - ok
22:56:33.0593 3744 nywuko (344770974dce3c039b48d27bd4e9a114) C:\WINDOWS\system32\bgrps.dll
22:56:33.0593 3744 Suspicious file (NoAccess): C:\WINDOWS\system32\bgrps.dll. md5: 344770974dce3c039b48d27bd4e9a114
22:56:33.0593 3744 nywuko ( LockedFile.Multi.Generic ) - warning
22:56:33.0593 3744 nywuko - detected LockedFile.Multi.Generic (1)
22:56:33.0609 3744 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:56:33.0734 3744 Parport - ok
22:56:33.0750 3744 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:56:33.0843 3744 PartMgr - ok
22:56:33.0875 3744 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:56:33.0984 3744 ParVdm - ok
22:56:34.0015 3744 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:56:34.0140 3744 PCI - ok
22:56:34.0140 3744 PCIDump - ok
22:56:34.0156 3744 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:56:34.0265 3744 PCIIde - ok
22:56:34.0296 3744 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:56:34.0390 3744 Pcmcia - ok
22:56:34.0406 3744 PDCOMP - ok
22:56:34.0406 3744 PDFRAME - ok
22:56:34.0406 3744 PDRELI - ok
22:56:34.0421 3744 PDRFRAME - ok
22:56:34.0421 3744 perc2 - ok
22:56:34.0421 3744 perc2hib - ok
22:56:34.0468 3744 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:56:34.0484 3744 PlugPlay - ok
22:56:34.0515 3744 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
22:56:34.0531 3744 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:56:34.0531 3744 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:56:34.0546 3744 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
22:56:34.0562 3744 pnarp - ok
22:56:34.0562 3744 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:34.0671 3744 PolicyAgent - ok
22:56:34.0703 3744 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:56:34.0796 3744 PptpMiniport - ok
22:56:34.0812 3744 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:34.0906 3744 ProtectedStorage - ok
22:56:34.0921 3744 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:56:35.0031 3744 PSched - ok
22:56:35.0046 3744 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:56:35.0156 3744 Ptilink - ok
22:56:35.0203 3744 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
22:56:35.0203 3744 purendis - ok
22:56:35.0234 3744 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:56:35.0250 3744 PxHelp20 - ok
22:56:35.0250 3744 ql1080 - ok
22:56:35.0250 3744 Ql10wnt - ok
22:56:35.0265 3744 ql12160 - ok
22:56:35.0265 3744 ql1240 - ok
22:56:35.0265 3744 ql1280 - ok
22:56:35.0296 3744 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:56:35.0406 3744 RasAcd - ok
22:56:35.0453 3744 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:56:35.0578 3744 RasAuto - ok
22:56:35.0625 3744 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:56:35.0734 3744 Rasl2tp - ok
22:56:35.0765 3744 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:56:35.0875 3744 RasMan - ok
22:56:35.0875 3744 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:56:35.0984 3744 RasPppoe - ok
22:56:35.0984 3744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:56:36.0093 3744 Raspti - ok
22:56:36.0125 3744 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:56:36.0250 3744 Rdbss - ok
22:56:36.0265 3744 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:56:36.0359 3744 RDPCDD - ok
22:56:36.0406 3744 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:56:36.0515 3744 rdpdr - ok
22:56:36.0546 3744 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:56:36.0656 3744 RDPWD - ok
22:56:36.0687 3744 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:56:36.0796 3744 RDSessMgr - ok
22:56:36.0812 3744 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:56:36.0906 3744 redbook - ok
22:56:36.0937 3744 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:56:37.0156 3744 RemoteAccess - ok
22:56:37.0187 3744 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:56:37.0296 3744 RemoteRegistry - ok
22:56:37.0328 3744 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:56:37.0421 3744 RpcLocator - ok
22:56:37.0468 3744 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:56:37.0500 3744 RpcSs - ok
22:56:37.0531 3744 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:56:37.0656 3744 RSVP - ok
22:56:37.0687 3744 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:37.0781 3744 SamSs - ok
22:56:37.0812 3744 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:56:37.0937 3744 SCardSvr - ok
22:56:37.0968 3744 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:56:38.0078 3744 Schedule - ok
22:56:38.0109 3744 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:56:38.0156 3744 Secdrv - ok
22:56:38.0187 3744 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:56:38.0281 3744 seclogon - ok
22:56:38.0296 3744 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:56:38.0406 3744 SENS - ok
22:56:38.0421 3744 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:56:38.0531 3744 serenum - ok
22:56:38.0546 3744 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:56:38.0656 3744 Serial - ok
22:56:38.0671 3744 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:56:38.0781 3744 Sfloppy - ok
22:56:38.0828 3744 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:56:38.0921 3744 SharedAccess - ok
22:56:38.0953 3744 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
22:56:39.0046 3744 ShellHWDetection - ok
22:56:39.0062 3744 Simbad - ok
22:56:39.0078 3744 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:56:39.0187 3744 SLIP - ok
22:56:39.0234 3744 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys
22:56:39.0281 3744 smwdm ( UnsignedFile.Multi.Generic ) - warning
22:56:39.0281 3744 smwdm - detected UnsignedFile.Multi.Generic (1)
22:56:39.0328 3744 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
22:56:39.0343 3744 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
22:56:39.0343 3744 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
22:56:39.0343 3744 Sparrow - ok
22:56:39.0359 3744 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:56:39.0484 3744 splitter - ok
22:56:39.0515 3744 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:56:39.0546 3744 Spooler - ok
22:56:39.0593 3744 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:56:39.0656 3744 sr - ok
22:56:39.0671 3744 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:56:39.0718 3744 srservice - ok
22:56:39.0765 3744 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
22:56:39.0781 3744 Srv - ok
22:56:39.0828 3744 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:56:39.0890 3744 SSDPSRV - ok
22:56:39.0906 3744 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:56:40.0031 3744 stisvc - ok
22:56:40.0046 3744 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:56:40.0171 3744 streamip - ok
22:56:40.0203 3744 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:56:40.0312 3744 swenum - ok
22:56:40.0343 3744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:56:40.0453 3744 swmidi - ok
22:56:40.0453 3744 SwPrv - ok
22:56:40.0468 3744 symc810 - ok
22:56:40.0468 3744 symc8xx - ok
22:56:40.0468 3744 sym_hi - ok
22:56:40.0484 3744 sym_u3 - ok
22:56:40.0500 3744 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:56:40.0625 3744 sysaudio - ok
22:56:40.0656 3744 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:56:40.0781 3744 SysmonLog - ok
22:56:40.0812 3744 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:56:40.0921 3744 TapiSrv - ok
22:56:40.0968 3744 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:56:40.0984 3744 Tcpip - ok
22:56:41.0015 3744 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:56:41.0125 3744 TDPIPE - ok
22:56:41.0125 3744 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:56:41.0234 3744 TDTCP - ok
22:56:41.0250 3744 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:56:41.0359 3744 TermDD - ok
22:56:41.0375 3744 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:56:41.0484 3744 TermService - ok
22:56:41.0500 3744 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
22:56:41.0609 3744 Themes - ok
22:56:41.0640 3744 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:56:41.0703 3744 TlntSvr - ok
22:56:41.0703 3744 TosIde - ok
22:56:41.0734 3744 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:56:41.0843 3744 TrkWks - ok
22:56:41.0875 3744 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:56:42.0000 3744 Udfs - ok
22:56:42.0000 3744 ultra - ok
22:56:42.0031 3744 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:56:42.0140 3744 Update - ok
22:56:42.0156 3744 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:56:42.0234 3744 upnphost - ok
22:56:42.0250 3744 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:56:42.0359 3744 UPS - ok
22:56:42.0375 3744 USBAAPL - ok
22:56:42.0406 3744 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:56:42.0515 3744 usbaudio - ok
22:56:42.0531 3744 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:56:42.0640 3744 usbccgp - ok
22:56:42.0671 3744 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:56:42.0796 3744 usbehci - ok
22:56:42.0812 3744 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:56:42.0921 3744 usbhub - ok
22:56:42.0953 3744 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:56:43.0078 3744 usbprint - ok
22:56:43.0078 3744 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:56:43.0187 3744 usbscan - ok
22:56:43.0203 3744 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
22:56:43.0312 3744 usbser - ok
22:56:43.0343 3744 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:56:43.0453 3744 usbstor - ok
22:56:43.0468 3744 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:56:43.0578 3744 usbuhci - ok
22:56:43.0593 3744 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:56:43.0703 3744 usbvideo - ok
22:56:43.0718 3744 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:56:43.0843 3744 VgaSave - ok
22:56:43.0843 3744 ViaIde - ok
22:56:43.0859 3744 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:56:43.0968 3744 VolSnap - ok
22:56:44.0000 3744 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:56:44.0062 3744 VSS - ok
22:56:44.0093 3744 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:56:44.0203 3744 W32Time - ok
22:56:44.0234 3744 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:56:44.0343 3744 Wanarp - ok
22:56:44.0343 3744 WDICA - ok
22:56:44.0375 3744 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:56:44.0484 3744 wdmaud - ok
22:56:44.0515 3744 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:56:44.0609 3744 WebClient - ok
22:56:44.0671 3744 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:56:44.0781 3744 winmgmt - ok
22:56:44.0828 3744 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
22:56:44.0937 3744 WmdmPmSN - ok
22:56:44.0984 3744 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:56:45.0031 3744 Wmi - ok
22:56:45.0062 3744 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:56:45.0156 3744 WmiAcpi - ok
22:56:45.0171 3744 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:56:45.0296 3744 WmiApSrv - ok
22:56:45.0312 3744 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:56:45.0421 3744 WS2IFSL - ok
22:56:45.0453 3744 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:56:45.0562 3744 wscsvc - ok
22:56:45.0562 3744 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:56:45.0671 3744 WSTCODEC - ok
22:56:45.0687 3744 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:56:45.0796 3744 wuauserv - ok
22:56:45.0843 3744 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:56:45.0968 3744 WZCSVC - ok
22:56:45.0984 3744 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:56:46.0093 3744 xmlprov - ok
22:56:46.0093 3744 yywpfqv - ok
22:56:46.0109 3744 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
22:56:46.0218 3744 \Device\Harddisk0\DR0 - ok
22:56:46.0234 3744 Boot (0x1200) (3e6940b1d7b8e7a80923199b265b76f1) \Device\Harddisk0\DR0\Partition0
22:56:46.0234 3744 \Device\Harddisk0\DR0\Partition0 - ok
22:56:46.0234 3744 ============================================================
22:56:46.0234 3744 Scan finished
22:56:46.0234 3744 ============================================================
22:56:46.0343 3740 Detected object count: 7
22:56:46.0343 3740 Actual detected object count: 7
22:56:59.0843 3740 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:59.0843 3740 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:59.0843 3740 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:59.0843 3740 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:59.0843 3740 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:59.0843 3740 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:59.0843 3740 nywuko ( LockedFile.Multi.Generic ) - skipped by user
22:56:59.0843 3740 nywuko ( LockedFile.Multi.Generic ) - User select action: Skip
22:56:59.0843 3740 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:59.0843 3740 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:59.0843 3740 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:59.0843 3740 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:59.0843 3740 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:59.0843 3740 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

Advertisements

#26
gary55
Posted 18 May 2012 - 09:12 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
oh i forgot to tell you that the info i cut and pasted (....harddisk\DRO) said it was not found
  • 0

#27
CompCav
Posted 18 May 2012 - 09:14 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Then we will try something other than ComboFix.

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image


Please post the log from the first scan

and

attach avptool_sysinfo.zip

in your next post and give me any update on the performance of your computer!
  • 0

#28
gary55
Posted 19 May 2012 - 06:47 AM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Kapersky could not be downloaded on Windows! Msg says:

Server not found
Firefox can't find the server at usa.kaspersky.com.
This is the same msg. i got for combofix download. i had to start ubuntu and download the program there and copy to flash drive. however i need to get a bigger flash drive for Kapersky's. thank god for ubuntu...

BTW i haven't had one error while i'm doing this work right now on Windows...

Edited by gary55, 19 May 2012 - 06:49 AM.

  • 0

#29
CompCav
Posted 19 May 2012 - 06:56 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
so your internet is not working?

Please also download this and run it after Kaspersky's AVP tool.

Download farbar service scanner to your desktop and then run it.

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply
  • 0

#30
gary55
Posted 19 May 2012 - 01:12 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
here is the 1st report: and the zip attached...thank you

Status: Deleted (events: 11)
5/19/2012 2:40:15 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\Desktop\gr stuff\Junk\LimeWireWin.exe//LimeWire.msi Medium
5/19/2012 2:40:15 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\Desktop\gr stuff\Junk\LimeWireWin.exe//LimeWire.msi//Data1.cab//limeshop.exe//data0126 Medium
5/19/2012 2:40:12 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\My Documents\Junk\LimeWireWin.exe//LimeWire.msi Medium
5/19/2012 2:40:12 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\My Documents\Junk\LimeWireWin.exe//LimeWire.msi//Data1.cab//limeshop.exe//data0126 Medium
5/19/2012 2:16:50 PM Deleted Trojan program Trojan.Win32.Jorik.Banker.apt c:\WINDOWS\system32\appconf32.exe High
5/19/2012 2:40:12 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\My Documents\Junk\LimeWireWin.exe//LimeWire.msi//Data1.cab//limeshop.exe Medium
5/19/2012 2:40:12 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\My Documents\Junk\LimeWireWin.exe//LimeWire.msi//Data1.cab Medium
5/19/2012 2:40:12 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\My Documents\Junk\LimeWireWin.exe Medium
5/19/2012 2:40:15 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\Desktop\gr stuff\Junk\LimeWireWin.exe//LimeWire.msi//Data1.cab//limeshop.exe Medium
5/19/2012 2:40:15 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\Desktop\gr stuff\Junk\LimeWireWin.exe//LimeWire.msi//Data1.cab Medium
5/19/2012 2:40:15 PM Deleted adware not-a-virus:AdWare.Win32.TopMoxie.c C:\Documents and Settings\Gary\Desktop\gr stuff\Junk\LimeWireWin.exe Medium
Status: Detected (events: 19)
5/19/2012 1:09:21 PM Detected Trojan program HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP102\A0018616.exe High
5/19/2012 1:35:15 PM Detected Trojan program Trojan-Spy.Win32.Agent.caew C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP102\A0018618.dll High
5/19/2012 1:35:57 PM Detected Trojan program Trojan-Spy.Win32.Agent.cagi C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP104\A0020944.dll High
5/19/2012 1:35:58 PM Detected Trojan program Trojan-Spy.Win32.Farko.jw C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP104\A0020975.dll High
5/19/2012 1:40:40 PM Detected Trojan program HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP118\A0026190.dll High
5/19/2012 1:41:52 PM Detected Trojan program Trojan.Win32.Jorik.Banker.apt C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP118\A0026192.exe High
5/19/2012 1:43:18 PM Detected Trojan program Trojan-Spy.Win32.Agent.bzym C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP119\A0027299.dll High
5/19/2012 1:43:18 PM Detected Trojan program Trojan-Spy.Win32.Agent.cacm C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP119\A0027303.dll High
5/19/2012 1:43:27 PM Detected Trojan program Trojan-Spy.Win32.Agent.caew C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP119\A0027311.dll High
5/19/2012 1:49:48 PM Detected Trojan program Trojan.Win32.Menti.mzti C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP95\A0017414.exe High
5/19/2012 1:49:48 PM Detected Trojan program Trojan-Spy.Win32.Farko.jj C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP95\A0017433.dll High
5/19/2012 1:50:48 PM Detected Trojan program Trojan.Win32.Jorik.Banker.anj C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP97\A0017495.exe High
5/19/2012 1:55:16 PM Detected virus Net-Worm.Win32.Kido.dam.am C:\WINDOWS\system32\bgrps.dll High
5/19/2012 1:55:17 PM Detected Trojan program Trojan.Win32.Jorik.Banker.apt C:\WINDOWS\system32\appconf32.exe High
5/19/2012 1:57:08 PM Detected Trojan program HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\05162012_202621\C_WINDOWS\System32\11007\components\AcroFF007.dll High
5/19/2012 2:03:50 PM Detected virus Net-Worm.Win32.Kido.dam.am c:\WINDOWS\system32\bgrps.dll High
5/19/2012 2:30:48 PM Detected Trojan program Trojan-Spy.Win32.Agent.cagi C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP119\A0027429.dll High
5/19/2012 2:32:25 PM Detected Trojan program Trojan-Spy.Win32.Farko.js C:\System Volume Information\_restore{A789EF8A-6F48-4A87-85B5-90FF49176DE0}\RP98\A0018596.dll High
5/19/2012 2:32:33 PM Detected Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\18.05.2012_22.05.17\tdlfs0000\tsk0004.dta//UPX High

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP