Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Internet won't work after combo fix

This is a discussion on Internet won't work after combo fix within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, had a google redirect virus. ran multiple malware programs, antimalware bytes, spybot, and a few cleaners but no success.


 
 
Thread Tools Search this Thread
Old 04-25-2012, 12:37 PM   #1
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



Hi, had a google redirect virus. ran multiple malware programs, antimalware bytes, spybot, and a few cleaners but no success. ran combo fix and now I don't have internet. here is log file

ComboFix 12-04-24.05 - Amanda 04/24/2012 23:44:10.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2999.2182 [GMT -5:00]
Running from: c:\users\Amanda\Desktop\ComboFix.exe
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amanda\Documents\~WRL3346.tmp
c:\windows\$NtUninstallKB18033$\2368404198
c:\windows\$NtUninstallKB18033$\2545209797\@
c:\windows\$NtUninstallKB18033$\2545209797\cfg.ini
c:\windows\$NtUninstallKB18033$\2545209797\Desktop.ini
c:\windows\$NtUninstallKB18033$\2545209797\L\xadqgnnk
c:\windows\$NtUninstallKB18033$\2545209797\oemid
c:\windows\$NtUninstallKB18033$\2545209797\U\[email protected]
c:\windows\$NtUninstallKB18033$\2545209797\U\[email protected]
c:\windows\$NtUninstallKB18033$\2545209797\U\[email protected]
c:\windows\$NtUninstallKB18033$\2545209797\U\[email protected]
c:\windows\$NtUninstallKB18033$\2545209797\U\[email protected]
c:\windows\$NtUninstallKB18033$\2545209797\U\[email protected]
c:\windows\$NtUninstallKB18033$\2545209797\version
c:\windows\system32\dccam.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\npf.sys
c:\windows\system32\efs.dll
c:\windows\system32\FastUserSwitchingCompatibilityex.dll
c:\windows\system32\simbad.dll
c:\windows\$NtUninstallKB18033$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_rt61
-------\Service_vpcnfltr
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 04:59 . 2012-04-25 05:01 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2012-04-25 04:59 . 2012-04-25 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 00:13 . 2012-04-25 00:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-25 00:13 . 2012-04-25 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-25 00:01 . 2012-04-25 00:01 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 08:03 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-22 08:03 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 08:03 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 08:03 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 08:02 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-22 08:02 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-28 01:37 . 2012-04-22 08:00 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 00:01 . 2010-11-16 11:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-22 08:00 . 2011-08-15 18:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-05-19 13:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 05:17 . 2010-12-30 21:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-17 05:17 . 2010-12-30 21:05 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-17 05:17 . 2010-12-30 21:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-17 05:17 . 2010-12-30 21:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01 . 2012-02-15 17:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44 . 2012-03-13 20:38 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 20:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 20:38 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-13 20:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 20:38 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 20:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 20:38 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 20:38 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-13 20:38 2341376 ----a-w- c:\windows\system32\win32k.sys
2011-05-12 04:31 232406 --sha-w- c:\windows\System32\sysprep\CRYPTBASE.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]
2012-02-02 15:46 88416 ----a-w- c:\users\Amanda\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"Smart PC Cleaner"="c:\program files\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
"GenieoUpdaterService"="c:\users\Amanda\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" [2012-02-02 280416]
"GenieoSystemTray"="c:\users\Amanda\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [2012-02-02 562016]
"Browser Infrastructure Helper"="c:\users\Amanda\AppData\Local\Smartbar\Application\Linkury.exe" [2012-02-12 13824]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2012-02-08 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-06 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-11-16 5249024]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-06 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-02 81920]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tosrfsnd
websensewfreportserver
rt61
vpcnfltr
ip6fw
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 08:00]
.
2012-04-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-21 20:24]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 05:25]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 05:25]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000Core.job
- c:\users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 19:48]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000UA.job
- c:\users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 19:48]
.
2012-04-10 c:\windows\Tasks\Norton Security Scan for Amanda.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-11-09 03:43]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&range=98&searchtype=ds&isid=9860&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3184)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-25 00:05:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 05:05
.
Pre-Run: 222,268,059,648 bytes free
Post-Run: 222,096,728,064 bytes free
.
- - End Of File - - 63E86EC2F5EEC49E0E4AF12654B04AC1

any help is appreciated. Thanks

Steve
jenningsfamily is offline  
Sponsored Links
Advertisement
 
Old 04-26-2012, 07:32 PM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi Steve,

That's because you're still infected with ZAccess. As the disclaimer states, you really shouldn't run ComboFix without being instructed to. At the very least, you should have a preliminary set of logs saved to a flash drive before you run it.

As explained in Post 2 of our pre-posting topic...

Quote:
Why we don't ask you to run ComboFix from the onset


We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.
I'll need to gather more info before we proceed: (Download these tools to a flash drive, then transfer to the infected computer to run them)

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

====================================

Next, download DDS from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

For now, I only need to see the 2nd log it creates. Post the contents of the Attach.txt in your next reply, along with the TDSSKiller report.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-26-2012, 08:28 PM   #3
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



here is the TDSS log

22:20:49.0237 3004 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:20:49.0253 3004 ============================================================
22:20:49.0253 3004 Current date / time: 2012/04/26 22:20:49.0253
22:20:49.0253 3004 SystemInfo:
22:20:49.0253 3004
22:20:49.0253 3004 OS Version: 6.1.7600 ServicePack: 0.0
22:20:49.0253 3004 Product type: Workstation
22:20:49.0253 3004 ComputerName: AMANDA-PC
22:20:49.0253 3004 UserName: Amanda
22:20:49.0253 3004 Windows directory: C:\Windows
22:20:49.0253 3004 System windows directory: C:\Windows
22:20:49.0253 3004 Processor architecture: Intel x86
22:20:49.0253 3004 Number of processors: 4
22:20:49.0253 3004 Page size: 0x1000
22:20:49.0253 3004 Boot type: Normal boot
22:20:49.0253 3004 ============================================================
22:20:49.0877 3004 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:20:49.0892 3004 Drive \Device\Harddisk1\DR1 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:20:49.0892 3004 ============================================================
22:20:49.0892 3004 \Device\Harddisk0\DR0:
22:20:49.0892 3004 MBR partitions:
22:20:49.0892 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
22:20:49.0892 3004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
22:20:49.0892 3004 \Device\Harddisk1\DR1:
22:20:49.0892 3004 MBR partitions:
22:20:49.0892 3004 ============================================================
22:20:49.0923 3004 C: <-> \Device\Harddisk0\DR0\Partition1
22:20:49.0923 3004 ============================================================
22:20:49.0923 3004 Initialize success
22:20:49.0923 3004 ============================================================
22:20:53.0153 1760 ============================================================
22:20:53.0153 1760 Scan started
22:20:53.0153 1760 Mode: Manual;
22:20:53.0153 1760 ============================================================
22:20:54.0931 1760 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
22:20:54.0947 1760 1394ohci - ok
22:20:55.0009 1760 Acceler (eb008a36206bf9d0de3c5f9df67d20d8) C:\Windows\system32\DRIVERS\Accelern.sys
22:20:55.0009 1760 Acceler - ok
22:20:55.0056 1760 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:20:55.0071 1760 ACPI - ok
22:20:55.0103 1760 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:20:55.0103 1760 AcpiPmi - ok
22:20:55.0165 1760 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:55.0165 1760 AdobeFlashPlayerUpdateSvc - ok
22:20:55.0196 1760 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:20:55.0212 1760 adp94xx - ok
22:20:55.0243 1760 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:20:55.0259 1760 adpahci - ok
22:20:55.0274 1760 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:20:55.0274 1760 adpu320 - ok
22:20:55.0305 1760 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:20:55.0305 1760 AeLookupSvc - ok
22:20:55.0399 1760 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
22:20:55.0399 1760 AESTFilters - ok
22:20:55.0477 1760 AFD (8a2b241289dff99b1d7fec000a0bdb14) C:\Windows\system32\drivers\afd.sys
22:20:55.0493 1760 AFD ( Virus.Win32.ZAccess.k ) - infected
22:20:55.0493 1760 AFD - detected Virus.Win32.ZAccess.k (0)
22:20:55.0508 1760 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:20:55.0508 1760 agp440 - ok
22:20:55.0539 1760 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:20:55.0555 1760 aic78xx - ok
22:20:55.0602 1760 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:20:55.0602 1760 ALG - ok
22:20:55.0633 1760 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:20:55.0649 1760 aliide - ok
22:20:55.0664 1760 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:20:55.0664 1760 amdagp - ok
22:20:55.0680 1760 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:20:55.0680 1760 amdide - ok
22:20:55.0695 1760 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:20:55.0695 1760 AmdK8 - ok
22:20:55.0711 1760 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:20:55.0711 1760 AmdPPM - ok
22:20:55.0742 1760 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
22:20:55.0742 1760 amdsata - ok
22:20:55.0773 1760 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:20:55.0773 1760 amdsbs - ok
22:20:55.0820 1760 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
22:20:55.0820 1760 amdxata - ok
22:20:55.0867 1760 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:20:55.0867 1760 AppID - ok
22:20:55.0883 1760 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:20:55.0883 1760 AppIDSvc - ok
22:20:55.0914 1760 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
22:20:55.0914 1760 Appinfo - ok
22:20:56.0039 1760 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:20:56.0039 1760 Apple Mobile Device - ok
22:20:56.0085 1760 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:20:56.0085 1760 arc - ok
22:20:56.0101 1760 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:20:56.0101 1760 arcsas - ok
22:20:56.0148 1760 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:20:56.0148 1760 AsyncMac - ok
22:20:56.0195 1760 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:20:56.0195 1760 atapi - ok
22:20:56.0257 1760 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
22:20:56.0273 1760 AudioEndpointBuilder - ok
22:20:56.0273 1760 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
22:20:56.0273 1760 Audiosrv - ok
22:20:56.0413 1760 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
22:20:56.0413 1760 AxInstSV - ok
22:20:56.0444 1760 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:20:56.0460 1760 b06bdrv - ok
22:20:56.0475 1760 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:20:56.0491 1760 b57nd60x - ok
22:20:56.0600 1760 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:20:56.0600 1760 BBSvc - ok
22:20:56.0647 1760 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:20:56.0647 1760 BBUpdate - ok
22:20:56.0678 1760 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
22:20:56.0678 1760 BCM42RLY - ok
22:20:56.0819 1760 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:20:56.0865 1760 BCM43XX - ok
22:20:57.0037 1760 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:20:57.0053 1760 BDESVC - ok
22:20:57.0115 1760 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:20:57.0115 1760 Beep - ok
22:20:57.0193 1760 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
22:20:57.0209 1760 BFE - ok
22:20:57.0255 1760 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
22:20:57.0271 1760 BITS - ok
22:20:57.0287 1760 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:20:57.0287 1760 blbdrive - ok
22:20:57.0427 1760 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:20:57.0443 1760 Bonjour Service - ok
22:20:57.0458 1760 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
22:20:57.0458 1760 bowser - ok
22:20:57.0489 1760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:20:57.0489 1760 BrFiltLo - ok
22:20:57.0505 1760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:20:57.0505 1760 BrFiltUp - ok
22:20:57.0521 1760 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:20:57.0521 1760 BridgeMP - ok
22:20:57.0552 1760 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
22:20:57.0552 1760 Browser - ok
22:20:57.0583 1760 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:20:57.0599 1760 Brserid - ok
22:20:57.0614 1760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:20:57.0614 1760 BrSerWdm - ok
22:20:57.0630 1760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:20:57.0630 1760 BrUsbMdm - ok
22:20:57.0645 1760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:20:57.0645 1760 BrUsbSer - ok
22:20:57.0692 1760 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
22:20:57.0692 1760 BthEnum - ok
22:20:57.0708 1760 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:20:57.0708 1760 BTHMODEM - ok
22:20:57.0739 1760 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:20:57.0739 1760 BthPan - ok
22:20:57.0801 1760 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\system32\Drivers\BTHport.sys
22:20:57.0817 1760 BTHPORT - ok
22:20:57.0864 1760 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:20:57.0864 1760 bthserv - ok
22:20:57.0879 1760 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\system32\Drivers\BTHUSB.sys
22:20:57.0879 1760 BTHUSB - ok
22:20:57.0911 1760 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
22:20:57.0911 1760 btwaudio - ok
22:20:57.0942 1760 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
22:20:57.0942 1760 btwavdt - ok
22:20:58.0035 1760 btwdins (45f36763576b8ae91e809337dc7ce4e6) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:20:58.0051 1760 btwdins - ok
22:20:58.0082 1760 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:20:58.0082 1760 btwl2cap - ok
22:20:58.0098 1760 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
22:20:58.0098 1760 btwrchid - ok
22:20:58.0191 1760 catchme - ok
22:20:58.0238 1760 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:20:58.0254 1760 cdfs - ok
22:20:58.0285 1760 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:20:58.0301 1760 cdrom - ok
22:20:58.0332 1760 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
22:20:58.0347 1760 CertPropSvc - ok
22:20:58.0363 1760 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:20:58.0363 1760 circlass - ok
22:20:58.0379 1760 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:20:58.0394 1760 CLFS - ok
22:20:58.0457 1760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:58.0457 1760 clr_optimization_v2.0.50727_32 - ok
22:20:58.0550 1760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:58.0550 1760 clr_optimization_v4.0.30319_32 - ok
22:20:58.0566 1760 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:20:58.0566 1760 CmBatt - ok
22:20:58.0581 1760 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:20:58.0581 1760 cmdide - ok
22:20:58.0613 1760 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
22:20:58.0628 1760 CNG - ok
22:20:58.0675 1760 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:20:58.0675 1760 Compbatt - ok
22:20:58.0706 1760 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:20:58.0706 1760 CompositeBus - ok
22:20:58.0722 1760 COMSysApp - ok
22:20:58.0737 1760 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:20:58.0737 1760 crcdisk - ok
22:20:58.0784 1760 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
22:20:58.0784 1760 CryptSvc - ok
22:20:58.0831 1760 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
22:20:58.0831 1760 CtAudDrv - ok
22:20:58.0862 1760 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:20:58.0878 1760 CtClsFlt - ok
22:20:58.0909 1760 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
22:20:58.0909 1760 DcomLaunch - ok
22:20:58.0925 1760 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:20:58.0940 1760 defragsvc - ok
22:20:58.0971 1760 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
22:20:58.0971 1760 DfsC - ok
22:20:59.0003 1760 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
22:20:59.0018 1760 Dhcp - ok
22:20:59.0034 1760 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:20:59.0034 1760 discache - ok
22:20:59.0065 1760 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:20:59.0081 1760 Disk - ok
22:20:59.0096 1760 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
22:20:59.0096 1760 Dnscache - ok
22:20:59.0112 1760 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
22:20:59.0127 1760 dot3svc - ok
22:20:59.0143 1760 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
22:20:59.0143 1760 DPS - ok
22:20:59.0174 1760 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:20:59.0190 1760 drmkaud - ok
22:20:59.0237 1760 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
22:20:59.0268 1760 DXGKrnl - ok
22:20:59.0315 1760 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:20:59.0315 1760 EapHost - ok
22:20:59.0455 1760 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:20:59.0533 1760 ebdrv - ok
22:20:59.0689 1760 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
22:20:59.0689 1760 EFS - ok
22:20:59.0767 1760 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
22:20:59.0783 1760 ehRecvr - ok
22:20:59.0798 1760 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:20:59.0798 1760 ehSched - ok
22:21:00.0032 1760 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:21:00.0048 1760 elxstor - ok
22:21:00.0063 1760 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:21:00.0063 1760 ErrDev - ok
22:21:00.0126 1760 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:21:00.0141 1760 EventSystem - ok
22:21:00.0157 1760 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:21:00.0173 1760 exfat - ok
22:21:00.0188 1760 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:21:00.0188 1760 fastfat - ok
22:21:00.0204 1760 FastUserSwitchingCompatibility - ok
22:21:00.0251 1760 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
22:21:00.0266 1760 Fax - ok
22:21:00.0282 1760 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:21:00.0297 1760 fdc - ok
22:21:00.0297 1760 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:21:00.0297 1760 fdPHost - ok
22:21:00.0329 1760 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:21:00.0329 1760 FDResPub - ok
22:21:00.0344 1760 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:21:00.0344 1760 FileInfo - ok
22:21:00.0344 1760 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:21:00.0360 1760 Filetrace - ok
22:21:00.0375 1760 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:00.0375 1760 flpydisk - ok
22:21:00.0391 1760 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:21:00.0407 1760 FltMgr - ok
22:21:00.0453 1760 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
22:21:00.0485 1760 FontCache - ok
22:21:00.0563 1760 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:21:00.0563 1760 FontCache3.0.0.0 - ok
22:21:00.0594 1760 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:21:00.0594 1760 FsDepends - ok
22:21:00.0625 1760 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:00.0625 1760 Fs_Rec - ok
22:21:00.0656 1760 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
22:21:00.0672 1760 fvevol - ok
22:21:00.0750 1760 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:21:00.0765 1760 gagp30kx - ok
22:21:00.0812 1760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:00.0812 1760 GEARAspiWDM - ok
22:21:00.0843 1760 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
22:21:00.0859 1760 gpsvc - ok
22:21:00.0984 1760 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:21:00.0984 1760 gupdate - ok
22:21:01.0015 1760 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:21:01.0015 1760 gupdatem - ok
22:21:01.0046 1760 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:21:01.0046 1760 gusvc - ok
22:21:01.0062 1760 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:21:01.0062 1760 hcw85cir - ok
22:21:01.0109 1760 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:01.0109 1760 HDAudBus - ok
22:21:01.0124 1760 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
22:21:01.0140 1760 HECI - ok
22:21:01.0140 1760 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:21:01.0155 1760 HidBatt - ok
22:21:01.0171 1760 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:21:01.0171 1760 HidBth - ok
22:21:01.0202 1760 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:21:01.0202 1760 HidIr - ok
22:21:01.0233 1760 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:21:01.0233 1760 hidserv - ok
22:21:01.0265 1760 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:21:01.0265 1760 HidUsb - ok
22:21:01.0280 1760 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
22:21:01.0280 1760 hkmsvc - ok
22:21:01.0311 1760 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
22:21:01.0311 1760 HomeGroupListener - ok
22:21:01.0343 1760 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
22:21:01.0343 1760 HomeGroupProvider - ok
22:21:01.0374 1760 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:21:01.0374 1760 HpSAMD - ok
22:21:01.0405 1760 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:21:01.0421 1760 HTTP - ok
22:21:01.0436 1760 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:21:01.0436 1760 hwpolicy - ok
22:21:01.0499 1760 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:21:01.0499 1760 i8042prt - ok
22:21:01.0530 1760 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
22:21:01.0545 1760 iaStor - ok
22:21:01.0577 1760 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
22:21:01.0592 1760 iaStorV - ok
22:21:01.0701 1760 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:21:01.0733 1760 idsvc - ok
22:21:02.0357 1760 igfx (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:21:02.0497 1760 igfx - ok
22:21:02.0637 1760 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:21:02.0653 1760 iirsp - ok
22:21:02.0700 1760 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
22:21:02.0715 1760 IKEEXT - ok
22:21:02.0762 1760 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
22:21:02.0762 1760 Impcd - ok
22:21:02.0825 1760 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:21:02.0825 1760 IntcDAud - ok
22:21:02.0856 1760 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:21:02.0856 1760 intelide - ok
22:21:02.0887 1760 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:02.0887 1760 intelppm - ok
22:21:02.0887 1760 ip6fw - ok
22:21:02.0903 1760 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:21:02.0918 1760 IPBusEnum - ok
22:21:02.0934 1760 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:02.0934 1760 IpFilterDriver - ok
22:21:02.0996 1760 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
22:21:03.0012 1760 iphlpsvc - ok
22:21:03.0027 1760 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:21:03.0027 1760 IPMIDRV - ok
22:21:03.0043 1760 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:21:03.0043 1760 IPNAT - ok
22:21:03.0168 1760 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:21:03.0168 1760 iPod Service - ok
22:21:03.0215 1760 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:21:03.0215 1760 IRENUM - ok
22:21:03.0230 1760 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:21:03.0230 1760 isapnp - ok
22:21:03.0246 1760 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:21:03.0246 1760 iScsiPrt - ok
22:21:03.0277 1760 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:03.0277 1760 kbdclass - ok
22:21:03.0324 1760 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:03.0324 1760 kbdhid - ok
22:21:03.0339 1760 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:21:03.0339 1760 KeyIso - ok
22:21:03.0371 1760 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
22:21:03.0371 1760 KSecDD - ok
22:21:03.0402 1760 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
22:21:03.0402 1760 KSecPkg - ok
22:21:03.0433 1760 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:21:03.0449 1760 KtmRm - ok
22:21:03.0480 1760 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
22:21:03.0480 1760 LanmanServer - ok
22:21:03.0511 1760 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
22:21:03.0511 1760 LanmanWorkstation - ok
22:21:03.0558 1760 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:03.0558 1760 lltdio - ok
22:21:03.0589 1760 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:21:03.0589 1760 lltdsvc - ok
22:21:03.0605 1760 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:21:03.0605 1760 lmhosts - ok
22:21:03.0714 1760 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:21:03.0714 1760 LMS - ok
22:21:03.0745 1760 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:21:03.0745 1760 LSI_FC - ok
22:21:03.0761 1760 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:21:03.0776 1760 LSI_SAS - ok
22:21:03.0776 1760 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:21:03.0776 1760 LSI_SAS2 - ok
22:21:03.0807 1760 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:21:03.0807 1760 LSI_SCSI - ok
22:21:03.0839 1760 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:21:03.0839 1760 luafv - ok
22:21:03.0932 1760 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
22:21:03.0932 1760 McComponentHostService - ok
22:21:03.0963 1760 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
22:21:03.0963 1760 Mcx2Svc - ok
22:21:03.0979 1760 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:21:03.0979 1760 megasas - ok
22:21:04.0026 1760 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:21:04.0041 1760 MegaSR - ok
22:21:04.0057 1760 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:21:04.0057 1760 MMCSS - ok
22:21:04.0073 1760 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:21:04.0073 1760 Modem - ok
22:21:04.0119 1760 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:21:04.0119 1760 monitor - ok
22:21:04.0182 1760 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
22:21:04.0182 1760 MotoHelper - ok
22:21:04.0213 1760 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:21:04.0213 1760 mouclass - ok
22:21:04.0244 1760 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:04.0244 1760 mouhid - ok
22:21:04.0260 1760 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:21:04.0260 1760 mountmgr - ok
22:21:04.0275 1760 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:21:04.0275 1760 mpio - ok
22:21:04.0307 1760 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:21:04.0307 1760 mpsdrv - ok
22:21:04.0385 1760 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
22:21:04.0400 1760 MpsSvc - ok
22:21:04.0432 1760 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:21:04.0432 1760 MRxDAV - ok
22:21:04.0463 1760 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:04.0463 1760 mrxsmb - ok
22:21:04.0494 1760 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:04.0510 1760 mrxsmb10 - ok
22:21:04.0525 1760 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:04.0525 1760 mrxsmb20 - ok
22:21:04.0541 1760 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
22:21:04.0556 1760 msahci - ok
22:21:04.0572 1760 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:21:04.0572 1760 msdsm - ok
22:21:04.0588 1760 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:21:04.0603 1760 MSDTC - ok
22:21:04.0650 1760 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:21:04.0650 1760 Msfs - ok
22:21:04.0650 1760 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:21:04.0666 1760 mshidkmdf - ok
22:21:04.0666 1760 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:21:04.0666 1760 msisadrv - ok
22:21:04.0712 1760 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:21:04.0712 1760 MSiSCSI - ok
22:21:04.0728 1760 msiserver - ok
22:21:04.0759 1760 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:21:04.0759 1760 MSKSSRV - ok
22:21:04.0775 1760 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:04.0775 1760 MSPCLOCK - ok
22:21:04.0790 1760 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:21:04.0790 1760 MSPQM - ok
22:21:04.0822 1760 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:21:04.0822 1760 MsRPC - ok
22:21:04.0837 1760 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:21:04.0837 1760 mssmbios - ok
22:21:04.0853 1760 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:21:04.0853 1760 MSTEE - ok
22:21:04.0868 1760 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:21:04.0868 1760 MTConfig - ok
22:21:04.0884 1760 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:21:04.0900 1760 Mup - ok
22:21:04.0931 1760 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
22:21:04.0946 1760 napagent - ok
22:21:04.0993 1760 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:21:05.0009 1760 NativeWifiP - ok
22:21:05.0071 1760 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
22:21:05.0102 1760 NDIS - ok
22:21:05.0118 1760 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:05.0118 1760 NdisCap - ok
22:21:05.0134 1760 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:05.0134 1760 NdisTapi - ok
22:21:05.0149 1760 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:05.0165 1760 Ndisuio - ok
22:21:05.0165 1760 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:05.0180 1760 NdisWan - ok
22:21:05.0196 1760 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:21:05.0196 1760 NDProxy - ok
22:21:05.0212 1760 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:21:05.0212 1760 NetBIOS - ok
22:21:05.0227 1760 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:21:05.0227 1760 NetBT - ok
22:21:05.0258 1760 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:21:05.0258 1760 Netlogon - ok
22:21:05.0321 1760 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:21:05.0321 1760 Netman - ok
22:21:05.0352 1760 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:21:05.0368 1760 netprofm - ok
22:21:05.0430 1760 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:05.0446 1760 NetTcpPortSharing - ok
22:21:05.0477 1760 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:21:05.0477 1760 nfrd960 - ok
22:21:05.0508 1760 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
22:21:05.0508 1760 NlaSvc - ok
22:21:05.0524 1760 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:21:05.0524 1760 Npfs - ok
22:21:05.0539 1760 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:21:05.0539 1760 nsi - ok
22:21:05.0539 1760 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:21:05.0539 1760 nsiproxy - ok
22:21:05.0617 1760 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
22:21:05.0648 1760 Ntfs - ok
22:21:05.0836 1760 ntrtscan (afefa4a7dab65da3fbeb6ec7b01e7d42) c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
22:21:05.0867 1760 ntrtscan - ok
22:21:06.0007 1760 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:21:06.0007 1760 Null - ok
22:21:06.0038 1760 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
22:21:06.0054 1760 nvraid - ok
22:21:06.0085 1760 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
22:21:06.0085 1760 nvstor - ok
22:21:06.0101 1760 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:21:06.0101 1760 nv_agp - ok
22:21:06.0132 1760 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:21:06.0132 1760 ohci1394 - ok
22:21:06.0210 1760 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:06.0210 1760 ose - ok
22:21:06.0460 1760 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:21:06.0553 1760 osppsvc - ok
22:21:06.0694 1760 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:21:06.0709 1760 p2pimsvc - ok
22:21:06.0740 1760 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:21:06.0756 1760 p2psvc - ok
22:21:06.0787 1760 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:21:06.0803 1760 Parport - ok
22:21:06.0803 1760 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:21:06.0803 1760 partmgr - ok
22:21:06.0818 1760 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:21:06.0818 1760 Parvdm - ok
22:21:06.0850 1760 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:21:06.0850 1760 PcaSvc - ok
22:21:06.0881 1760 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:21:06.0881 1760 pci - ok
22:21:06.0896 1760 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:21:06.0896 1760 pciide - ok
22:21:06.0928 1760 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:21:06.0928 1760 pcmcia - ok
22:21:06.0943 1760 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:21:06.0943 1760 pcw - ok
22:21:06.0974 1760 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:21:06.0990 1760 PEAUTH - ok
22:21:07.0084 1760 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
22:21:07.0115 1760 pla - ok
22:21:07.0271 1760 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
22:21:07.0286 1760 PlugPlay - ok
22:21:07.0286 1760 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:21:07.0302 1760 PNRPAutoReg - ok
22:21:07.0318 1760 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:21:07.0318 1760 PNRPsvc - ok
22:21:07.0364 1760 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
22:21:07.0380 1760 PolicyAgent - ok
22:21:07.0411 1760 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
22:21:07.0411 1760 Power - ok
22:21:07.0474 1760 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:07.0474 1760 PptpMiniport - ok
22:21:07.0489 1760 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:21:07.0489 1760 Processor - ok
22:21:07.0520 1760 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
22:21:07.0520 1760 ProfSvc - ok
22:21:07.0552 1760 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:21:07.0552 1760 ProtectedStorage - ok
22:21:07.0583 1760 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:21:07.0598 1760 Psched - ok
22:21:07.0614 1760 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
22:21:07.0614 1760 PxHelp20 - ok
22:21:07.0676 1760 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:21:07.0723 1760 ql2300 - ok
22:21:07.0848 1760 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:21:07.0864 1760 ql40xx - ok
22:21:07.0895 1760 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:21:07.0895 1760 QWAVE - ok
22:21:07.0910 1760 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:21:07.0910 1760 QWAVEdrv - ok
22:21:07.0926 1760 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:07.0926 1760 RasAcd - ok
22:21:07.0942 1760 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:07.0957 1760 RasAgileVpn - ok
22:21:07.0973 1760 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:21:07.0973 1760 RasAuto - ok
22:21:07.0988 1760 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:07.0988 1760 Rasl2tp - ok
22:21:08.0035 1760 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
22:21:08.0051 1760 RasMan - ok
22:21:08.0098 1760 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:08.0098 1760 RasPppoe - ok
22:21:08.0113 1760 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:08.0113 1760 RasSstp - ok
22:21:08.0129 1760 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:08.0144 1760 rdbss - ok
22:21:08.0160 1760 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:21:08.0160 1760 rdpbus - ok
22:21:08.0176 1760 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:08.0176 1760 RDPCDD - ok
22:21:08.0207 1760 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:21:08.0207 1760 RDPENCDD - ok
22:21:08.0222 1760 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:21:08.0222 1760 RDPREFMP - ok
22:21:08.0269 1760 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
22:21:08.0269 1760 RDPWD - ok
22:21:08.0300 1760 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:21:08.0300 1760 rdyboost - ok
22:21:08.0332 1760 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:21:08.0332 1760 RemoteAccess - ok
22:21:08.0347 1760 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:21:08.0363 1760 RemoteRegistry - ok
22:21:08.0394 1760 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:21:08.0394 1760 RFCOMM - ok
22:21:08.0410 1760 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:21:08.0410 1760 RpcEptMapper - ok
22:21:08.0425 1760 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:21:08.0425 1760 RpcLocator - ok
22:21:08.0472 1760 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
22:21:08.0472 1760 RpcSs - ok
22:21:08.0503 1760 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:08.0503 1760 rspndr - ok
22:21:08.0566 1760 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\Windows\system32\Drivers\RtsUStor.sys
22:21:08.0566 1760 RSUSBSTOR - ok
22:21:08.0612 1760 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:21:08.0628 1760 RTL8167 - ok
22:21:08.0659 1760 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:21:08.0659 1760 SamSs - ok
22:21:08.0690 1760 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:21:08.0690 1760 sbp2port - ok
22:21:08.0706 1760 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:21:08.0706 1760 SCardSvr - ok
22:21:08.0722 1760 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:21:08.0722 1760 scfilter - ok
22:21:08.0768 1760 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
22:21:08.0815 1760 Schedule - ok
22:21:08.0831 1760 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
22:21:08.0831 1760 SCPolicySvc - ok
22:21:08.0846 1760 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
22:21:08.0862 1760 SDRSVC - ok
22:21:08.0878 1760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:21:08.0893 1760 secdrv - ok
22:21:08.0893 1760 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:21:08.0909 1760 seclogon - ok
22:21:08.0940 1760 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:21:08.0940 1760 SENS - ok
22:21:08.0956 1760 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:21:08.0971 1760 SensrSvc - ok
22:21:08.0987 1760 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:21:08.0987 1760 Serenum - ok
22:21:09.0002 1760 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:21:09.0002 1760 Serial - ok
22:21:09.0018 1760 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:21:09.0018 1760 sermouse - ok
22:21:09.0034 1760 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
22:21:09.0049 1760 SessionEnv - ok
22:21:09.0065 1760 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:21:09.0065 1760 sffdisk - ok
22:21:09.0080 1760 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:21:09.0080 1760 sffp_mmc - ok
22:21:09.0096 1760 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:21:09.0096 1760 sffp_sd - ok
22:21:09.0112 1760 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:21:09.0112 1760 sfloppy - ok
22:21:09.0174 1760 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:21:09.0190 1760 SharedAccess - ok
22:21:09.0205 1760 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
22:21:09.0205 1760 ShellHWDetection - ok
22:21:09.0236 1760 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:21:09.0236 1760 sisagp - ok
22:21:09.0268 1760 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:21:09.0268 1760 SiSRaid2 - ok
22:21:09.0283 1760 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:21:09.0283 1760 SiSRaid4 - ok
22:21:09.0314 1760 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:21:09.0330 1760 Smb - ok
22:21:09.0361 1760 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:21:09.0361 1760 SNMPTRAP - ok
22:21:09.0392 1760 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:21:09.0392 1760 spldr - ok
22:21:09.0424 1760 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
22:21:09.0424 1760 Spooler - ok
22:21:09.0564 1760 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
22:21:09.0580 1760 sppsvc - ok
22:21:09.0704 1760 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
22:21:09.0720 1760 sppuinotify - ok
22:21:09.0751 1760 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
22:21:09.0767 1760 srv - ok
22:21:09.0798 1760 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
22:21:09.0814 1760 srv2 - ok
22:21:09.0845 1760 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:09.0845 1760 srvnet - ok
22:21:09.0860 1760 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:21:09.0876 1760 SSDPSRV - ok
22:21:09.0876 1760 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:21:09.0892 1760 SstpSvc - ok
22:21:09.0985 1760 STacSV (fbaa145c28074c853529050914d405c6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
22:21:09.0985 1760 STacSV - ok
22:21:10.0032 1760 stdcfltn (73d7a81e3af7763aa627d99f50bd3f49) C:\Windows\system32\DRIVERS\stdcfltn.sys
22:21:10.0048 1760 stdcfltn - ok
22:21:10.0063 1760 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:21:10.0063 1760 stexstor - ok
22:21:10.0126 1760 STHDA (06cbb271f42ef70fb6ef372c491ba9aa) C:\Windows\system32\DRIVERS\stwrt.sys
22:21:10.0141 1760 STHDA - ok
22:21:10.0172 1760 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
22:21:10.0188 1760 StiSvc - ok
22:21:10.0297 1760 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:21:10.0297 1760 stllssvr - ok
22:21:10.0375 1760 svcGenericHost (01fbcc8f2c30eb1faf9a477fa53c6655) c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
22:21:10.0375 1760 svcGenericHost - ok
22:21:10.0406 1760 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:21:10.0406 1760 swenum - ok
22:21:10.0438 1760 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:21:10.0453 1760 swprv - ok
22:21:10.0516 1760 SynTP (cf196a45fd61118c95585489fad5b2aa) C:\Windows\system32\DRIVERS\SynTP.sys
22:21:10.0531 1760 SynTP - ok
22:21:10.0578 1760 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
22:21:10.0625 1760 SysMain - ok
22:21:10.0656 1760 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
22:21:10.0656 1760 TabletInputService - ok
22:21:10.0672 1760 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
22:21:10.0687 1760 TapiSrv - ok
22:21:10.0703 1760 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:21:10.0703 1760 TBS - ok
22:21:10.0812 1760 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
22:21:10.0843 1760 Tcpip - ok
22:21:10.0859 1760 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:10.0859 1760 TCPIP6 - ok
22:21:10.0906 1760 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:21:10.0906 1760 tcpipreg - ok
22:21:10.0921 1760 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:21:10.0921 1760 TDPIPE - ok
22:21:10.0952 1760 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
22:21:10.0952 1760 TDTCP - ok
22:21:10.0984 1760 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:21:10.0984 1760 tdx - ok
22:21:10.0999 1760 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:21:11.0015 1760 TermDD - ok
22:21:11.0046 1760 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
22:21:11.0062 1760 TermService - ok
22:21:11.0077 1760 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:21:11.0077 1760 Themes - ok
22:21:11.0108 1760 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:21:11.0108 1760 THREADORDER - ok
22:21:11.0124 1760 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\Windows\system32\DRIVERS\tmactmon.sys
22:21:11.0140 1760 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tmactmon.sys. md5: ca9e9c2c04a198ed345c1752222a5f3e
22:21:11.0140 1760 tmactmon ( LockedFile.Multi.Generic ) - warning
22:21:11.0140 1760 tmactmon - detected LockedFile.Multi.Generic (1)
22:21:11.0233 1760 TMBMServer (4d69206e3a3e665221fdd7e397106405) c:\Program Files\Trend Micro\BM\TMBMSRV.exe
22:21:11.0233 1760 Suspicious file (NoAccess): c:\Program Files\Trend Micro\BM\TMBMSRV.exe. md5: 4d69206e3a3e665221fdd7e397106405
22:21:11.0233 1760 TMBMServer ( LockedFile.Multi.Generic ) - warning
22:21:11.0233 1760 TMBMServer - detected LockedFile.Multi.Generic (1)
22:21:11.0296 1760 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\Windows\system32\DRIVERS\tmcomm.sys
22:21:11.0311 1760 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tmcomm.sys. md5: a3d20789b3ff0576a29462bef25bcfcc
22:21:11.0311 1760 tmcomm ( LockedFile.Multi.Generic ) - warning
22:21:11.0311 1760 tmcomm - detected LockedFile.Multi.Generic (1)
22:21:11.0311 1760 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
22:21:11.0327 1760 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tmevtmgr.sys. md5: 21f215e54770c4bf93efaf63f58fe57e
22:21:11.0327 1760 tmevtmgr ( LockedFile.Multi.Generic ) - warning
22:21:11.0327 1760 tmevtmgr - detected LockedFile.Multi.Generic (1)
22:21:11.0374 1760 TmFilter (1d84c335eb869bbe64543c6945a1f3c9) c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
22:21:11.0374 1760 TmFilter - ok
22:21:11.0436 1760 tmlisten (3062bab9c0f90577674bc2d006eb9efa) c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
22:21:11.0452 1760 tmlisten - ok
22:21:11.0498 1760 TmPfw (255328cf08d602368b69ff1f55ebd93e) c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
22:21:11.0514 1760 TmPfw - ok
22:21:11.0530 1760 TmPreFilter (7aab3fef8b19ae023ee05386f1b0a5dd) c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
22:21:11.0530 1760 TmPreFilter - ok
22:21:11.0576 1760 TmProxy (0fec6c50b2be07c57651573cdd1c721f) c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
22:21:11.0608 1760 TmProxy - ok
22:21:11.0732 1760 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
22:21:11.0732 1760 tmtdi - ok
22:21:11.0779 1760 tosrfsnd - ok
22:21:11.0810 1760 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:21:11.0810 1760 TrkWks - ok
22:21:11.0857 1760 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
22:21:11.0857 1760 TrustedInstaller - ok
22:21:11.0888 1760 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:11.0888 1760 tssecsrv - ok
22:21:11.0935 1760 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:21:11.0951 1760 tunnel - ok
22:21:11.0966 1760 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:21:11.0966 1760 uagp35 - ok
22:21:11.0998 1760 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
22:21:11.0998 1760 udfs - ok
22:21:12.0029 1760 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:21:12.0029 1760 UI0Detect - ok
22:21:12.0044 1760 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:21:12.0044 1760 uliagpkx - ok
22:21:12.0091 1760 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:21:12.0091 1760 umbus - ok
22:21:12.0122 1760 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:21:12.0138 1760 UmPass - ok
22:21:12.0481 1760 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:21:12.0497 1760 UNS - ok
22:21:12.0622 1760 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:21:12.0637 1760 upnphost - ok
22:21:12.0668 1760 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:21:12.0668 1760 USBAAPL - ok
22:21:12.0700 1760 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:12.0700 1760 usbccgp - ok
22:21:12.0762 1760 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:21:12.0762 1760 usbcir - ok
22:21:12.0778 1760 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
22:21:12.0793 1760 usbehci - ok
22:21:12.0840 1760 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
22:21:12.0856 1760 usbhub - ok
22:21:12.0871 1760 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
22:21:12.0871 1760 usbohci - ok
22:21:12.0887 1760 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:21:12.0887 1760 usbprint - ok
22:21:12.0902 1760 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:12.0918 1760 USBSTOR - ok
22:21:12.0934 1760 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
22:21:12.0934 1760 usbuhci - ok
22:21:12.0980 1760 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
22:21:12.0996 1760 usbvideo - ok
22:21:12.0996 1760 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:21:12.0996 1760 UxSms - ok
22:21:13.0027 1760 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:21:13.0027 1760 VaultSvc - ok
22:21:13.0043 1760 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:21:13.0043 1760 vdrvroot - ok
22:21:13.0074 1760 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
22:21:13.0090 1760 vds - ok
22:21:13.0105 1760 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:13.0105 1760 vga - ok
22:21:13.0121 1760 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:21:13.0136 1760 VgaSave - ok
22:21:13.0152 1760 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:21:13.0152 1760 vhdmp - ok
22:21:13.0199 1760 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:21:13.0199 1760 viaagp - ok
22:21:13.0214 1760 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:21:13.0214 1760 ViaC7 - ok
22:21:13.0246 1760 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:21:13.0246 1760 viaide - ok
22:21:13.0261 1760 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:21:13.0261 1760 volmgr - ok
22:21:13.0292 1760 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:21:13.0308 1760 volmgrx - ok
22:21:13.0324 1760 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:21:13.0324 1760 volsnap - ok
22:21:13.0480 1760 VSApiNt (8b9325c1d1167a703042986df758d799) c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
22:21:13.0511 1760 VSApiNt - ok
22:21:13.0651 1760 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:21:13.0651 1760 vsmraid - ok
22:21:13.0714 1760 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
22:21:13.0714 1760 VSS - ok
22:21:13.0729 1760 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:21:13.0729 1760 vwifibus - ok
22:21:13.0760 1760 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:21:13.0760 1760 vwififlt - ok
22:21:13.0792 1760 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:21:13.0807 1760 W32Time - ok
22:21:13.0823 1760 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:21:13.0838 1760 WacomPen - ok
22:21:13.0870 1760 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:13.0870 1760 WANARP - ok
22:21:13.0870 1760 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:13.0870 1760 Wanarpv6 - ok
22:21:13.0948 1760 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:21:13.0963 1760 WatAdminSvc - ok
22:21:14.0041 1760 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
22:21:14.0041 1760 wbengine - ok
22:21:14.0072 1760 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:21:14.0088 1760 WbioSrvc - ok
22:21:14.0135 1760 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
22:21:14.0150 1760 wcncsvc - ok
22:21:14.0166 1760 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:21:14.0166 1760 WcsPlugInService - ok
22:21:14.0197 1760 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:21:14.0213 1760 Wd - ok
22:21:14.0228 1760 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:21:14.0244 1760 Wdf01000 - ok
22:21:14.0260 1760 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:21:14.0260 1760 WdiServiceHost - ok
22:21:14.0260 1760 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:21:14.0275 1760 WdiSystemHost - ok
22:21:14.0306 1760 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
22:21:14.0306 1760 WebClient - ok
22:21:14.0338 1760 websensewfreportserver - ok
22:21:14.0353 1760 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:21:14.0353 1760 Wecsvc - ok
22:21:14.0369 1760 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:21:14.0369 1760 wercplsupport - ok
22:21:14.0416 1760 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:21:14.0416 1760 WerSvc - ok
22:21:14.0462 1760 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:14.0462 1760 WfpLwf - ok
22:21:14.0478 1760 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:21:14.0478 1760 WIMMount - ok
22:21:14.0572 1760 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:21:14.0587 1760 WinDefend - ok
22:21:14.0603 1760 WinHttpAutoProxySvc - ok
22:21:14.0650 1760 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:21:14.0650 1760 Winmgmt - ok
22:21:14.0728 1760 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
22:21:14.0743 1760 WinRM - ok
22:21:14.0806 1760 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
22:21:14.0806 1760 WinUsb - ok
22:21:14.0868 1760 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:21:14.0899 1760 Wlansvc - ok
22:21:14.0962 1760 wltrysvc (7fff34ae69dfb80f7b190aba31e00610) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
22:21:14.0977 1760 wltrysvc - ok
22:21:15.0040 1760 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:21:15.0040 1760 WmiAcpi - ok
22:21:15.0133 1760 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:21:15.0133 1760 wmiApSrv - ok
22:21:15.0242 1760 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:21:15.0242 1760 WMPNetworkSvc - ok
22:21:15.0274 1760 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:21:15.0274 1760 WPCSvc - ok
22:21:15.0289 1760 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
22:21:15.0289 1760 WPDBusEnum - ok
22:21:15.0320 1760 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:21:15.0336 1760 ws2ifsl - ok
22:21:15.0383 1760 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
22:21:15.0398 1760 wscsvc - ok
22:21:15.0398 1760 WSearch - ok
22:21:15.0476 1760 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
22:21:15.0539 1760 wuauserv - ok
22:21:15.0648 1760 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
22:21:15.0648 1760 WudfPf - ok
22:21:15.0679 1760 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:15.0679 1760 WUDFRd - ok
22:21:15.0710 1760 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
22:21:15.0726 1760 wudfsvc - ok
22:21:15.0742 1760 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:21:15.0757 1760 WwanSvc - ok
22:21:15.0788 1760 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
22:21:15.0866 1760 \Device\Harddisk0\DR0 - ok
22:21:15.0866 1760 MBR (0x1B8) (9ccc54e6a70d14b4ce5d0f583eeae541) \Device\Harddisk1\DR1
22:21:16.0756 1760 \Device\Harddisk1\DR1 - ok
22:21:16.0787 1760 Boot (0x1200) (9ef84b19dbc8bb52e5eebad4d47fc152) \Device\Harddisk0\DR0\Partition0
22:21:16.0787 1760 \Device\Harddisk0\DR0\Partition0 - ok
22:21:16.0802 1760 Boot (0x1200) (1b2b6cfde8931c4391ba2197c5e22a91) \Device\Harddisk0\DR0\Partition1
22:21:16.0802 1760 \Device\Harddisk0\DR0\Partition1 - ok
22:21:16.0802 1760 ============================================================
22:21:16.0802 1760 Scan finished
22:21:16.0802 1760 ============================================================
22:21:16.0849 5936 Detected object count: 5
22:21:16.0849 5936 Actual detected object count: 5
22:21:42.0808 5936 AFD ( Virus.Win32.ZAccess.k ) - skipped by user
22:21:42.0808 5936 AFD ( Virus.Win32.ZAccess.k ) - User select action: Skip
22:21:42.0808 5936 tmactmon ( LockedFile.Multi.Generic ) - skipped by user
22:21:42.0808 5936 tmactmon ( LockedFile.Multi.Generic ) - User select action: Skip
22:21:42.0808 5936 TMBMServer ( LockedFile.Multi.Generic ) - skipped by user
22:21:42.0808 5936 TMBMServer ( LockedFile.Multi.Generic ) - User select action: Skip
22:21:42.0808 5936 tmcomm ( LockedFile.Multi.Generic ) - skipped by user
22:21:42.0808 5936 tmcomm ( LockedFile.Multi.Generic ) - User select action: Skip
22:21:42.0808 5936 tmevtmgr ( LockedFile.Multi.Generic ) - skipped by user
22:21:42.0808 5936 tmevtmgr ( LockedFile.Multi.Generic ) - User select action: Skip



and then the second Attach DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/9/2010 11:16:09 AM
System Uptime: 4/26/2012 9:54:07 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G2R51
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 2394/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 209.036 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: HTTP
Device ID: ROOT\LEGACY_HTTP\0000
Manufacturer:
Name: HTTP
PNP Device ID: ROOT\LEGACY_HTTP\0000
Service: HTTP
.
==== System Restore Points ===================
.
RP83: 3/22/2012 12:28:54 AM - Scheduled Checkpoint
RP84: 3/27/2012 9:35:48 PM - Windows Update
RP85: 4/4/2012 2:17:27 PM - Scheduled Checkpoint
RP86: 4/22/2012 3:00:37 AM - Windows Update
RP87: 4/24/2012 7:00:12 PM - Installed Java(TM) 6 Update 31
RP88: 4/25/2012 2:10:59 PM - Restore Operation
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Advanced Audio FX Engine
ALOT Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Bing Bar
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Community Smartbar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Central
Driver Genius Professional Edition
DW WLAN Card Utility
File Type Assistant
Free File Viewer 2011
FrostWire 4.21.3
Genieo
GIMP 2.6.11
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
ooVoo
Picasa 3
QuickSet32
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Toolbars
Skype™ 5.0
Smart PC Cleaner v3.0
Spybot - Search & Destroy
Trend Micro Client/Server Security Agent
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
4/26/2012 8:45:59 AM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
4/26/2012 8:45:59 AM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
4/26/2012 10:23:27 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/26/2012 10:20:40 PM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
4/26/2012 10:20:40 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
4/26/2012 10:20:39 PM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
4/26/2012 10:20:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/26/2012 10:20:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/25/2012 8:27:31 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
4/25/2012 8:27:31 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.
4/25/2012 8:23:41 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
4/25/2012 8:21:39 AM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: A socket operation encountered a dead network.
4/25/2012 2:25:19 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
4/25/2012 2:24:57 PM, Error: Service Control Manager [7003] - The Trend Micro Client/Server Security Agent Personal Firewall service depends the following service: tmlwf. This service might not be installed.
4/25/2012 2:23:13 PM, Error: Service Control Manager [7023] - The Tfsnopio service terminated with the following error: The specified module could not be found.
4/25/2012 2:23:13 PM, Error: Service Control Manager [7023] - The Oracleorahome92tnslistener service terminated with the following error: The specified module could not be found.
4/25/2012 2:23:13 PM, Error: Service Control Manager [7023] - The JL2005C service terminated with the following error: The specified module could not be found.
4/25/2012 2:23:12 PM, Error: Service Control Manager [7023] - The MicroSoft Team Access service terminated with the following error: The specified module could not be found.
4/25/2012 2:23:11 PM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
4/25/2012 2:19:01 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
4/25/2012 2:19:01 PM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The pipe has been ended.
4/25/2012 12:01:05 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/24/2012 9:12:48 PM, Error: Service Control Manager [7034] - The Tfsnopio service terminated unexpectedly. It has done this 1 time(s).
4/24/2012 7:56:50 PM, Error: Service Control Manager [7034] - The Fasttraksvc service terminated unexpectedly. It has done this 1 time(s).
4/24/2012 7:50:16 PM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Personal Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: The system cannot find the file specified.
4/24/2012 7:50:16 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: The system cannot find the file specified.
4/24/2012 7:49:58 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/24/2012 6:49:59 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
4/24/2012 6:19:03 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
4/24/2012 401 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
4/24/2012 4:05:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
4/24/2012 3:40:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wcncsvc service.
4/24/2012 3:40:44 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2012 11:51:32 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/24/2012 11:42:51 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/24/2012 11:42:51 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
4/24/2012 11:42:48 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/22/2012 5:00:05 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/21/2012 11:41:06 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
.
==== End Of File ===========================



Thanks for the help

Steve
jenningsfamily is offline  
Sponsored Links
Advertisement
 
Old 04-26-2012, 08:31 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Just a bit more if you don't mind. Download SystemLook from one of the links below and save it to your desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    afd.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-26-2012, 08:41 PM   #5
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



ok here is that log

SystemLook 30.07.11 by jpshortstuff
Log created at 22:38 on 26/04/2012 by Amanda
Administrator - Elevation successful
========== filefind ==========
Searching for "afd.sys"
C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [18:58 16/06/2011] [02:35 25/04/2011] 8A2B241289DFF99B1D7FEC000A0BDB14
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [18:58 16/06/2011] [02:35 25/04/2011] 8A2B241289DFF99B1D7FEC000A0BDB14
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [18:58 16/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [18:58 16/06/2011] [02:18 25/04/2011] 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [18:58 16/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5
-= EOF =-

Steve
jenningsfamily is offline  
Old 04-26-2012, 08:46 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Okay, now we can safely continue.

Run TDSSKiller again, and allow it to Cure AFD. Reboot when prompted.

Disable your AV and immediately run this CFScript:

pen notepad and copy/paste the text in the code box below into it:

Quote:
NetSvc::
tosrfsnd
websensewfreportserver
rt61
vpcnfltr
ip6fw

Driver::
tosrfsnd
websensewfreportserver
rt61
vpcnfltr
ip6fw
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt Post that log, along with the TDSSKiller log in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-26-2012, 09:35 PM   #7
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



immediately run this CFScript:

do I need to do this using the command prompt? or just type it and save it in notepad and then drag and drop in into the combofix.exe
jenningsfamily is offline  
Old 04-27-2012, 04:03 AM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Since you've already run ComboFix on this machine, all you need to do is drag and drop as instructed.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-27-2012, 06:47 AM   #9
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



here is the TDSS

22:51:43.0730 4328 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:51:43.0745 4328 ============================================================
22:51:43.0745 4328 Current date / time: 2012/04/26 22:51:43.0745
22:51:43.0745 4328 SystemInfo:
22:51:43.0745 4328
22:51:43.0745 4328 OS Version: 6.1.7600 ServicePack: 0.0
22:51:43.0745 4328 Product type: Workstation
22:51:43.0745 4328 ComputerName: AMANDA-PC
22:51:43.0745 4328 UserName: Amanda
22:51:43.0745 4328 Windows directory: C:\Windows
22:51:43.0745 4328 System windows directory: C:\Windows
22:51:43.0745 4328 Processor architecture: Intel x86
22:51:43.0745 4328 Number of processors: 4
22:51:43.0745 4328 Page size: 0x1000
22:51:43.0745 4328 Boot type: Normal boot
22:51:43.0745 4328 ============================================================
22:51:44.0291 4328 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:51:44.0307 4328 Drive \Device\Harddisk1\DR5 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:51:44.0307 4328 ============================================================
22:51:44.0307 4328 \Device\Harddisk0\DR0:
22:51:44.0307 4328 MBR partitions:
22:51:44.0307 4328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
22:51:44.0307 4328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
22:51:44.0307 4328 \Device\Harddisk1\DR5:
22:51:44.0307 4328 MBR partitions:
22:51:44.0307 4328 ============================================================
22:51:44.0338 4328 C: <-> \Device\Harddisk0\DR0\Partition1
22:51:44.0338 4328 ============================================================
22:51:44.0338 4328 Initialize success
22:51:44.0338 4328 ============================================================
22:51:45.0929 2816 ============================================================
22:51:45.0929 2816 Scan started
22:51:45.0929 2816 Mode: Manual;
22:51:45.0929 2816 ============================================================
22:51:47.0177 2816 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
22:51:47.0177 2816 1394ohci - ok
22:51:47.0240 2816 Acceler (eb008a36206bf9d0de3c5f9df67d20d8) C:\Windows\system32\DRIVERS\Accelern.sys
22:51:47.0255 2816 Acceler - ok
22:51:47.0302 2816 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:51:47.0302 2816 ACPI - ok
22:51:47.0318 2816 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:51:47.0318 2816 AcpiPmi - ok
22:51:47.0380 2816 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:51:47.0396 2816 AdobeFlashPlayerUpdateSvc - ok
22:51:47.0536 2816 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:51:47.0536 2816 adp94xx - ok
22:51:47.0770 2816 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:51:47.0770 2816 adpahci - ok
22:51:47.0817 2816 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:51:47.0817 2816 adpu320 - ok
22:51:47.0832 2816 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:51:47.0832 2816 AeLookupSvc - ok
22:51:47.0942 2816 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
22:51:47.0942 2816 AESTFilters - ok
22:51:48.0020 2816 AFD (8a2b241289dff99b1d7fec000a0bdb14) C:\Windows\system32\drivers\afd.sys
22:51:48.0020 2816 AFD ( Virus.Win32.ZAccess.k ) - infected
22:51:48.0020 2816 AFD - detected Virus.Win32.ZAccess.k (0)
22:51:48.0051 2816 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:51:48.0051 2816 agp440 - ok
22:51:48.0082 2816 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:51:48.0082 2816 aic78xx - ok
22:51:48.0129 2816 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:51:48.0129 2816 ALG - ok
22:51:48.0160 2816 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:51:48.0160 2816 aliide - ok
22:51:48.0176 2816 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:51:48.0176 2816 amdagp - ok
22:51:48.0191 2816 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:51:48.0191 2816 amdide - ok
22:51:48.0207 2816 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:51:48.0207 2816 AmdK8 - ok
22:51:48.0222 2816 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:51:48.0222 2816 AmdPPM - ok
22:51:48.0238 2816 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
22:51:48.0254 2816 amdsata - ok
22:51:48.0285 2816 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:51:48.0285 2816 amdsbs - ok
22:51:48.0300 2816 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
22:51:48.0300 2816 amdxata - ok
22:51:48.0332 2816 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:51:48.0332 2816 AppID - ok
22:51:48.0363 2816 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:51:48.0363 2816 AppIDSvc - ok
22:51:48.0394 2816 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
22:51:48.0394 2816 Appinfo - ok
22:51:48.0534 2816 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:51:48.0534 2816 Apple Mobile Device - ok
22:51:48.0581 2816 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:51:48.0597 2816 arc - ok
22:51:48.0612 2816 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:51:48.0612 2816 arcsas - ok
22:51:48.0644 2816 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:48.0644 2816 AsyncMac - ok
22:51:48.0690 2816 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:51:48.0690 2816 atapi - ok
22:51:48.0753 2816 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
22:51:48.0753 2816 AudioEndpointBuilder - ok
22:51:48.0753 2816 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
22:51:48.0753 2816 Audiosrv - ok
22:51:48.0831 2816 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
22:51:48.0831 2816 AxInstSV - ok
22:51:48.0878 2816 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:51:48.0878 2816 b06bdrv - ok
22:51:48.0909 2816 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:51:48.0909 2816 b57nd60x - ok
22:51:49.0049 2816 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:51:49.0049 2816 BBSvc - ok
22:51:49.0096 2816 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:51:49.0096 2816 BBUpdate - ok
22:51:49.0127 2816 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
22:51:49.0127 2816 BCM42RLY - ok
22:51:49.0268 2816 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:51:49.0283 2816 BCM43XX - ok
22:51:49.0470 2816 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:51:49.0470 2816 BDESVC - ok
22:51:49.0517 2816 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:51:49.0517 2816 Beep - ok
22:51:49.0595 2816 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
22:51:49.0595 2816 BFE - ok
22:51:49.0658 2816 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
22:51:49.0658 2816 BITS - ok
22:51:49.0673 2816 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:51:49.0673 2816 blbdrive - ok
22:51:49.0814 2816 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:51:49.0814 2816 Bonjour Service - ok
22:51:49.0829 2816 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
22:51:49.0829 2816 bowser - ok
22:51:49.0845 2816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:51:49.0845 2816 BrFiltLo - ok
22:51:49.0860 2816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:51:49.0860 2816 BrFiltUp - ok
22:51:49.0876 2816 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:51:49.0892 2816 BridgeMP - ok
22:51:49.0907 2816 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
22:51:49.0907 2816 Browser - ok
22:51:49.0938 2816 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:51:49.0938 2816 Brserid - ok
22:51:49.0954 2816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:51:49.0954 2816 BrSerWdm - ok
22:51:49.0954 2816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:49.0970 2816 BrUsbMdm - ok
22:51:49.0970 2816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:49.0970 2816 BrUsbSer - ok
22:51:50.0016 2816 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
22:51:50.0016 2816 BthEnum - ok
22:51:50.0032 2816 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:50.0032 2816 BTHMODEM - ok
22:51:50.0063 2816 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:51:50.0063 2816 BthPan - ok
22:51:50.0110 2816 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\system32\Drivers\BTHport.sys
22:51:50.0110 2816 BTHPORT - ok
22:51:50.0157 2816 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:51:50.0157 2816 bthserv - ok
22:51:50.0172 2816 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\system32\Drivers\BTHUSB.sys
22:51:50.0172 2816 BTHUSB - ok
22:51:50.0188 2816 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
22:51:50.0188 2816 btwaudio - ok
22:51:50.0235 2816 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
22:51:50.0235 2816 btwavdt - ok
22:51:50.0313 2816 btwdins (45f36763576b8ae91e809337dc7ce4e6) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:51:50.0328 2816 btwdins - ok
22:51:50.0360 2816 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:51:50.0360 2816 btwl2cap - ok
22:51:50.0391 2816 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
22:51:50.0391 2816 btwrchid - ok
22:51:50.0469 2816 catchme - ok
22:51:50.0516 2816 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:50.0531 2816 cdfs - ok
22:51:50.0562 2816 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:51:50.0578 2816 cdrom - ok
22:51:50.0609 2816 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
22:51:50.0625 2816 CertPropSvc - ok
22:51:50.0640 2816 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:51:50.0640 2816 circlass - ok
22:51:50.0656 2816 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:51:50.0656 2816 CLFS - ok
22:51:50.0750 2816 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:51:50.0750 2816 clr_optimization_v2.0.50727_32 - ok
22:51:50.0843 2816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:51:50.0843 2816 clr_optimization_v4.0.30319_32 - ok
22:51:50.0859 2816 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:50.0859 2816 CmBatt - ok
22:51:50.0859 2816 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:51:50.0874 2816 cmdide - ok
22:51:50.0906 2816 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
22:51:50.0906 2816 CNG - ok
22:51:50.0937 2816 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:50.0937 2816 Compbatt - ok
22:51:50.0984 2816 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:51:50.0984 2816 CompositeBus - ok
22:51:50.0999 2816 COMSysApp - ok
22:51:51.0015 2816 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:51:51.0015 2816 crcdisk - ok
22:51:51.0062 2816 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
22:51:51.0062 2816 CryptSvc - ok
22:51:51.0124 2816 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
22:51:51.0124 2816 CtAudDrv - ok
22:51:51.0155 2816 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:51:51.0155 2816 CtClsFlt - ok
22:51:51.0186 2816 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
22:51:51.0202 2816 DcomLaunch - ok
22:51:51.0218 2816 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:51:51.0218 2816 defragsvc - ok
22:51:51.0249 2816 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
22:51:51.0249 2816 DfsC - ok
22:51:51.0280 2816 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
22:51:51.0296 2816 Dhcp - ok
22:51:51.0311 2816 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:51:51.0311 2816 discache - ok
22:51:51.0358 2816 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:51:51.0358 2816 Disk - ok
22:51:51.0374 2816 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
22:51:51.0374 2816 Dnscache - ok
22:51:51.0405 2816 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
22:51:51.0405 2816 dot3svc - ok
22:51:51.0420 2816 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
22:51:51.0436 2816 DPS - ok
22:51:51.0467 2816 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:51:51.0467 2816 drmkaud - ok
22:51:51.0514 2816 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:51.0530 2816 DXGKrnl - ok
22:51:51.0576 2816 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:51:51.0576 2816 EapHost - ok
22:51:51.0717 2816 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:51:51.0732 2816 ebdrv - ok
22:51:51.0857 2816 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
22:51:51.0873 2816 EFS - ok
22:51:51.0935 2816 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
22:51:51.0951 2816 ehRecvr - ok
22:51:51.0966 2816 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:51:51.0966 2816 ehSched - ok
22:51:52.0013 2816 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:51:52.0013 2816 elxstor - ok
22:51:52.0029 2816 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:51:52.0029 2816 ErrDev - ok
22:51:52.0091 2816 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:51:52.0091 2816 EventSystem - ok
22:51:52.0122 2816 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:51:52.0122 2816 exfat - ok
22:51:52.0138 2816 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:51:52.0138 2816 fastfat - ok
22:51:52.0169 2816 FastUserSwitchingCompatibility - ok
22:51:52.0216 2816 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
22:51:52.0232 2816 Fax - ok
22:51:52.0247 2816 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:51:52.0247 2816 fdc - ok
22:51:52.0263 2816 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:51:52.0263 2816 fdPHost - ok
22:51:52.0278 2816 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:51:52.0278 2816 FDResPub - ok
22:51:52.0294 2816 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:51:52.0294 2816 FileInfo - ok
22:51:52.0310 2816 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:51:52.0310 2816 Filetrace - ok
22:51:52.0325 2816 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:52.0325 2816 flpydisk - ok
22:51:52.0341 2816 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:51:52.0341 2816 FltMgr - ok
22:51:52.0403 2816 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
22:51:52.0450 2816 FontCache - ok
22:51:52.0528 2816 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:51:52.0528 2816 FontCache3.0.0.0 - ok
22:51:52.0544 2816 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:51:52.0544 2816 FsDepends - ok
22:51:52.0575 2816 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:52.0590 2816 Fs_Rec - ok
22:51:52.0622 2816 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
22:51:52.0622 2816 fvevol - ok
22:51:52.0668 2816 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:51:52.0668 2816 gagp30kx - ok
22:51:52.0715 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:51:52.0715 2816 GEARAspiWDM - ok
22:51:52.0762 2816 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
22:51:52.0778 2816 gpsvc - ok
22:51:52.0918 2816 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:52.0918 2816 gupdate - ok
22:51:52.0934 2816 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:52.0949 2816 gupdatem - ok
22:51:52.0965 2816 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:51:52.0980 2816 gusvc - ok
22:51:52.0996 2816 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:51:52.0996 2816 hcw85cir - ok
22:51:53.0027 2816 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:51:53.0027 2816 HDAudBus - ok
22:51:53.0058 2816 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
22:51:53.0058 2816 HECI - ok
22:51:53.0074 2816 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:51:53.0074 2816 HidBatt - ok
22:51:53.0090 2816 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:53.0105 2816 HidBth - ok
22:51:53.0136 2816 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:51:53.0136 2816 HidIr - ok
22:51:53.0168 2816 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:51:53.0168 2816 hidserv - ok
22:51:53.0183 2816 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:51:53.0199 2816 HidUsb - ok
22:51:53.0214 2816 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
22:51:53.0214 2816 hkmsvc - ok
22:51:53.0246 2816 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
22:51:53.0246 2816 HomeGroupListener - ok
22:51:53.0277 2816 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
22:51:53.0277 2816 HomeGroupProvider - ok
22:51:53.0308 2816 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:51:53.0308 2816 HpSAMD - ok
22:51:53.0339 2816 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:51:53.0339 2816 HTTP - ok
22:51:53.0386 2816 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:51:53.0386 2816 hwpolicy - ok
22:51:53.0433 2816 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:51:53.0433 2816 i8042prt - ok
22:51:53.0464 2816 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
22:51:53.0464 2816 iaStor - ok
22:51:53.0511 2816 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
22:51:53.0511 2816 iaStorV - ok
22:51:53.0620 2816 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:51:53.0651 2816 idsvc - ok
22:51:54.0010 2816 igfx (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:51:54.0057 2816 igfx - ok
22:51:54.0228 2816 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:51:54.0228 2816 iirsp - ok
22:51:54.0275 2816 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
22:51:54.0322 2816 IKEEXT - ok
22:51:54.0369 2816 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
22:51:54.0369 2816 Impcd - ok
22:51:54.0431 2816 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:51:54.0431 2816 IntcDAud - ok
22:51:54.0462 2816 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:51:54.0462 2816 intelide - ok
22:51:54.0478 2816 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:54.0478 2816 intelppm - ok
22:51:54.0494 2816 ip6fw - ok
22:51:54.0509 2816 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:51:54.0509 2816 IPBusEnum - ok
22:51:54.0525 2816 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:54.0525 2816 IpFilterDriver - ok
22:51:54.0587 2816 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
22:51:54.0603 2816 iphlpsvc - ok
22:51:54.0618 2816 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:51:54.0618 2816 IPMIDRV - ok
22:51:54.0634 2816 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:51:54.0634 2816 IPNAT - ok
22:51:54.0759 2816 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:51:54.0759 2816 iPod Service - ok
22:51:54.0806 2816 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:51:54.0806 2816 IRENUM - ok
22:51:54.0821 2816 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:51:54.0821 2816 isapnp - ok
22:51:54.0852 2816 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:51:54.0852 2816 iScsiPrt - ok
22:51:54.0884 2816 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:54.0884 2816 kbdclass - ok
22:51:54.0930 2816 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:54.0930 2816 kbdhid - ok
22:51:54.0962 2816 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:51:54.0962 2816 KeyIso - ok
22:51:54.0993 2816 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
22:51:54.0993 2816 KSecDD - ok
22:51:55.0024 2816 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
22:51:55.0024 2816 KSecPkg - ok
22:51:55.0055 2816 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:51:55.0071 2816 KtmRm - ok
22:51:55.0102 2816 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
22:51:55.0102 2816 LanmanServer - ok
22:51:55.0133 2816 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
22:51:55.0133 2816 LanmanWorkstation - ok
22:51:55.0196 2816 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:55.0196 2816 lltdio - ok
22:51:55.0211 2816 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:51:55.0227 2816 lltdsvc - ok
22:51:55.0242 2816 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:51:55.0242 2816 lmhosts - ok
22:51:55.0336 2816 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:51:55.0352 2816 LMS - ok
22:51:55.0398 2816 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:51:55.0398 2816 LSI_FC - ok
22:51:55.0414 2816 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:51:55.0414 2816 LSI_SAS - ok
22:51:55.0445 2816 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:51:55.0445 2816 LSI_SAS2 - ok
22:51:55.0461 2816 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:51:55.0461 2816 LSI_SCSI - ok
22:51:55.0492 2816 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:51:55.0492 2816 luafv - ok
22:51:55.0570 2816 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
22:51:55.0586 2816 McComponentHostService - ok
22:51:55.0617 2816 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
22:51:55.0617 2816 Mcx2Svc - ok
22:51:55.0632 2816 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:51:55.0632 2816 megasas - ok
22:51:55.0664 2816 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:51:55.0664 2816 MegaSR - ok
22:51:55.0695 2816 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:51:55.0695 2816 MMCSS - ok
22:51:55.0710 2816 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:51:55.0710 2816 Modem - ok
22:51:55.0742 2816 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:51:55.0757 2816 monitor - ok
22:51:55.0866 2816 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
22:51:55.0866 2816 MotoHelper - ok
22:51:56.0100 2816 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:56.0100 2816 mouclass - ok
22:51:56.0116 2816 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:56.0116 2816 mouhid - ok
22:51:56.0132 2816 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:51:56.0132 2816 mountmgr - ok
22:51:56.0147 2816 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:51:56.0147 2816 mpio - ok
22:51:56.0163 2816 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:51:56.0163 2816 mpsdrv - ok
22:51:56.0256 2816 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
22:51:56.0272 2816 MpsSvc - ok
22:51:56.0303 2816 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:51:56.0303 2816 MRxDAV - ok
22:51:56.0334 2816 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:56.0334 2816 mrxsmb - ok
22:51:56.0366 2816 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:56.0366 2816 mrxsmb10 - ok
22:51:56.0381 2816 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:56.0397 2816 mrxsmb20 - ok
22:51:56.0412 2816 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
22:51:56.0412 2816 msahci - ok
22:51:56.0444 2816 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:51:56.0444 2816 msdsm - ok
22:51:56.0459 2816 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:51:56.0459 2816 MSDTC - ok
22:51:56.0522 2816 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:51:56.0522 2816 Msfs - ok
22:51:56.0537 2816 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:51:56.0537 2816 mshidkmdf - ok
22:51:56.0553 2816 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:51:56.0553 2816 msisadrv - ok
22:51:56.0600 2816 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:51:56.0600 2816 MSiSCSI - ok
22:51:56.0600 2816 msiserver - ok
22:51:56.0646 2816 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:56.0646 2816 MSKSSRV - ok
22:51:56.0662 2816 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:56.0662 2816 MSPCLOCK - ok
22:51:56.0678 2816 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:51:56.0678 2816 MSPQM - ok
22:51:56.0693 2816 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:51:56.0709 2816 MsRPC - ok
22:51:56.0724 2816 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:56.0724 2816 mssmbios - ok
22:51:56.0740 2816 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:51:56.0740 2816 MSTEE - ok
22:51:56.0756 2816 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:51:56.0756 2816 MTConfig - ok
22:51:56.0771 2816 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:51:56.0771 2816 Mup - ok
22:51:56.0818 2816 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
22:51:56.0834 2816 napagent - ok
22:51:56.0880 2816 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:56.0880 2816 NativeWifiP - ok
22:51:56.0943 2816 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
22:51:56.0943 2816 NDIS - ok
22:51:56.0990 2816 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:51:56.0990 2816 NdisCap - ok
22:51:57.0005 2816 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:57.0005 2816 NdisTapi - ok
22:51:57.0021 2816 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:57.0021 2816 Ndisuio - ok
22:51:57.0036 2816 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:57.0036 2816 NdisWan - ok
22:51:57.0052 2816 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:51:57.0052 2816 NDProxy - ok
22:51:57.0068 2816 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:51:57.0068 2816 NetBIOS - ok
22:51:57.0083 2816 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:51:57.0083 2816 NetBT - ok
22:51:57.0114 2816 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:51:57.0114 2816 Netlogon - ok
22:51:57.0177 2816 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:51:57.0177 2816 Netman - ok
22:51:57.0208 2816 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:51:57.0224 2816 netprofm - ok
22:51:57.0302 2816 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:51:57.0302 2816 NetTcpPortSharing - ok
22:51:57.0348 2816 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:51:57.0348 2816 nfrd960 - ok
22:51:57.0364 2816 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
22:51:57.0380 2816 NlaSvc - ok
22:51:57.0395 2816 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:51:57.0411 2816 Npfs - ok
22:51:57.0426 2816 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:51:57.0426 2816 nsi - ok
22:51:57.0442 2816 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:51:57.0442 2816 nsiproxy - ok
22:51:57.0551 2816 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
22:51:57.0551 2816 Ntfs - ok
22:51:57.0723 2816 ntrtscan (afefa4a7dab65da3fbeb6ec7b01e7d42) c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
22:51:57.0754 2816 ntrtscan - ok
22:51:57.0894 2816 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:51:57.0894 2816 Null - ok
22:51:57.0926 2816 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
22:51:57.0926 2816 nvraid - ok
22:51:57.0957 2816 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
22:51:57.0957 2816 nvstor - ok
22:51:57.0972 2816 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:51:57.0972 2816 nv_agp - ok
22:51:58.0004 2816 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:51:58.0004 2816 ohci1394 - ok
22:51:58.0082 2816 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:51:58.0082 2816 ose - ok
22:51:58.0331 2816 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:51:58.0440 2816 osppsvc - ok
22:51:58.0565 2816 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:51:58.0581 2816 p2pimsvc - ok
22:51:58.0643 2816 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:51:58.0659 2816 p2psvc - ok
22:51:58.0690 2816 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:51:58.0690 2816 Parport - ok
22:51:58.0706 2816 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:51:58.0706 2816 partmgr - ok
22:51:58.0721 2816 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:51:58.0737 2816 Parvdm - ok
22:51:58.0752 2816 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:51:58.0752 2816 PcaSvc - ok
22:51:58.0784 2816 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:51:58.0784 2816 pci - ok
22:51:58.0815 2816 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:51:58.0815 2816 pciide - ok
22:51:58.0830 2816 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:51:58.0846 2816 pcmcia - ok
22:51:58.0862 2816 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:51:58.0862 2816 pcw - ok
22:51:58.0893 2816 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:51:58.0893 2816 PEAUTH - ok
22:51:58.0986 2816 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
22:51:59.0002 2816 pla - ok
22:51:59.0142 2816 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
22:51:59.0174 2816 PlugPlay - ok
22:51:59.0189 2816 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:51:59.0189 2816 PNRPAutoReg - ok
22:51:59.0205 2816 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:51:59.0205 2816 PNRPsvc - ok
22:51:59.0252 2816 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
22:51:59.0267 2816 PolicyAgent - ok
22:51:59.0298 2816 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
22:51:59.0298 2816 Power - ok
22:51:59.0361 2816 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:51:59.0361 2816 PptpMiniport - ok
22:51:59.0376 2816 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:51:59.0376 2816 Processor - ok
22:51:59.0423 2816 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
22:51:59.0423 2816 ProfSvc - ok
22:51:59.0454 2816 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:51:59.0454 2816 ProtectedStorage - ok
22:51:59.0501 2816 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:51:59.0501 2816 Psched - ok
22:51:59.0532 2816 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
22:51:59.0532 2816 PxHelp20 - ok
22:51:59.0610 2816 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:51:59.0610 2816 ql2300 - ok
22:51:59.0766 2816 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:51:59.0766 2816 ql40xx - ok
22:51:59.0798 2816 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:51:59.0798 2816 QWAVE - ok
22:51:59.0813 2816 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:51:59.0813 2816 QWAVEdrv - ok
22:51:59.0844 2816 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:51:59.0844 2816 RasAcd - ok
22:51:59.0860 2816 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:51:59.0876 2816 RasAgileVpn - ok
22:51:59.0891 2816 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:51:59.0891 2816 RasAuto - ok
22:51:59.0891 2816 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:59.0907 2816 Rasl2tp - ok
22:51:59.0954 2816 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
22:51:59.0969 2816 RasMan - ok
22:52:00.0000 2816 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:00.0016 2816 RasPppoe - ok
22:52:00.0032 2816 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:52:00.0032 2816 RasSstp - ok
22:52:00.0047 2816 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:52:00.0047 2816 rdbss - ok
22:52:00.0063 2816 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:52:00.0063 2816 rdpbus - ok
22:52:00.0094 2816 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:00.0094 2816 RDPCDD - ok
22:52:00.0125 2816 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:52:00.0125 2816 RDPENCDD - ok
22:52:00.0141 2816 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:52:00.0141 2816 RDPREFMP - ok
22:52:00.0172 2816 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
22:52:00.0188 2816 RDPWD - ok
22:52:00.0203 2816 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:52:00.0203 2816 rdyboost - ok
22:52:00.0234 2816 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:52:00.0234 2816 RemoteAccess - ok
22:52:00.0266 2816 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:52:00.0266 2816 RemoteRegistry - ok
22:52:00.0297 2816 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:52:00.0312 2816 RFCOMM - ok
22:52:00.0344 2816 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:52:00.0344 2816 RpcEptMapper - ok
22:52:00.0359 2816 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:52:00.0359 2816 RpcLocator - ok
22:52:00.0390 2816 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
22:52:00.0390 2816 RpcSs - ok
22:52:00.0437 2816 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:52:00.0437 2816 rspndr - ok
22:52:00.0484 2816 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\Windows\system32\Drivers\RtsUStor.sys
22:52:00.0484 2816 RSUSBSTOR - ok
22:52:00.0531 2816 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:52:00.0531 2816 RTL8167 - ok
22:52:00.0562 2816 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:52:00.0562 2816 SamSs - ok
22:52:00.0593 2816 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:52:00.0593 2816 sbp2port - ok
22:52:00.0624 2816 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:52:00.0624 2816 SCardSvr - ok
22:52:00.0640 2816 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:52:00.0640 2816 scfilter - ok
22:52:00.0687 2816 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
22:52:00.0702 2816 Schedule - ok
22:52:00.0718 2816 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
22:52:00.0718 2816 SCPolicySvc - ok
22:52:00.0749 2816 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
22:52:00.0749 2816 SDRSVC - ok
22:52:00.0796 2816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:52:00.0796 2816 secdrv - ok
22:52:00.0812 2816 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:52:00.0812 2816 seclogon - ok
22:52:00.0843 2816 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:52:00.0843 2816 SENS - ok
22:52:00.0874 2816 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:52:00.0890 2816 SensrSvc - ok
22:52:00.0905 2816 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:52:00.0905 2816 Serenum - ok
22:52:00.0936 2816 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:52:00.0936 2816 Serial - ok
22:52:00.0936 2816 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:52:00.0952 2816 sermouse - ok
22:52:00.0968 2816 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
22:52:00.0968 2816 SessionEnv - ok
22:52:00.0999 2816 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:52:00.0999 2816 sffdisk - ok
22:52:01.0014 2816 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:52:01.0014 2816 sffp_mmc - ok
22:52:01.0014 2816 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:52:01.0030 2816 sffp_sd - ok
22:52:01.0030 2816 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:52:01.0030 2816 sfloppy - ok
22:52:01.0092 2816 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:52:01.0108 2816 SharedAccess - ok
22:52:01.0124 2816 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
22:52:01.0139 2816 ShellHWDetection - ok
22:52:01.0155 2816 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:52:01.0155 2816 sisagp - ok
22:52:01.0186 2816 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:52:01.0186 2816 SiSRaid2 - ok
22:52:01.0217 2816 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:52:01.0217 2816 SiSRaid4 - ok
22:52:01.0248 2816 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:52:01.0248 2816 Smb - ok
22:52:01.0280 2816 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:52:01.0295 2816 SNMPTRAP - ok
22:52:01.0295 2816 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:52:01.0295 2816 spldr - ok
22:52:01.0326 2816 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
22:52:01.0358 2816 Spooler - ok
22:52:01.0482 2816 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
22:52:01.0498 2816 sppsvc - ok
22:52:01.0701 2816 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
22:52:01.0701 2816 sppuinotify - ok
22:52:01.0763 2816 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
22:52:01.0763 2816 srv - ok
22:52:01.0794 2816 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
22:52:01.0794 2816 srv2 - ok
22:52:01.0826 2816 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
22:52:01.0826 2816 srvnet - ok
22:52:01.0841 2816 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:52:01.0857 2816 SSDPSRV - ok
22:52:01.0857 2816 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:52:01.0872 2816 SstpSvc - ok
22:52:01.0966 2816 STacSV (fbaa145c28074c853529050914d405c6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
22:52:01.0982 2816 STacSV - ok
22:52:02.0013 2816 stdcfltn (73d7a81e3af7763aa627d99f50bd3f49) C:\Windows\system32\DRIVERS\stdcfltn.sys
22:52:02.0028 2816 stdcfltn - ok
22:52:02.0044 2816 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:52:02.0044 2816 stexstor - ok
22:52:02.0106 2816 STHDA (06cbb271f42ef70fb6ef372c491ba9aa) C:\Windows\system32\DRIVERS\stwrt.sys
22:52:02.0106 2816 STHDA - ok
22:52:02.0138 2816 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
22:52:02.0153 2816 StiSvc - ok
22:52:02.0231 2816 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:52:02.0231 2816 stllssvr - ok
22:52:02.0294 2816 svcGenericHost (01fbcc8f2c30eb1faf9a477fa53c6655) c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
22:52:02.0294 2816 svcGenericHost - ok
22:52:02.0309 2816 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:52:02.0309 2816 swenum - ok
22:52:02.0340 2816 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:52:02.0356 2816 swprv - ok
22:52:02.0403 2816 SynTP (cf196a45fd61118c95585489fad5b2aa) C:\Windows\system32\DRIVERS\SynTP.sys
22:52:02.0403 2816 SynTP - ok
22:52:02.0465 2816 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
22:52:02.0496 2816 SysMain - ok
22:52:02.0512 2816 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
22:52:02.0512 2816 TabletInputService - ok
22:52:02.0543 2816 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
22:52:02.0543 2816 TapiSrv - ok
22:52:02.0559 2816 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:52:02.0559 2816 TBS - ok
22:52:02.0668 2816 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
22:52:02.0668 2816 Tcpip - ok
22:52:02.0684 2816 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
22:52:02.0699 2816 TCPIP6 - ok
22:52:02.0730 2816 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:52:02.0730 2816 tcpipreg - ok
22:52:02.0746 2816 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:52:02.0746 2816 TDPIPE - ok
22:52:02.0793 2816 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
22:52:02.0793 2816 TDTCP - ok
22:52:02.0824 2816 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:52:02.0824 2816 tdx - ok
22:52:02.0840 2816 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:52:02.0840 2816 TermDD - ok
22:52:02.0886 2816 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
22:52:02.0902 2816 TermService - ok
22:52:02.0918 2816 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:52:02.0918 2816 Themes - ok
22:52:02.0949 2816 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:52:02.0949 2816 THREADORDER - ok
22:52:02.0980 2816 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\Windows\system32\DRIVERS\tmactmon.sys
22:52:02.0980 2816 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tmactmon.sys. md5: ca9e9c2c04a198ed345c1752222a5f3e
22:52:02.0980 2816 tmactmon ( LockedFile.Multi.Generic ) - warning
22:52:02.0980 2816 tmactmon - detected LockedFile.Multi.Generic (1)
22:52:03.0120 2816 TMBMServer (4d69206e3a3e665221fdd7e397106405) c:\Program Files\Trend Micro\BM\TMBMSRV.exe
22:52:03.0120 2816 Suspicious file (NoAccess): c:\Program Files\Trend Micro\BM\TMBMSRV.exe. md5: 4d69206e3a3e665221fdd7e397106405
22:52:03.0120 2816 TMBMServer ( LockedFile.Multi.Generic ) - warning
22:52:03.0120 2816 TMBMServer - detected LockedFile.Multi.Generic (1)
22:52:03.0183 2816 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\Windows\system32\DRIVERS\tmcomm.sys
22:52:03.0183 2816 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tmcomm.sys. md5: a3d20789b3ff0576a29462bef25bcfcc
22:52:03.0183 2816 tmcomm ( LockedFile.Multi.Generic ) - warning
22:52:03.0183 2816 tmcomm - detected LockedFile.Multi.Generic (1)
22:52:03.0198 2816 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
22:52:03.0198 2816 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tmevtmgr.sys. md5: 21f215e54770c4bf93efaf63f58fe57e
22:52:03.0198 2816 tmevtmgr ( LockedFile.Multi.Generic ) - warning
22:52:03.0198 2816 tmevtmgr - detected LockedFile.Multi.Generic (1)
22:52:03.0245 2816 TmFilter (1d84c335eb869bbe64543c6945a1f3c9) c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
22:52:03.0245 2816 TmFilter - ok
22:52:03.0308 2816 tmlisten (3062bab9c0f90577674bc2d006eb9efa) c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
22:52:03.0339 2816 tmlisten - ok
22:52:03.0370 2816 TmPfw (255328cf08d602368b69ff1f55ebd93e) c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
22:52:03.0386 2816 TmPfw - ok
22:52:03.0401 2816 TmPreFilter (7aab3fef8b19ae023ee05386f1b0a5dd) c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
22:52:03.0401 2816 TmPreFilter - ok
22:52:03.0448 2816 TmProxy (0fec6c50b2be07c57651573cdd1c721f) c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
22:52:03.0479 2816 TmProxy - ok
22:52:03.0620 2816 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
22:52:03.0620 2816 tmtdi - ok
22:52:03.0666 2816 tosrfsnd - ok
22:52:03.0698 2816 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:52:03.0713 2816 TrkWks - ok
22:52:03.0744 2816 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
22:52:03.0744 2816 TrustedInstaller - ok
22:52:03.0791 2816 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:03.0791 2816 tssecsrv - ok
22:52:03.0838 2816 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:52:03.0838 2816 tunnel - ok
22:52:03.0854 2816 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:52:03.0869 2816 uagp35 - ok
22:52:03.0900 2816 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
22:52:03.0900 2816 udfs - ok
22:52:03.0932 2816 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:52:03.0932 2816 UI0Detect - ok
22:52:03.0963 2816 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:52:03.0963 2816 uliagpkx - ok
22:52:03.0994 2816 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:52:04.0010 2816 umbus - ok
22:52:04.0041 2816 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:52:04.0041 2816 UmPass - ok
22:52:04.0275 2816 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:52:04.0290 2816 UNS - ok
22:52:04.0446 2816 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:52:04.0462 2816 upnphost - ok
22:52:04.0493 2816 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:52:04.0493 2816 USBAAPL - ok
22:52:04.0524 2816 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:04.0524 2816 usbccgp - ok
22:52:04.0587 2816 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:52:04.0587 2816 usbcir - ok
22:52:04.0602 2816 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
22:52:04.0618 2816 usbehci - ok
22:52:04.0665 2816 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
22:52:04.0665 2816 usbhub - ok
22:52:04.0696 2816 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
22:52:04.0696 2816 usbohci - ok
22:52:04.0696 2816 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:52:04.0712 2816 usbprint - ok
22:52:04.0727 2816 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:04.0727 2816 USBSTOR - ok
22:52:04.0743 2816 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
22:52:04.0758 2816 usbuhci - ok
22:52:04.0805 2816 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
22:52:04.0805 2816 usbvideo - ok
22:52:04.0836 2816 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:52:04.0836 2816 UxSms - ok
22:52:04.0852 2816 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:52:04.0868 2816 VaultSvc - ok
22:52:04.0883 2816 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:52:04.0883 2816 vdrvroot - ok
22:52:04.0914 2816 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
22:52:04.0914 2816 vds - ok
22:52:04.0930 2816 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:04.0930 2816 vga - ok
22:52:04.0946 2816 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:52:04.0946 2816 VgaSave - ok
22:52:04.0961 2816 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:52:04.0977 2816 vhdmp - ok
22:52:05.0008 2816 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:52:05.0008 2816 viaagp - ok
22:52:05.0024 2816 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:52:05.0024 2816 ViaC7 - ok
22:52:05.0039 2816 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:52:05.0039 2816 viaide - ok
22:52:05.0070 2816 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:52:05.0070 2816 volmgr - ok
22:52:05.0086 2816 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:52:05.0086 2816 volmgrx - ok
22:52:05.0117 2816 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:52:05.0117 2816 volsnap - ok
22:52:05.0258 2816 VSApiNt (8b9325c1d1167a703042986df758d799) c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
22:52:05.0304 2816 VSApiNt - ok
22:52:05.0445 2816 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:52:05.0445 2816 vsmraid - ok
22:52:05.0523 2816 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
22:52:05.0523 2816 VSS - ok
22:52:05.0554 2816 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:05.0554 2816 vwifibus - ok
22:52:05.0585 2816 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:05.0585 2816 vwififlt - ok
22:52:05.0601 2816 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:52:05.0632 2816 W32Time - ok
22:52:05.0648 2816 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:52:05.0648 2816 WacomPen - ok
22:52:05.0679 2816 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:05.0679 2816 WANARP - ok
22:52:05.0679 2816 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:05.0694 2816 Wanarpv6 - ok
22:52:05.0772 2816 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:52:05.0819 2816 WatAdminSvc - ok
22:52:05.0991 2816 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
22:52:05.0991 2816 wbengine - ok
22:52:06.0022 2816 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:52:06.0022 2816 WbioSrvc - ok
22:52:06.0069 2816 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
22:52:06.0084 2816 wcncsvc - ok
22:52:06.0100 2816 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:52:06.0100 2816 WcsPlugInService - ok
22:52:06.0147 2816 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:52:06.0147 2816 Wd - ok
22:52:06.0178 2816 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:52:06.0178 2816 Wdf01000 - ok
22:52:06.0194 2816 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:52:06.0209 2816 WdiServiceHost - ok
22:52:06.0209 2816 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:52:06.0209 2816 WdiSystemHost - ok
22:52:06.0240 2816 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
22:52:06.0256 2816 WebClient - ok
22:52:06.0272 2816 websensewfreportserver - ok
22:52:06.0287 2816 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:52:06.0303 2816 Wecsvc - ok
22:52:06.0318 2816 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:52:06.0318 2816 wercplsupport - ok
22:52:06.0350 2816 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:52:06.0350 2816 WerSvc - ok
22:52:06.0381 2816 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:06.0381 2816 WfpLwf - ok
22:52:06.0396 2816 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:52:06.0396 2816 WIMMount - ok
22:52:06.0537 2816 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:52:06.0552 2816 WinDefend - ok
22:52:06.0552 2816 WinHttpAutoProxySvc - ok
22:52:06.0615 2816 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:52:06.0615 2816 Winmgmt - ok
22:52:06.0677 2816 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
22:52:06.0724 2816 WinRM - ok
22:52:06.0786 2816 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
22:52:06.0786 2816 WinUsb - ok
22:52:06.0833 2816 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:52:06.0864 2816 Wlansvc - ok
22:52:06.0942 2816 wltrysvc (7fff34ae69dfb80f7b190aba31e00610) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
22:52:06.0958 2816 wltrysvc - ok
22:52:06.0974 2816 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:52:06.0974 2816 WmiAcpi - ok
22:52:07.0020 2816 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:52:07.0020 2816 wmiApSrv - ok
22:52:07.0130 2816 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:52:07.0161 2816 WMPNetworkSvc - ok
22:52:07.0192 2816 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:52:07.0192 2816 WPCSvc - ok
22:52:07.0223 2816 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
22:52:07.0223 2816 WPDBusEnum - ok
22:52:07.0270 2816 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:52:07.0270 2816 ws2ifsl - ok
22:52:07.0317 2816 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
22:52:07.0332 2816 wscsvc - ok
22:52:07.0332 2816 WSearch - ok
22:52:07.0410 2816 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
22:52:07.0457 2816 wuauserv - ok
22:52:07.0582 2816 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
22:52:07.0582 2816 WudfPf - ok
22:52:07.0613 2816 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:52:07.0613 2816 WUDFRd - ok
22:52:07.0629 2816 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
22:52:07.0644 2816 wudfsvc - ok
22:52:07.0660 2816 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:52:07.0660 2816 WwanSvc - ok
22:52:07.0691 2816 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
22:52:07.0769 2816 \Device\Harddisk0\DR0 - ok
22:52:07.0785 2816 MBR (0x1B8) (9ccc54e6a70d14b4ce5d0f583eeae541) \Device\Harddisk1\DR5
22:52:08.0674 2816 \Device\Harddisk1\DR5 - ok
22:52:08.0690 2816 Boot (0x1200) (9ef84b19dbc8bb52e5eebad4d47fc152) \Device\Harddisk0\DR0\Partition0
22:52:08.0690 2816 \Device\Harddisk0\DR0\Partition0 - ok
22:52:08.0705 2816 Boot (0x1200) (1b2b6cfde8931c4391ba2197c5e22a91) \Device\Harddisk0\DR0\Partition1
22:52:08.0705 2816 \Device\Harddisk0\DR0\Partition1 - ok
22:52:08.0705 2816 ============================================================
22:52:08.0705 2816 Scan finished
22:52:08.0705 2816 ============================================================
22:52:08.0721 2568 Detected object count: 5
22:52:08.0721 2568 Actual detected object count: 5
22:55:05.0483 2568 C:\Windows\system32\drivers\afd.sys - copied to quarantine
22:55:05.0499 2568 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
22:55:05.0686 2568 Backup copy not found, trying to cure infected file..
22:55:05.0686 2568 C:\Windows\system32\drivers\afd.sys - Cure failed (FFFFFFFF)
22:55:05.0686 2568 C:\Windows\system32\drivers\afd.sys - processing error
22:55:07.0371 2568 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:55:07.0371 2568 tmactmon ( LockedFile.Multi.Generic ) - skipped by user
22:55:07.0371 2568 tmactmon ( LockedFile.Multi.Generic ) - User select action: Skip
22:55:07.0386 2568 TMBMServer ( LockedFile.Multi.Generic ) - skipped by user
22:55:07.0386 2568 TMBMServer ( LockedFile.Multi.Generic ) - User select action: Skip
22:55:07.0386 2568 tmcomm ( LockedFile.Multi.Generic ) - skipped by user
22:55:07.0386 2568 tmcomm ( LockedFile.Multi.Generic ) - User select action: Skip
22:55:07.0386 2568 tmevtmgr ( LockedFile.Multi.Generic ) - skipped by user
22:55:07.0386 2568 tmevtmgr ( LockedFile.Multi.Generic ) - User select action: Skip
22:55:13.0330 5196 Deinitialize success


and the Combo Fix



ComboFix 12-04-26.01 - Amanda 04/26/2012 23:05:45.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2999.2078 [GMT -5:00]
Running from: c:\users\Amanda\Desktop\ComboFix.exe
Command switches used :: c:\users\Amanda\Desktop\CFScript.txt
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB18033$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ip6fw
-------\Service_tosrfsnd
-------\Service_websensewfreportserver
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 04:23 . 2012-04-27 04:25 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2012-04-27 04:23 . 2012-04-27 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 03:55 . 2012-04-27 03:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-25 14:20 . 2012-04-25 14:20 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-04-25 14:20 . 2012-04-25 14:20 -------- d-----w- c:\users\Amanda\AppData\Roaming\InstallShield
2012-04-25 00:13 . 2012-04-25 00:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-25 00:13 . 2012-04-25 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-25 00:01 . 2012-04-25 00:01 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 08:03 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-22 08:03 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 08:03 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 08:03 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 08:02 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-22 08:02 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 14:20 . 2010-11-16 11:30 52224 ----a-w- c:\windows\system32\wltrynt.dll
2012-04-25 14:20 . 2010-11-16 11:30 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-04-25 14:20 . 2010-11-16 11:30 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-04-25 14:20 . 2010-11-16 11:30 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2012-04-25 14:20 . 2010-11-16 11:30 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-04-25 14:20 . 2010-11-16 11:30 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-25 14:20 . 2010-11-16 11:30 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-04-25 14:20 . 2010-11-16 11:30 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2012-04-25 14:20 . 2010-11-16 11:30 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-04-25 00:01 . 2010-11-16 11:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-22 08:00 . 2012-03-28 01:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-22 08:00 . 2011-08-15 18:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-05-19 13:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 05:17 . 2010-12-30 21:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-17 05:17 . 2010-12-30 21:05 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-17 05:17 . 2010-12-30 21:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-17 05:17 . 2010-12-30 21:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01 . 2012-02-15 17:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44 . 2012-03-13 20:38 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 20:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 20:38 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-13 20:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 20:38 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 20:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 20:38 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 20:38 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-13 20:38 2341376 ----a-w- c:\windows\system32\win32k.sys
2011-05-12 04:31 232406 --sha-w- c:\windows\System32\sysprep\CRYPTBASE.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]
2012-02-02 15:46 88416 ----a-w- c:\users\Amanda\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"Smart PC Cleaner"="c:\program files\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
"GenieoUpdaterService"="c:\users\Amanda\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" [2012-02-02 280416]
"GenieoSystemTray"="c:\users\Amanda\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [2012-02-02 562016]
"Browser Infrastructure Helper"="c:\users\Amanda\AppData\Local\Smartbar\Application\Linkury.exe" [2012-02-12 13824]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2012-02-08 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-06 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-25 5249024]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-06 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-02 81920]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 08:00]
.
2012-04-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-21 20:24]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 05:25]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 05:25]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000Core.job
- c:\users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 19:48]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000UA.job
- c:\users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 19:48]
.
2012-04-10 c:\windows\Tasks\Norton Security Scan for Amanda.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-11-09 03:43]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&range=98&searchtype=ds&isid=9860&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5692)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-26 23:30:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 04:30
ComboFix2.txt 2012-04-25 05:05
.
Pre-Run: 224,176,529,408 bytes free
Post-Run: 223,907,917,824 bytes free
.
- - End Of File - - 0B0D7C30A9CB6669E769402BA9A218BB
jenningsfamily is offline  
Old 04-27-2012, 12:56 PM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Sorry for the delay. Went to bed before you posted these, then was at work all day. :)

This particular variant is posing trouble for the tools. Best way to handle this is via the Recovery Environment at this point.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Uncheck the Whitlelist boxes next to Services, Drivers, and Drivers MD5
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-27-2012, 01:19 PM   #11
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



here is the log

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-04-2012
Ran by SYSTEM at 27-04-2012 15:16:33
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-07-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-07-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170008 2010-07-07] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [726640 2010-08-02] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2012-04-25] (Dell Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [273528 2011-11-05] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Amanda\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [14944136 2010-12-03] (Skype Technologies S.A.)
HKU\Amanda\...\Run: [Smart PC Cleaner] C:\Program Files\Smart PC Cleaner\SPCLauncher.exe [80016 2012-01-28] (Avanquest Software)
HKU\Amanda\...\Run: [GenieoUpdaterService] "C:\Users\Amanda\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [280416 2012-02-02] ()
HKU\Amanda\...\Run: [GenieoSystemTray] "C:\Users\Amanda\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [562016 2012-02-02] ()
HKU\Amanda\...\Run: [Browser Infrastructure Helper] C:\Users\Amanda\AppData\Local\Smartbar\Application\Linkury.exe startup [13824 2012-02-12] (Smartbar)
HKU\Amanda\...\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized [22465104 2012-02-07] (ooVoo LLC)
HKU\Amanda\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [14944136 2010-12-03] (Skype Technologies S.A.)
HKU\Amanda\...\Run: [Smart PC Cleaner] C:\Program Files\Smart PC Cleaner\SPCLauncher.exe [80016 2012-01-28] (Avanquest Software)
HKU\Amanda\...\Run: [GenieoUpdaterService] "C:\Users\Amanda\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [280416 2012-02-02] ()
HKU\Amanda\...\Run: [GenieoSystemTray] "C:\Users\Amanda\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [562016 2012-02-02] ()
HKU\Amanda\...\Run: [Browser Infrastructure Helper] C:\Users\Amanda\AppData\Local\Smartbar\Application\Linkury.exe startup [13824 2012-02-12] (Smartbar)
HKU\Amanda\...\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized [22465104 2012-02-07] (ooVoo LLC)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
========================== Services ==========================
3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-22] (Adobe Systems Incorporated)
3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-13] (Microsoft Corporation)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-13] (Microsoft Corporation)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [46592 2009-07-13] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55144 2012-02-26] (Apple Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2009-07-13] (Microsoft Corporation)
2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2009-07-13] (Microsoft Corporation)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2009-07-13] (Microsoft Corporation)
2 BBSvc; "C:\Program Files\Microsoft\BingBar\BBSvc.EXE" [196176 2011-10-21] (Microsoft Corporation.)
2 BBUpdate; "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [493568 2009-07-13] (Microsoft Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [589312 2009-07-13] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [390504 2011-08-30] (Apple Inc.)
2 Browser; C:\Windows\System32\browser.dll [102400 2009-07-13] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [64512 2009-07-13] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2009-07-13] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [135680 2009-07-13] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [376320 2009-07-13] (Microsoft Corporation)
3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [253440 2009-07-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2009-07-13] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [143360 2009-07-13] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-13] (Microsoft Corporation)
3 EFS; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556032 2010-08-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [271360 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [522752 2009-07-13] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [12800 2009-07-13] (Microsoft Corporation)
3 FDResPub; C:\Windows\System32\fdrespub.dll [28160 2009-07-13] (Microsoft Corporation)
2 FontCache; C:\Windows\System32\FntCache.dll [802304 2011-02-18] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [591360 2009-07-13] (Microsoft Corporation)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [136176 2010-12-28] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [136176 2010-12-28] (Google Inc.)
3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [182768 2010-12-28] (Google)
3 hidserv; C:\Windows\System32\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [71168 2009-07-13] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [194560 2009-07-13] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [165376 2009-07-13] (Microsoft Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [878416 2009-06-10] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [667136 2009-07-13] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [78848 2009-07-13] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [497152 2009-07-13] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [821608 2012-03-06] (Apple Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [308736 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [168448 2010-08-26] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2009-07-13] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-13] (Microsoft Corporation)
2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824 2009-11-03] (Intel Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [67584 2009-07-13] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation)
2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
2 MpsSvc; C:\Windows\System32\mpssvc.dll [565760 2009-07-13] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [114688 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [73216 2009-07-13] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [330240 2009-07-13] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-13] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [128848 2009-06-10] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2009-07-13] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [19456 2009-07-13] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [327680 2009-07-13] (Microsoft Corporation)
3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1508864 2009-07-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [294912 2011-05-24] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [20480 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350720 2009-07-13] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [119808 2009-07-13] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [162816 2009-07-13] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [285184 2009-07-13] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [112640 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [9216 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [376320 2009-07-13] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [749056 2010-11-01] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2009-07-13] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2009-07-13] (Microsoft Corporation)
2 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-13] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\sensrsvc.dll [25088 2009-07-13] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [99328 2009-07-13] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2009-07-13] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [316928 2010-08-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3179520 2009-07-13] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [53760 2009-07-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [90112 2009-07-13] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe [229458 2010-04-06] (IDT, Inc.)
2 StiSvc; C:\Windows\System32\wiaservc.dll [462336 2009-07-13] (Microsoft Corporation)
3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-01-16] (MicroVision Development, Inc.)
3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-13] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1169408 2009-07-13] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [73728 2009-07-13] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [241664 2009-07-13] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-07-13] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-13] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2009-07-13] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation)
2 UNS; "C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-11-03] (Intel Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [452608 2009-07-13] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1025536 2009-07-13] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [288768 2009-07-13] (Microsoft Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1343400 2010-12-26] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1202688 2009-07-13] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-09-13] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [204800 2010-12-20] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [147968 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-13] (Microsoft Corporation)
3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [350720 2010-12-20] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [168960 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [1175040 2009-07-13] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-13] (Microsoft Corporation)
2 wltrysvc; "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe" [4539392 2012-04-25] (Dell Inc.)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [136192 2009-07-13] (Microsoft Corporation)
2 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1121280 2009-07-13] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [84480 2009-07-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2010-12-20] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [428032 2011-05-03] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [1912832 2009-07-13] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [67584 2010-11-16] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-13] (Microsoft Corporation)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [x]
2 ntrtscan; "c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe" [x]
2 svcGenericHost; "c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe" [x]
3 TMBMServer; "c:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [x]
2 tmlisten; "c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe" [x]
3 TmPfw; "c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe" [x]
3 TmProxy; "c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe" [x]
========================== Drivers ===========================
3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [163840 2010-11-16] (Microsoft Corporation)
3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-07-09] (ST Microelectronics)
0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [274496 2009-07-13] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\System32\DRIVERS\acpipmi.sys [9728 2009-07-13] (Microsoft Corporation)
3 adp94xx; C:\Windows\System32\DRIVERS\adp94xx.sys [422976 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\System32\DRIVERS\adpahci.sys [297552 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\System32\DRIVERS\adpu320.sys [146512 2009-07-13] (Adaptec, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [338944 2011-04-24] ()
3 agp440; C:\Windows\System32\DRIVERS\agp440.sys [53312 2009-07-13] (Microsoft Corporation)
3 aic78xx; C:\Windows\System32\DRIVERS\djsvs.sys [70720 2009-07-13] (Adaptec, Inc.)
3 aliide; C:\Windows\System32\DRIVERS\aliide.sys [14400 2009-07-13] (Acer Laboratories Inc.)
3 amdagp; C:\Windows\System32\DRIVERS\amdagp.sys [53312 2009-07-13] (Microsoft Corporation)
3 amdide; C:\Windows\System32\DRIVERS\amdide.sys [14912 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [55296 2009-07-13] (Microsoft Corporation)
3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [52736 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\System32\drivers\amdsata.sys [80256 2011-03-10] (Advanced Micro Devices)
3 amdsbs; C:\Windows\System32\DRIVERS\amdsbs.sys [159312 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-10] (Advanced Micro Devices)
3 AppID; C:\Windows\System32\drivers\appid.sys [50176 2009-07-13] (Microsoft Corporation)
3 arc; C:\Windows\System32\DRIVERS\arc.sys [76368 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\System32\DRIVERS\arcsas.sys [86608 2009-07-13] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-13] (Microsoft Corporation)
3 atapi; C:\Windows\System32\DRIVERS\atapi.sys [21584 2009-07-13] (Microsoft Corporation)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2012-04-25] (Broadcom Corporation)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [2707448 2010-05-04] (Broadcom Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-13] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.)
3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [34816 2009-07-13] (Microsoft Corporation)
3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [56320 2009-07-13] (Microsoft Corporation)
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-13] (Microsoft Corporation)
3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [393216 2011-04-27] (Microsoft Corporation)
3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [60416 2011-04-27] (Microsoft Corporation)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2009-10-02] (Broadcom Corporation.)
3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [108072 2009-08-28] (Broadcom Corporation.)
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-06] (Broadcom Corporation.)
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18472 2009-08-28] (Broadcom Corporation.)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2009-07-13] (Microsoft Corporation)
3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [37888 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\System32\DRIVERS\cmdide.sys [15952 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [369352 2011-11-16] (Microsoft Corporation)
0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-13] (Microsoft Corporation)
4 crcdisk; C:\Windows\System32\DRIVERS\crcdisk.sys [22096 2009-07-13] (Microsoft Corporation)
3 CtAudDrv; \??\C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.)
3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [146528 2010-08-12] (Creative Technology Ltd.)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2011-04-26] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-13] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [728448 2010-11-01] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
3 elxstor; C:\Windows\System32\DRIVERS\elxstor.sys [453712 2009-07-13] (Emulex)
3 ErrDev; C:\Windows\System32\DRIVERS\errdev.sys [7168 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [142336 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [148480 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-13] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [19968 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-13] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-13] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [19312 2012-02-29] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194488 2009-09-25] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\DRIVERS\gagp30kx.sys [57936 2009-07-13] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)
3 hcw85cir; C:\Windows\System32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-13] (Microsoft Corporation)
3 HECI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2009-09-16] (Intel Corporation)
3 HidBatt; C:\Windows\System32\DRIVERS\HidBatt.sys [21504 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [91136 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [37888 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2009-07-13] (Microsoft Corporation)
3 HpSAMD; C:\Windows\System32\DRIVERS\HpSAMD.sys [67152 2009-07-13] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513024 2009-07-13] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [13904 2009-07-13] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-13] (Microsoft Corporation)
0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [435736 2010-03-03] (Intel Corporation)
3 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [332160 2011-03-10] (Intel Corporation)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [8758272 2010-06-01] (Intel Corporation)
3 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [132480 2010-02-26] (Intel Corporation)
3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [232960 2010-02-02] (Intel(R) Corporation)
3 intelide; C:\Windows\System32\DRIVERS\intelide.sys [15424 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-13] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\System32\DRIVERS\IPMIDrv.sys [65536 2009-07-13] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [46656 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [186960 2009-07-13] (Microsoft Corporation)
3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2009-07-13] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67440 2011-11-16] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [134000 2011-11-16] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-13] (Microsoft Corporation)
3 LSI_FC; C:\Windows\System32\DRIVERS\lsi_fc.sys [95824 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\System32\DRIVERS\lsi_sas.sys [89168 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\System32\DRIVERS\lsi_sas2.sys [54864 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\System32\DRIVERS\lsi_scsi.sys [96848 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\System32\drivers\luafv.sys [86528 2009-07-13] (Microsoft Corporation)
3 megasas; C:\Windows\System32\DRIVERS\megasas.sys [30800 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\System32\DRIVERS\MegaSR.sys [235584 2009-07-13] (LSI Corporation, Inc.)
3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78416 2009-07-13] (Microsoft Corporation)
3 mpio; C:\Windows\System32\DRIVERS\mpio.sys [130624 2009-07-13] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [115712 2009-07-13] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123392 2011-05-03] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [222720 2011-07-08] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96256 2011-05-03] (Microsoft Corporation)
3 msahci; C:\Windows\System32\DRIVERS\msahci.sys [27736 2010-11-16] (Microsoft Corporation)
3 msdsm; C:\Windows\System32\DRIVERS\msdsm.sys [115792 2009-07-13] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [162896 2009-07-13] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-13] (Microsoft Corporation)
3 MTConfig; C:\Windows\System32\DRIVERS\MTConfig.sys [12288 2009-07-13] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [710720 2009-07-13] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-13] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-13] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48128 2009-07-13] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-13] (Microsoft Corporation)
3 nfrd960; C:\Windows\System32\DRIVERS\nfrd960.sys [44624 2009-07-13] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [35328 2009-07-13] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1210240 2011-03-10] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2009-07-13] (Microsoft Corporation)
3 nvraid; C:\Windows\System32\drivers\nvraid.sys [117120 2011-03-10] (NVIDIA Corporation)
3 nvstor; C:\Windows\System32\drivers\nvstor.sys [143744 2011-03-10] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [105024 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [62464 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56912 2009-07-13] (Microsoft Corporation)
2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2009-07-13] (Microsoft Corporation)
0 pci; C:\Windows\System32\DRIVERS\pci.sys [153680 2009-07-13] (Microsoft Corporation)
3 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12368 2009-07-13] (Microsoft Corporation)
3 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [180288 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-13] (Microsoft Corporation)
3 Processor; C:\Windows\System32\DRIVERS\processr.sys [52224 2009-07-13] (Microsoft Corporation)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-13] (Microsoft Corporation)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45200 2009-07-09] (Sonic Solutions)
3 ql2300; C:\Windows\System32\DRIVERS\ql2300.sys [1383488 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\System32\DRIVERS\ql40xx.sys [106064 2009-07-13] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [31744 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-13] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-13] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-13] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [177152 2012-02-14] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173648 2009-07-13] (Microsoft Corporation)
3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-13] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-13] (Microsoft Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [171520 2009-08-09] (Realtek Semiconductor Corp.)
3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [277536 2010-03-04] (Realtek )
3 sbp2port; C:\Windows\System32\DRIVERS\sbp2port.sys [85568 2009-07-13] (Microsoft Corporation)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-13] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [19968 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [11264 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\DRIVERS\sffp_mmc.sys [12288 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [12800 2010-11-16] (Microsoft Corporation)
3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [13824 2009-07-13] (Microsoft Corporation)
3 sisagp; C:\Windows\System32\DRIVERS\sisagp.sys [52304 2009-07-13] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\System32\DRIVERS\SiSRaid2.sys [40016 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\System32\DRIVERS\sisraid4.sys [77888 2009-07-13] (Silicon Integrated Systems)
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-13] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [17472 2009-07-13] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [311296 2011-04-28] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [309760 2011-04-28] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114176 2011-04-28] (Microsoft Corporation)
0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-07-09] (ST Microelectronics)
3 stexstor; C:\Windows\System32\DRIVERS\stexstor.sys [21072 2009-07-13] (Promise Technology)
3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [423936 2010-04-06] (IDT, Inc.)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-13] (Microsoft Corporation)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [232624 2010-01-07] (Synaptics Incorporated)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1285488 2011-09-29] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1285488 2011-09-29] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-13] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2012-02-14] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-13] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [51776 2009-07-13] (Microsoft Corporation)
3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
2 TmFilter; \??\c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-10] (Trend Micro Inc.)
2 TmPreFilter; \??\c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-10] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-13] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-13] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\DRIVERS\uagp35.sys [55888 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-16] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\DRIVERS\uliagpkx.sys [57424 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-13] (Microsoft Corporation)
3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [8192 2009-07-13] (Microsoft Corporation)
3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2011-03-28] (Microsoft Corporation)
3 usbcir; C:\Windows\System32\DRIVERS\usbcir.sys [86016 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\drivers\usbehci.sys [43008 2011-03-28] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2011-03-28] (Microsoft Corporation)
3 usbohci; C:\Windows\System32\drivers\usbohci.sys [20480 2011-03-28] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [75776 2011-03-10] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [24064 2011-03-28] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146304 2010-11-16] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\System32\DRIVERS\vhdmp.sys [159824 2009-07-13] (Microsoft Corporation)
3 viaagp; C:\Windows\System32\DRIVERS\viaagp.sys [53328 2009-07-13] (Microsoft Corporation)
3 ViaC7; C:\Windows\System32\DRIVERS\viac7.sys [52736 2009-07-13] (Microsoft Corporation)
3 viaide; C:\Windows\System32\DRIVERS\viaide.sys [16976 2009-07-13] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [53312 2009-07-13] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-13] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [245328 2009-07-13] (Microsoft Corporation)
2 VSApiNt; \??\c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)
3 vsmraid; C:\Windows\System32\DRIVERS\vsmraid.sys [141904 2009-07-13] (VIA Technologies Inc.,Ltd)
3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-13] (Microsoft Corporation)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\System32\DRIVERS\wacompen.sys [21632 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-13] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-13] (Microsoft Corporation)
3 Wd; C:\Windows\System32\DRIVERS\wd.sys [19024 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-13] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35840 2010-11-16] (Microsoft Corporation)
3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2009-07-13] (Microsoft Corporation)
1 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [16384 2009-07-13] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [93696 2010-11-16] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132352 2010-11-16] (Microsoft Corporation)
3 catchme; \??\C:\Users\Amanda\AppData\Local\Temp\catchme.sys [x]
========================== Drivers MD5 =======================
C:\Windows\System32\DRIVERS\1394ohci.sys D01E0B1CEF9EE82100C2BB07294880EF
C:\Windows\System32\DRIVERS\Accelern.sys EB008A36206BF9D0DE3C5F9DF67D20D8
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\drivers\afd.sys 8A2B241289DFF99B1D7FEC000A0BDB14
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\drivers\BCM42RLY.sys 94F2DC372163D520D7B1DAD78AE40B5E
C:\Windows\System32\DRIVERS\bcmwl6.sys F689C5965CEFAD780A2948546703BD5D
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHUSB.sys ==> MD5 is legit
C:\Windows\System32\drivers\btwaudio.sys 7E826BE3B3558208D5C9B00034E51BE5
C:\Windows\System32\DRIVERS\btwavdt.sys AF9148C3E844131AC954CB53FF43D971
C:\Windows\System32\DRIVERS\btwl2cap.sys AAFD7CB76BA61FBB08E302DA208C974A
C:\Windows\System32\DRIVERS\btwrchid.sys 480B3D195854B2E55299CDDDDC50BCF9
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 36C252E474B2FFA0F0FBBFF20D92A640
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\Drivers\CtAudDrv.sys 0F538DF1673E5216F3BAACB6911D9D0F
C:\Windows\System32\DRIVERS\CtClsFlt.sys CEBA8413F9B2C73A4E9E16DBD127DC25
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 26541A068572F650A2FA490726FE81BE
C:\Windows\System32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 8E9DA2E49347AF49901526DCD4D0F397
C:\Windows\System32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1
C:\Windows\System32\DRIVERS\IntcDAud.sys BF31740828A26AB451803E3B35432651
C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 0263364ACB9C834ACE52FB85C2C064EC
C:\Windows\System32\Drivers\ksecpkg.sys 27391DB553BE2A4E2B0ADEEA2873B2AF
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys CB5D37E91135B0F15CEE64D1F1BA5DE5
C:\Windows\System32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys 40FEDD328F98245AD201CF5F9F311724
C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 0399C725A9C95A6F1862B93F008DDF4A
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 31D45ECA63884FF5F7AECC50F7D1BAE0
C:\Windows\System32\DRIVERS\Rt86win7.sys 80B66A4181F782884A815E69D0AFA743
C:\Windows\System32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys A0708BBD07D245C06FF9DE549CA47185
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\System32\DRIVERS\stdcfltn.sys 73D7A81E3AF7763AA627D99F50BD3F49
C:\Windows\System32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt.sys 06CBB271F42EF70FB6EF372C491BA9AA
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys CF196A45FD61118C95585489FAD5B2AA
C:\Windows\System32\drivers\tcpip.sys 56C198AC82EFA622DD93E9E43575F79C
C:\Windows\System32\DRIVERS\tcpip.sys 56C198AC82EFA622DD93E9E43575F79C
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tmactmon.sys CA9E9C2C04A198ED345C1752222A5F3E
C:\Windows\System32\DRIVERS\tmcomm.sys A3D20789B3FF0576A29462BEF25BCFCC
C:\Windows\System32\DRIVERS\tmevtmgr.sys 21F215E54770C4BF93EFAF63F58FE57E
c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys 1D84C335EB869BBE64543C6945A1F3C9
c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys 7AAB3FEF8B19AE023EE05386F1B0A5DD
C:\Windows\System32\DRIVERS\tmtdi.sys 44C262C1B2412DED35078B6166D2ACC2
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys EB0A7BD4D471AC3CE55564A4C55B9D8E
C:\Windows\System32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys EAFE1E00739AFE6C51487A050E772E17
C:\Windows\System32\DRIVERS\usbccgp.sys 5C233AEFB566EE78C1EFBC0493FB066A
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbehci.sys 5B71019A6ACA0116FD21B368F19C0B91
C:\Windows\System32\DRIVERS\usbhub.sys 5823D3965C2A4F6F785ED1A3B403F3B8
C:\Windows\System32\drivers\usbohci.sys E753ED6C49DA13967EBABF9EA616454A
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\System32\drivers\usbuhci.sys 6A30928A469CE802600E1EA8C0F2F53F
C:\Windows\System32\Drivers\usbvideo.sys B5F6A992D996282B7FAE7048E50AF83A
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\System32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys 8B9325C1D1167A703042986DF758D799
C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys B5BA3CC19D00F2EBA92F1CFBEBB5D650
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys A52494B107AFC92DDCA21F0B64F83376
C:\Windows\System32\DRIVERS\WUDFRd.sys 90A541C607DA0025AE75F0F3673945FE
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-04-27 15:16 - 2010-11-16 03:28 - 0000000 ____D C:\FRST
2012-04-26 20:30 - 2012-04-26 20:30 - 0016360 ____A C:\ComboFix.txt
2012-04-26 20:25 - - 0000000 ____D C:\$RECYCLE.BIN
2012-04-26 19:58 - 2009-06-10 13:42 - 0000000 ____D C:\ComboFix
2012-04-26 19:55 - 2012-04-26 19:55 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-26 19:51 - 2012-04-26 19:25 - 0134820 ____A C:\TDSSKiller.2.7.33.0_26.04.2012_22.51.43_log.txt
2012-04-26 19:51 - 2012-04-03 08:11 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Amanda\Desktop\tdsskiller.exe
2012-04-26 19:51 - 2012-04-03 08:11 - 2074160 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Amanda\Desktop\tdsskiller.exe
2012-04-26 19:20 - 2012-04-26 19:19 - 0134100 ____A C:\TDSSKiller.2.7.33.0_26.04.2012_22.20.49_log.txt
2012-04-25 06:20 - 2010-12-09 09:16 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\InstallShield
2012-04-25 06:20 - 2010-12-09 09:16 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\InstallShield
2012-04-25 06:20 - 2009-07-13 17:20 - 0050704 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2012-04-24 21:01 - - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-24 21:00 - 2009-07-13 18:03 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-24 21:00 - 2009-07-13 18:03 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-24 21:00 - 2009-07-13 18:03 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-24 21:00 - 2009-07-13 18:03 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-24 21:00 - 2009-07-13 18:03 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-24 18:12 - - 4477246 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe
2012-04-24 18:12 - - 4477246 ____R (Swearware) C:\Documents and Settings\Amanda\Desktop\ComboFix.exe
2012-04-24 16:56 - 2012-04-24 16:13 - 0000000 ____D C:\Qoobox
2012-04-24 16:56 - 2010-12-27 10:29 - 0208896 ____A C:\Windows\MBR.exe
2012-04-24 16:56 - 2010-12-26 22:25 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-24 16:56 - 2010-11-16 03:32 - 0068096 ____A C:\Windows\zip.exe
2012-04-24 16:56 - 2009-07-13 23:54 - 0080412 ____A C:\Windows\grep.exe
2012-04-24 16:56 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\ERDNT
2012-04-24 16:56 - 2009-07-13 20:52 - 0256000 ____A C:\Windows\PEV.exe
2012-04-24 16:56 - 2009-07-13 18:37 - 0098816 ____A C:\Windows\sed.exe
2012-04-24 16:56 - 2009-06-10 13:14 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-24 16:56 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-24 16:51 - 2010-12-27 08:49 - 0001240 ____A C:\Users\Amanda\Desktop\Install Combofix.lnk
2012-04-24 16:51 - 2010-12-27 08:49 - 0001240 ____A C:\Documents and Settings\Amanda\Desktop\Install Combofix.lnk
2012-04-24 16:50 - 2012-04-24 16:50 - 0000000 _RASH C:\MSDOS.SYS
2012-04-24 16:50 - 2010-11-16 03:26 - 0000000 _RASH C:\IO.SYS
2012-04-24 16:38 - 2009-07-13 17:14 - 0000091 ____A C:\Windows\wininit.ini
2012-04-24 16:13 - 2012-02-20 18:58 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-04-24 16:13 - 2010-11-16 03:31 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-24 16:13 - 2010-11-16 03:31 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-04-24 16:13 - 2010-11-16 03:31 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-24 16:13 - 2010-11-16 03:31 - 0000000 ____D C:\Documents and Settings\All Users\Spybot - Search & Destroy
2012-04-24 16:13 - 2010-11-16 03:31 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-24 16:01 - 2012-04-25 06:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-24 16:01 - 2012-04-24 16:01 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-24 16:01 - 2012-04-24 16:01 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-24 16:01 - 2010-11-16 03:26 - 0000000 ____D C:\Program Files\Common Files\Java
2012-04-22 00:03 - 2009-07-13 17:20 - 0019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-22 00:03 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-22 00:03 - 2009-07-13 17:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-22 00:03 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-22 00:02 - 2009-07-13 17:16 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-22 00:02 - 2009-07-13 13:40 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-13 15:33 - 2012-04-25 06:20 - 0386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-13 15:33 - 2012-02-27 21:40 - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-13 15:33 - 2012-02-27 21:38 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-13 15:33 - 2012-02-27 21:38 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-13 15:33 - 2012-02-27 21:38 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-13 15:33 - 2012-02-27 21:37 - 10991104 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-13 15:33 - 2012-02-27 21:37 - 0185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-13 15:33 - 2012-02-27 19:57 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-13 15:33 - 2011-10-13 20:42 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-13 15:33 - 2010-12-20 21:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-13 15:33 - 2010-12-09 09:15 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-13 15:33 - 2009-07-13 17:16 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-13 15:33 - 2009-07-13 17:15 - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-13 15:33 - 2009-07-13 17:15 - 0606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-13 15:33 - 2009-07-13 17:15 - 0599552 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-13 15:33 - 2009-07-13 17:15 - 0381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-13 15:33 - 2009-07-13 17:15 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-13 15:33 - 2009-07-13 17:14 - 5998592 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-13 15:30 - 2012-02-20 18:58 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla
2012-04-13 15:30 - 2012-02-20 18:58 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\Mozilla
2012-03-31 07:54 - 2011-09-15 18:53 - 0001359 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk
2012-03-31 07:54 - 2011-09-15 18:53 - 0001359 ____A C:\Documents and Settings\Amanda\Desktop\Norton Installation Files.lnk
2012-03-31 07:54 - 2009-07-13 20:41 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-03-31 07:54 - 2009-07-13 20:41 - 0000000 ____D C:\Documents and Settings\Public\Downloads\Norton
============ 3 Months Modified Files and Folders ===============
2012-04-27 15:16 - 2012-04-27 15:16 - 0000000 ____D C:\FRST
2012-04-27 12:10 - 2010-12-28 21:24 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\Skype
2012-04-27 12:10 - 2010-12-28 21:24 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\Skype
2012-04-27 12:10 - 2009-07-13 20:55 - 2028980 ____A C:\Windows\WindowsUpdate.log
2012-04-27 05:49 - 2009-07-13 20:34 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-27 05:49 - 2009-07-13 20:34 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-27 05:43 - 2010-12-28 21:26 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\skypePM
2012-04-27 05:43 - 2010-12-28 21:26 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\skypePM
2012-04-27 05:43 - 2010-11-16 03:40 - 1994122 ____A C:\Windows\System32\TmInstall.log
2012-04-27 05:43 - 2010-11-16 03:40 - 0000031 ____A C:\tmuninst.ini
2012-04-27 05:42 - 2010-11-16 05:18 - 2358255616 __ASH C:\hiberfil.sys
2012-04-27 05:42 - 2009-07-13 20:53 - 0032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-27 05:42 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-27 05:42 - 2009-07-13 20:39 - 0076778 ____A C:\Windows\setupact.log
2012-04-26 20:30 - 2012-04-26 20:30 - 0016360 ____A C:\ComboFix.txt
2012-04-26 20:30 - 2012-04-26 19:58 - 0000000 ____D C:\ComboFix
2012-04-26 20:30 - 2012-04-24 16:56 - 0000000 ____D C:\Qoobox
2012-04-26 20:25 - 2012-04-26 20:25 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-26 20:25 - 2012-04-24 21:01 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-26 20:25 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-04-26 20:24 - 2010-11-16 05:18 - 0027224 ____A C:\Windows\PFRO.log
2012-04-26 20:24 - 2009-07-13 18:03 - 46313472 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-26 20:24 - 2009-07-13 18:03 - 15990784 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-26 20:24 - 2009-07-13 18:03 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-26 20:24 - 2009-07-13 18:03 - 0057344 ____A C:\Windows\System32\config\SAM.bak
2012-04-26 20:24 - 2009-07-13 18:03 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-26 20:23 - 2012-04-24 16:56 - 0000000 ____D C:\Windows\ERDNT
2012-04-26 19:55 - 2012-04-26 19:55 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-26 19:55 - 2012-04-26 19:51 - 0134820 ____A C:\TDSSKiller.2.7.33.0_26.04.2012_22.51.43_log.txt
2012-04-26 19:55 - 2012-04-24 18:12 - 4477246 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe
2012-04-26 19:55 - 2012-04-24 18:12 - 4477246 ____R (Swearware) C:\Documents and Settings\Amanda\Desktop\ComboFix.exe
2012-04-26 19:25 - 2012-04-26 19:20 - 0134100 ____A C:\TDSSKiller.2.7.33.0_26.04.2012_22.20.49_log.txt
2012-04-26 19:19 - 2012-04-26 19:51 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Amanda\Desktop\tdsskiller.exe
2012-04-26 19:19 - 2012-04-26 19:51 - 2074160 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Amanda\Desktop\tdsskiller.exe
2012-04-25 06:21 - 2011-06-16 21:06 - 0000000 ____D C:\Config.Msi
2012-04-25 06:21 - 2010-11-16 03:30 - 0000000 ____D C:\Windows\System32\vs08
2012-04-25 06:21 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Help
2012-04-25 06:20 - 2012-04-25 06:20 - 0050704 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2012-04-25 06:20 - 2012-04-25 06:20 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\InstallShield
2012-04-25 06:20 - 2012-04-25 06:20 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\InstallShield
2012-04-25 06:20 - 2010-11-16 03:30 - 7489024 ____A (Dell Inc.) C:\Windows\System32\BCMWLCPL.CPL
2012-04-25 06:20 - 2010-11-16 03:30 - 4517888 ____A (Dell Inc.) C:\Windows\System32\bcmttls.dll
2012-04-25 06:20 - 2010-11-16 03:30 - 2682880 ____A (Microsoft Corporation) C:\Windows\System32\vcredist_x86.exe
2012-04-25 06:20 - 2010-11-16 03:30 - 1032192 ____A (Dell Inc.) C:\Windows\System32\BCMLogon.dll
2012-04-25 06:20 - 2010-11-16 03:30 - 0058368 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlrmt.dll
2012-04-25 06:20 - 2010-11-16 03:30 - 0052224 ____A (Broadcom Corporation) C:\Windows\System32\wltrynt.dll
2012-04-25 06:20 - 2010-11-16 03:30 - 0018424 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\bcm42rly.sys
2012-04-25 06:20 - 2010-11-16 03:30 - 0006656 ____A C:\Windows\System32\bcmwlrc.dll
2012-04-25 06:20 - 2010-11-16 03:30 - 0000457 ____A C:\Windows\System32\vcredist_x86.bat
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-HK
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sk-SK
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\lv-LV
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\hr-HR
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\et-EE
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\bg-BG
2012-04-25 06:20 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-25 05:55 - 2010-11-16 04:57 - 0000000 ____D C:\dell
2012-04-24 21:31 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-04-24 21:05 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-24 21:00 - 2012-04-24 21:00 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-24 20:43 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-24 20:38 - 2011-10-09 20:17 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000UA.job
2012-04-24 20:33 - 2009-07-13 18:37 - 0000000 ___DC C:\Windows\$NtUninstallKB18033$
2012-04-24 20:08 - 2010-12-28 21:25 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-24 20:07 - 2012-03-27 17:37 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-24 17:59 - 2012-02-20 18:59 - 0000380 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-04-24 16:51 - 2012-04-24 16:51 - 0001240 ____A C:\Users\Amanda\Desktop\Install Combofix.lnk
2012-04-24 16:51 - 2012-04-24 16:51 - 0001240 ____A C:\Documents and Settings\Amanda\Desktop\Install Combofix.lnk
2012-04-24 16:50 - 2012-04-24 16:50 - 0000000 _RASH C:\MSDOS.SYS
2012-04-24 16:50 - 2012-04-24 16:50 - 0000000 _RASH C:\IO.SYS
2012-04-24 16:50 - 2011-03-16 12:43 - 0000000 ____D C:\Users\Amanda\Tracing
2012-04-24 16:50 - 2011-03-16 12:43 - 0000000 ____D C:\Documents and Settings\Amanda\Tracing
2012-04-24 16:50 - 2010-12-28 21:25 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-24 16:38 - 2012-04-24 16:38 - 0000091 ____A C:\Windows\wininit.ini
2012-04-24 16:38 - 2012-04-24 16:13 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-24 16:38 - 2012-04-24 16:13 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-04-24 16:38 - 2012-04-24 16:13 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-24 16:38 - 2012-04-24 16:13 - 0000000 ____D C:\Documents and Settings\All Users\Spybot - Search & Destroy
2012-04-24 16:38 - 2012-04-24 16:13 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-24 16:20 - 2012-04-24 16:13 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-04-24 16:01 - 2012-04-24 16:01 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-24 16:01 - 2012-04-24 16:01 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-24 16:01 - 2012-04-24 16:01 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-24 16:01 - 2012-04-24 16:01 - 0000000 ____D C:\Program Files\Common Files\Java
2012-04-24 16:01 - 2010-11-16 03:26 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-24 15:59 - 2010-11-16 03:29 - 0755880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-24 15:48 - 2011-03-16 13:11 - 0000000 ____D C:\Users\All Users\Application Data\3daac0
2012-04-24 15:48 - 2011-03-16 13:11 - 0000000 ____D C:\Users\All Users\3daac0
2012-04-24 15:48 - 2011-03-16 13:11 - 0000000 ____D C:\ProgramData\3daac0
2012-04-24 15:48 - 2011-03-16 13:11 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\3daac0
2012-04-24 15:48 - 2011-03-16 13:11 - 0000000 ____D C:\Documents and Settings\All Users\3daac0
2012-04-24 15:25 - 2011-05-19 05:20 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-24 12:40 - 2011-03-28 07:30 - 0803328 __ASH C:\Users\Amanda\Documents\Thumbs.db
2012-04-24 12:40 - 2011-03-28 07:30 - 0803328 __ASH C:\Documents and Settings\Amanda\Documents\Thumbs.db
2012-04-22 13:59 - 2011-10-09 20:17 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000Core.job
2012-04-22 00:06 - 2010-12-09 09:36 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-22 00:06 - 2010-12-09 09:36 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-04-22 00:06 - 2010-12-09 09:36 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-22 00:06 - 2010-12-09 09:36 - 0000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2012-04-22 00:06 - 2010-12-09 09:36 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-04-22 00:03 - 2012-03-27 18:36 - 55154568 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-22 00:02 - 2011-03-14 17:25 - 0002288 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-22 00:02 - 2011-03-14 17:25 - 0002288 ____A C:\Documents and Settings\Public\Desktop\Google Chrome.lnk
2012-04-22 00:00 - 2012-03-27 17:37 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-04-22 00:00 - 2011-08-15 10:41 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-04-13 15:30 - 2012-04-13 15:30 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla
2012-04-13 15:30 - 2012-04-13 15:30 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\Mozilla
2012-04-09 21:43 - 2011-11-08 18:27 - 0000442 ___AH C:\Windows\Tasks\Norton Security Scan for Amanda.job
2012-04-07 23:09 - 2011-11-13 12:49 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-04-06 08:50 - 2010-12-27 08:49 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\FrostWire
2012-04-06 08:50 - 2010-12-27 08:49 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\FrostWire
2012-04-04 12:56 - 2011-05-19 05:20 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 12:38 - 2011-11-08 18:27 - 0000000 ____D C:\Users\All Users\Norton
2012-04-04 12:38 - 2011-11-08 18:27 - 0000000 ____D C:\Users\All Users\Application Data\Norton
2012-04-04 12:38 - 2011-11-08 18:27 - 0000000 ____D C:\ProgramData\Norton
2012-04-04 12:38 - 2011-11-08 18:27 - 0000000 ____D C:\Documents and Settings\All Users\Norton
2012-04-04 12:38 - 2011-11-08 18:27 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2012-04-03 08:11 - 2012-03-31 07:54 - 0001359 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk
2012-04-03 08:11 - 2012-03-31 07:54 - 0001359 ____A C:\Documents and Settings\Amanda\Desktop\Norton Installation Files.lnk
2012-03-31 07:54 - 2012-03-31 07:54 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-03-31 07:54 - 2012-03-31 07:54 - 0000000 ____D C:\Documents and Settings\Public\Downloads\Norton
2012-03-27 20:50 - 2012-03-27 19:52 - 1433241 ____A C:\Users\Amanda\Documents\Speech - How To Block A Volleyball.pptx
2012-03-27 20:50 - 2012-03-27 19:52 - 1433241 ____A C:\Documents and Settings\Amanda\Documents\Speech - How To Block A Volleyball.pptx
2012-03-27 17:51 - 2010-12-09 09:16 - 0000000 ____D C:\Users\Amanda\AppData\LocalLow
2012-03-27 17:51 - 2010-12-09 09:16 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\LocalLow
2012-03-27 17:37 - 2012-03-27 17:37 - 0164568 ____A C:\Users\Amanda\Documents\Speech - volleyball info.docx
2012-03-27 17:37 - 2012-03-27 17:37 - 0164568 ____A C:\Documents and Settings\Amanda\Documents\Speech - volleyball info.docx
2012-03-26 19:22 - 2012-02-12 20:49 - 0024064 ____A C:\Users\Amanda\Documents\Speech - Personal Statement.doc
2012-03-26 19:22 - 2012-02-12 20:49 - 0024064 ____A C:\Documents and Settings\Amanda\Documents\Speech - Personal Statement.doc
2012-03-18 15:23 - 2010-12-28 21:25 - 0000000 ____D C:\Users\Amanda\AppData\Local\Google
2012-03-18 15:23 - 2010-12-28 21:25 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Local\Google
2012-03-14 00:17 - 2009-07-13 20:33 - 0340536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 18:30 - 2012-02-22 20:29 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\FreeFileViewer
2012-03-13 18:30 - 2012-02-22 20:29 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\FreeFileViewer
2012-03-13 13:03 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-03-11 20:12 - 2012-03-11 20:13 - 0077751 ____A C:\Users\Amanda\Documents\Sarah.pptx
2012-03-11 20:12 - 2012-03-11 20:13 - 0077751 ____A C:\Documents and Settings\Amanda\Documents\Sarah.pptx
2012-03-11 09:20 - 2012-03-07 22:02 - 0001812 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-03-11 09:20 - 2012-03-07 22:02 - 0001812 ____A C:\Documents and Settings\Public\Desktop\McAfee Security Scan Plus.lnk
2012-03-11 09:20 - 2012-03-07 22:02 - 0001810 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-03-11 09:20 - 2012-03-07 22:02 - 0001810 ____A C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-03-11 09:20 - 2012-03-07 22:02 - 0000000 ____D C:\Program Files\McAfee Security Scan
2012-03-09 05:34 - 2012-03-09 05:34 - 0001755 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-09 05:34 - 2012-03-09 05:34 - 0001755 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk
2012-03-09 05:34 - 2012-03-09 05:34 - 0000000 ____D C:\Program Files\iTunes
2012-03-09 05:34 - 2012-03-09 05:34 - 0000000 ____D C:\Program Files\iPod
2012-03-09 05:34 - 2010-12-27 08:55 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Users\All Users\McAfee
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\ProgramData\McAfee
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Documents and Settings\All Users\McAfee Security Scan
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Documents and Settings\All Users\McAfee
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2012-03-07 22:02 - 2012-03-07 22:02 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2012-03-07 21:31 - 2012-03-07 21:30 - 0964635 ____A C:\Users\Amanda\Documents\Speech - Class Trip.pptx
2012-03-07 21:31 - 2012-03-07 21:30 - 0964635 ____A C:\Documents and Settings\Amanda\Documents\Speech - Class Trip.pptx
2012-03-05 21:59 - 2012-04-22 00:02 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-22 00:02 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-02 21:40 - 2012-03-02 21:39 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\ooVoo Details
2012-03-02 21:40 - 2012-03-02 21:39 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\ooVoo Details
2012-03-02 21:38 - 2012-03-02 21:38 - 0001817 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-03-02 21:38 - 2012-03-02 21:38 - 0001817 ____A C:\Documents and Settings\Public\Desktop\ooVoo.lnk
2012-03-02 21:38 - 2012-03-02 21:38 - 0000000 ____D C:\Program Files\ooVoo
2012-02-29 21:53 - 2012-04-22 00:03 - 0019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:49 - 2012-04-22 00:03 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:45 - 2012-04-22 00:03 - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:40 - 2012-04-22 00:03 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-27 21:40 - 2012-04-13 15:33 - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 21:40 - 2012-04-13 15:33 - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 21:40 - 2012-04-13 15:33 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 21:38 - 2012-04-13 15:33 - 5998592 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 21:38 - 2012-04-13 15:33 - 0606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-27 21:38 - 2012-04-13 15:33 - 0599552 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-27 21:38 - 2012-04-13 15:33 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 21:38 - 2012-04-13 15:33 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-27 21:38 - 2012-04-13 15:33 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 21:38 - 2012-04-13 15:33 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-27 21:37 - 2012-04-13 15:33 - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 21:37 - 2012-04-13 15:33 - 10991104 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 21:37 - 2012-04-13 15:33 - 0381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-27 21:37 - 2012-04-13 15:33 - 0185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-27 21:37 - 2012-04-13 15:33 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 21:35 - 2012-04-13 15:33 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-27 20:31 - 2012-04-13 15:33 - 0386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-27 19:57 - 2012-04-13 15:33 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-20 21:14 - 2012-02-20 21:02 - 0022640 ____A C:\Users\Amanda\Documents\Speech - Oral Interpretation.docx
2012-02-20 21:14 - 2012-02-20 21:02 - 0022640 ____A C:\Documents and Settings\Amanda\Documents\Speech - Oral Interpretation.docx
2012-02-20 19:14 - 2012-02-20 19:14 - 0000000 ____D C:\Users\Amanda\AppData\Local\Smartbar
2012-02-20 19:14 - 2012-02-20 19:14 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Local\Smartbar
2012-02-20 19:14 - 2012-02-20 18:58 - 0000000 ____D C:\Users\Amanda\AppData\Local\Linkury
2012-02-20 19:14 - 2012-02-20 18:58 - 0000000 ____D C:\Program Files\Linkury
2012-02-20 19:14 - 2012-02-20 18:58 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Local\Linkury
2012-02-20 19:09 - 2012-02-20 19:09 - 0000000 ____D C:\Users\Amanda\AppData\Local\FileTypeAssistant
2012-02-20 19:09 - 2012-02-20 19:09 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Local\FileTypeAssistant
2012-02-20 18:59 - 2012-02-20 18:59 - 0001167 ____A C:\Users\Amanda\Desktop\Driver Genius Professional Edition.lnk
2012-02-20 18:59 - 2012-02-20 18:59 - 0001167 ____A C:\Documents and Settings\Amanda\Desktop\Driver Genius Professional Edition.lnk
2012-02-20 18:59 - 2012-02-20 18:59 - 0000000 ____D C:\Program Files\FreeFileViewer
2012-02-20 18:59 - 2012-02-20 18:59 - 0000000 ____D C:\Program Files\File Type Assistant
2012-02-20 18:59 - 2012-02-20 18:59 - 0000000 ____D C:\Program Files\Driver-Soft
2012-02-20 18:58 - 2012-02-20 18:58 - 0000000 ____D C:\Users\Amanda\AppData\Roaming\Genieo
2012-02-20 18:58 - 2012-02-20 18:58 - 0000000 ____D C:\Program Files\Smart PC Cleaner
2012-02-20 18:58 - 2012-02-20 18:58 - 0000000 ____D C:\Documents and Settings\Amanda\AppData\Roaming\Genieo
2012-02-17 13:18 - 2010-12-09 09:16 - 0000174 ___SH C:\Users\Amanda\Start Menu\Programs\Startup\desktop.ini
2012-02-17 13:18 - 2010-12-09 09:16 - 0000174 ___SH C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 13:18 - 2010-12-09 09:16 - 0000174 ___SH C:\Documents and Settings\Amanda\Start Menu\Programs\Startup\desktop.ini
2012-02-17 13:18 - 2010-12-09 09:16 - 0000174 ___SH C:\Documents and Settings\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 01:20 - 2010-11-16 03:37 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-16 13:06 - 2012-02-16 13:06 - 0023552 ____A C:\Users\Amanda\Documents\Lit - Sports Paper.doc
2012-02-16 13:06 - 2012-02-16 13:06 - 0023552 ____A C:\Documents and Settings\Amanda\Documents\Lit - Sports Paper.doc
2012-02-15 09:01 - 2012-02-15 09:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 09:01 - 2012-02-15 09:01 - 0043520 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys
2012-02-14 21:44 - 2012-03-13 12:38 - 0826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 20:22 - 2012-03-13 12:38 - 0177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:22 - 2012-03-13 12:38 - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 09:09 - 2012-02-14 09:09 - 1070352 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-02-09 21:41 - 2012-03-13 12:38 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 12:38 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:41 - 2012-03-13 12:38 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 21:41 - 2012-03-13 12:38 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 12:38 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-07 21:44 - 2012-02-07 21:44 - 0015786 ____A C:\Users\Amanda\Documents\Speech - Who am I.docx
2012-02-07 21:44 - 2012-02-07 21:44 - 0015786 ____A C:\Documents and Settings\Amanda\Documents\Speech - Who am I.docx
2012-02-02 20:01 - 2012-03-13 12:38 - 2341376 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 3894.68 MB
Available physical RAM: 3390.44 MB
Total Pagefile: 3892.96 MB
Available Pagefile: 3388.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.31 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:208.56 GB) NTFS
3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1912 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1912 MB 0 B
======================================================================================================
Disk: 1
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
======================================================================================================
==========================================================
Last Boot: 2012-04-24 20:29
======================= End Of Log ==========================
jenningsfamily is offline  
Old 04-27-2012, 01:43 PM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Download the attached Fixlist.txt and save it to the same flash driver where FRST.exe is located.

If you're not still in the Recovery Environment, boot back into it using the same instructions as last time:

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

At the X:> prompt, type in the following and press Enter:

F:\frst.exe

Run FRST64.exe and press the Fix button just once, and wait.

When it has completed, exit the Command prompt and restart the computer.


===================================

When the reboot has completed, disable your onboard AV and run ComboFix.exe immediately by double clicking on it.

Post the C:\ComboFix.txt when it has complete. I'd also like to see the log created by FRST. You'll find it on the flash drive named FRST.txt

Do you have internet back?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-27-2012, 01:50 PM   #13
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



where do I get the Fixlist.txt?
jenningsfamily is offline  
Old 04-27-2012, 02:09 PM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Sorry, forgot to attach it in previous post.
Attached Files
File Type: txt Fixlist.txt (700 Bytes, 46 views)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-27-2012, 06:16 PM   #15
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



ok did that. but still no Internet.

want to make sure I did it correctly.

I went back to the recovery environment

F:\frst.exe, I typed that into the command prompt

Run FRST64.exe and press the Fix button just once, and wait. When the Farbar recovery tool opened. I unchecked the the three items from before Services, Drivers, and Drivers MD5 and then clicked Fix.

However I did not get a new FRST.txt document. it appears to be the same as before as the time is the same as my other log.

But I did get a Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 27-04-2012
Ran by SYSTEM at 2012-04-27 19:41:08 R:2
Running from F:\
==============================================
C:\Windows\$NtUninstallKB18033$ not found.
C:\Users\All Users\Application Data\3daac0 not found.
C:\Users\All Users\3daac0 not found.
C:\ProgramData\3daac0 not found.
C:\Documents and Settings\All Users\Application Data\3daac0 not found.
C:\Documents and Settings\All Users\3daac0 not found.
c:\windows\system32\afd.sys moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys copied successfully to c:\windows\system32\afd.sys
==== End of Fixlog ====


here is the combofix log also

ComboFix 12-04-26.01 - Amanda 04/27/2012 19:45:17.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2999.2041 [GMT -5:00]
Running from: c:\users\Amanda\Desktop\ComboFix.exe
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 03:13 . 2011-04-25 02:27 338944 ----a-w- c:\windows\system32\afd.sys
2012-04-28 01:02 . 2012-04-28 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 23:16 . 2012-04-27 23:17 -------- d-----w- C:\FRST
2012-04-27 04:23 . 2012-04-28 01:02 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2012-04-27 03:55 . 2012-04-27 03:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-25 14:20 . 2012-04-25 14:20 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-04-25 14:20 . 2012-04-25 14:20 -------- d-----w- c:\users\Amanda\AppData\Roaming\InstallShield
2012-04-25 00:13 . 2012-04-25 00:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-25 00:13 . 2012-04-25 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-25 00:01 . 2012-04-25 00:01 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 08:03 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-22 08:03 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 08:03 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 08:03 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 08:02 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-22 08:02 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 14:20 . 2010-11-16 11:30 52224 ----a-w- c:\windows\system32\wltrynt.dll
2012-04-25 14:20 . 2010-11-16 11:30 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-04-25 14:20 . 2010-11-16 11:30 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-04-25 14:20 . 2010-11-16 11:30 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2012-04-25 14:20 . 2010-11-16 11:30 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-04-25 14:20 . 2010-11-16 11:30 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-25 14:20 . 2010-11-16 11:30 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-04-25 14:20 . 2010-11-16 11:30 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2012-04-25 14:20 . 2010-11-16 11:30 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-04-25 00:01 . 2010-11-16 11:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-22 08:00 . 2012-03-28 01:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-22 08:00 . 2011-08-15 18:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-05-19 13:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 05:17 . 2010-12-30 21:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-17 05:17 . 2010-12-30 21:05 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-17 05:17 . 2010-12-30 21:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-17 05:17 . 2010-12-30 21:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01 . 2012-02-15 17:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44 . 2012-03-13 20:38 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 20:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 20:38 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-13 20:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 20:38 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 20:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 20:38 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 20:38 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-13 20:38 2341376 ----a-w- c:\windows\system32\win32k.sys
2011-05-12 04:31 232406 --sha-w- c:\windows\System32\sysprep\CRYPTBASE.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]
2012-02-02 15:46 88416 ----a-w- c:\users\Amanda\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"Smart PC Cleaner"="c:\program files\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
"GenieoUpdaterService"="c:\users\Amanda\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" [2012-02-02 280416]
"GenieoSystemTray"="c:\users\Amanda\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [2012-02-02 562016]
"Browser Infrastructure Helper"="c:\users\Amanda\AppData\Local\Smartbar\Application\Linkury.exe" [2012-02-12 13824]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2012-02-08 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-06 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-25 5249024]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-06 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-02 81920]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 08:00]
.
2012-04-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-21 20:24]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 05:25]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 05:25]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000Core.job
- c:\users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 19:48]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852507743-1170092222-540797006-1000UA.job
- c:\users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 19:48]
.
2012-04-10 c:\windows\Tasks\Norton Security Scan for Amanda.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-11-09 03:43]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&range=98&searchtype=ds&isid=9860&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5448)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-04-27 2030
ComboFix-quarantined-files.txt 2012-04-28 01:06
ComboFix2.txt 2012-04-28 00:34
ComboFix3.txt 2012-04-27 04:30
ComboFix4.txt 2012-04-25 05:05
.
Pre-Run: 224,294,387,712 bytes free
Post-Run: 224,256,143,360 bytes free
.
- - End Of File - - AD9BCDC1985A07A8029BF81EC95245B0
jenningsfamily is offline  
Old 04-27-2012, 06:21 PM   #16
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. There was no need to uncheck anything in this round, but no harm done. :)

So now we need to track down which service is messed up. Double click SystemLook to open the tool. Copy/paste the following into the main textfield:

Code:
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-27-2012, 06:31 PM   #17
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



here is the log

SystemLook 30.07.11 by jpshortstuff
Log created at 20:29 on 27/04/2012 by Amanda
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"BootFlags"= 0x0000000001 (1)
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]

-= EOF =-
jenningsfamily is offline  
Old 04-27-2012, 06:35 PM   #18
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



That one is fine. Time to do more digging. Please download Farbar Service Scanner and run it on the computer with the issue
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-27-2012, 06:40 PM   #19
Registered Member
 
Join Date: Apr 2010
Posts: 79
OS: Windows 7



here is the log

also I thought I would mention in case it helps. but everytime I have a program open it flashes as does the mouse when nothing is open. they both flash about every second.

Farbar Service Scanner Version: 24-04-2012
Ran by Amanda (administrator) on 27-04-2012 at 20:37:38
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 13:58] - [2011-04-24 21:35] - 0338944 ____A () 8A2B241289DFF99B1D7FEC000A0BDB14
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-10 12:03] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C
C:\Windows\system32\dnsrslvr.dll
[2011-04-17 16:04] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9
C:\Windows\system32\mpssvc.dll
[2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E
C:\Windows\system32\bfe.dll
[2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446
C:\Windows\system32\vssvc.exe
[2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C
C:\Windows\system32\wscsvc.dll
[2011-02-08 18:41] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1
C:\Windows\system32\qmgr.dll
[2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
jenningsfamily is offline  
Old 04-27-2012, 06:51 PM   #20
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



afd.sys is patched again. Let's try it one more time, a different way this time. Once the malware is cleared, let me know if you still have the issues with flashing mouse cursor and programs.

Open notepad and copy/paste the text in the code box below into it:

Quote:
FCopy::
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys | c:\windows\system32\drivers\afd.sys
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, post the C:\ComboFix.txt

============================

Next, run TDSSKiller again.
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:17 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts