Resolved Infected with Trojan:Win32/Sirefef.AH and Win32/Sirefef.AC

Status
Not open for further replies.
O

Ookpic

Posts: 17   +0
Hello

I've been struggling with trying to clean this laptop and on the verge of formatting but I thought I would give it one last shot here if anyone can help. I've read through the instructions and hopefully I've done everything correctly. I did disable MSE before scanning with MalwareBytes but as soon as I was finished with scans, I re-enabled MSE and did a scan and it found and quarantined 2 Sirefef.AH trojans. Anyway, below is the list of the initial scans as per the 5-step preliminary removal.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Arlene :: LAPTOP [administrator]

Protection: Enabled

4/20/2012 11:26:35 AM
mbam-log-2012-04-20 (11-26-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297364
Time elapsed: 28 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 60
C:\Windows\System32\midisyn.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\StickyMesger.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ZTEusbser6k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\emproxy.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\eectrl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\epfw.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ESDCR.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lxbt_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lxcd_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AFGMp50.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AIRPLUS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\atapi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ATWPKT2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\btserial.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\CDRPDACC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\clcapsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\dmisrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\DniVad.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\elnkupdateservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\flutilssvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\FA312.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\FGDSCSI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\fsdfwd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ini910u.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\kbfiltr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mcvsrte.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mrxsmb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\MSSQL$AUTODESKVAULT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\NETw3x32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nimcdlbk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nipsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\olregcap.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\oracleorahomehttpserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\owstimer.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pdlnecfg.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\R300.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\RioS30.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\s217nd5.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\s217obex.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sentinelprotectionserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sfng32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\smwdm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssm_mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\symantecantibotshim.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\SymIM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\syntp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\USB_RNDIS_XP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\szkg.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\Tb2RCAssist.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tbhsd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vaiomediaplatform-mobile-gateway.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vmx86.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\webclient.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\WGX.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xfilt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\z525obex.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\z800mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\zpmysql.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vds.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rdsessmgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-20 12:09:31
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0010
Running: hpij4qqp.exe; Driver: C:\Users\Arlene\AppData\Local\Temp\kflcauod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Arlene at 12:12:51 on 2012-04-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2999.2041 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\USB Camera\VM331_STI.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\YouCam\YouCamTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = *.local
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [331BigDog] c:\program files\usb camera\VM331_STI.EXE
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [OnekeyStudio] c:\program files\lenovo\onekey theater\OnekeyStudio.exe
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [UCam_Menu] "c:\program files\lenovo\youcam\muitransfer\muistartmenu.exe" "c:\program files\lenovo\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\lenovo\youcam\YouCamTray.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: mswsock.dll
TCP: DhcpNameServer = 64.71.255.198 10.0.1.1
TCP: Interfaces\{9FA57896-6456-4AD1-8DF8-8A2FEE889636} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD} : DhcpNameServer = 64.71.255.198 10.0.1.1
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD}\2454C4C4439323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD}\3486C6F6175756C6 : DhcpNameServer = 192.168.2.1 64.71.255.198
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD}\3547574656E647 : DhcpNameServer = 10.3.6.3
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD}\75C414E4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD}\841627075627026416D696C69702E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E1553729-F30A-4E09-B7BE-8AE08B19B1AD}\E4F647C6F626 : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-2-9 13336]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-3-27 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-18 654408]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2011-2-9 21256]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-2-9 119296]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-2-9 209920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 vm331avs;Digital Camera 1;c:\windows\system32\drivers\vm331avs.sys [2011-2-9 179072]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2011-2-11 11792]
S2 avgio;Tifsfilter;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
S2 mcproxy;Atalk;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 navap;Lmouflt2;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 nod32krn;Wlluc48;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 TeamViewer;Pavfnsvr;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bpenum;bpenum;c:\windows\system32\drivers\bpenum.sys [2009-9-15 56832]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2011-2-11 63240]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2011-2-11 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2011-2-11 579400]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-6-24 21504]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-2-9 182304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-2-9 189440]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-6 1343400]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
.
=============== Created Last 30 ================
.
2012-04-18 17:51:25388096----a-r-c:\users\arlene\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-18 17:51:24--------d-----w-c:\program files\Trend Micro
2012-04-18 16:44:22--------d-----w-c:\users\arlene\appdata\roaming\Malwarebytes
2012-04-18 16:28:35--------d-----w-c:\programdata\Malwarebytes
2012-04-18 16:28:3322344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-18 16:28:33--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-04-12 19:34:475120----a-w-c:\windows\system32\wmi.dll
2012-04-12 19:34:4719824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-12 19:34:47172544----a-w-c:\windows\system32\wintrust.dll
2012-04-12 19:34:47159232----a-w-c:\windows\system32\imagehlp.dll
2012-04-12 19:34:243968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-12 19:34:243913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-11 02:38:250--sha-w-c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-28 01:18:551799168----a-w-c:\windows\system32\jscript9.dll
2012-02-28 01:11:211427456----a-w-c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:071127424----a-w-c:\windows\system32\wininet.dll
2012-02-28 01:03:162382848----a-w-c:\windows\system32\mshtml.tlb
2012-02-17 05:34:22826880----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08183808----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:2224576----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:431077248----a-w-c:\windows\system32\DWrite.dll
2012-02-07 16:39:5883360----a-w-c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 16:39:5852096----a-w-c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-07 16:39:5687424----a-w-c:\windows\system32\LMIinit.dll
2012-02-07 16:39:5630592----a-w-c:\windows\system32\LMIport.dll
2012-02-03 03:54:272343424----a-w-c:\windows\system32\win32k.sys
2012-01-31 12:44:05237072------w-c:\windows\system32\MpSigStub.exe
2012-01-25 05:32:3558880----a-w-c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:518192----a-w-c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 12:13:19.29 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2011 5:07:01 PM
System Uptime: 4/20/2012 12:03:01 PM (0 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz | CPU | 2400/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 232.571 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11n Network Adapter
Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_051014E4&REV_01\4&C74C28E&0&00E1
Manufacturer: Broadcom
Name: Broadcom 802.11n Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_051014E4&REV_01\4&C74C28E&0&00E1
Service: BCM43XX
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5975f928
Device ID: ROOT\LEGACY_MPKSL5975F928\0000
Manufacturer:
Name: MpKsl5975f928
PNP Device ID: ROOT\LEGACY_MPKSL5975F928\0000
Service: MpKsl5975f928
.
==== System Restore Points ===================
.
RP172: 3/27/2012 3:08:30 PM - Windows Update
RP173: 3/28/2012 8:55:31 PM - Windows Update
RP174: 4/1/2012 8:57:45 AM - Windows Update
RP175: 4/4/2012 1:31:39 PM - Windows Update
RP176: 4/7/2012 8:29:49 PM - Windows Update
RP177: 4/11/2012 3:23:31 PM - Windows Update
RP178: 4/12/2012 3:34:07 PM - Windows Update
RP179: 4/18/2012 12:24:12 PM - Windows Update
RP180: 4/18/2012 1:51:03 PM - Installed HiJackThis
RP181: 4/20/2012 11:23:38 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.6
AppGraffiti
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.1
Bonjour
Cake Mania - To the Max
Conexant HD Audio
CyberLink YouCam
Energy Management
ETDWare PS/2-x86 7.0.4.13_WHQL
Facebook Video Calling 1.2.0.159
Free Studio version 5.0.10
HiJackThis
iCloud
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Kobo
Lenovo DirectShare
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Onekey Theater
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype Click to Call
Skype™ 5.5
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VeriFace
VLC media player 1.1.8
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
.
==== Event Viewer Messages From Past Week ========
.
4/20/2012 12:06:36 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/20/2012 12:04:16 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Wstcodec service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Wlancig service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Vpcbus service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The USBModem service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Tosrfnds service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Symndis service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Sscdmdm service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Regsrvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Ppa3 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Pavfnsvr service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Pav_service service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Nnsvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The NetTcpActivator service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Mbmiodrvr service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Ltmodem5 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Idebusdr service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Hibernation service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Emitray service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Delldmi service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Cfosspeed service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The Avg7rsw service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:31 PM, Error: Service Control Manager [7023] - The ATWPKT2 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Zunenetworksvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Wmp54gsvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Wlluc48 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Vmx86 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Tfsndrct service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Pwisvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Pdlnebas service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Pctavsvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The P17 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Oracleorahome92tnslistener service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Oracle_load_balancer_60_server-forms6i service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The NWSNS service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Mqdmserd service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Motoswitchservice service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Mcrdsvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Lmouflt2 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The IPassPeriodicUpdateApp service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The IntuitUpdateService service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The E1express service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Dvd-ram_service service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Dcevt32 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The CXAVXBAR service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The BRCMDECO service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Bdrsdrv service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Battc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Backupexecjobengine service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Autostore service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Atalk service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7023] - The Alpham2 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:29 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Winvnc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The W700mdfl service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Vrmonsvc service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Vaiomediaplatform-videoserver-appserver service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Ultra66 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Tzontservice service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Tifsfilter service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The SeratoUsb service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The SE2Dmdm service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Se2Bunic service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Rt73 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Rdpdr service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Pdscheduler service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Pdlnsx25 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Nuvaud2 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Msloop service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Mcsysmon service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The MASPINT service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The MagicTune service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Ipodservice service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Hap17v2k service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Fshttps service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Filemon701 service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The DVDRC service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The DKbFltr service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Db2licd service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Cpqvcagent service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The ASUSVRC service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Alcxwdm service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7023] - The Ageremodemaudio service terminated with the following error: The specified module could not be found.
4/20/2012 12:03:28 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/20/2012 11:51:30 AM, Error: Service Control Manager [7023] - The Battc service terminated with the following error: The specified procedure could not be found.
4/20/2012 11:36:38 AM, Error: Service Control Manager [7023] - The Hibernation service terminated with the following error: The specified procedure could not be found.
4/20/2012 11:18:05 AM, Error: Service Control Manager [7023] - The Ageremodemaudio service terminated with the following error: Access is denied.
4/20/2012 11:17:02 AM, Error: Service Control Manager [7023] - The Winvnc service terminated with the following error: Access is denied.
4/20/2012 11:16:50 AM, Error: Microsoft Antimalware [3002] -
4/20/2012 11:16:26 AM, Error: Service Control Manager [7023] - The Vpcbus service terminated with the following error: Access is denied.
4/20/2012 11:16:26 AM, Error: Service Control Manager [7023] - The Tzontservice service terminated with the following error: Access is denied.
4/20/2012 11:16:26 AM, Error: Service Control Manager [7023] - The P17 service terminated with the following error: Access is denied.
4/19/2012 9:47:23 AM, Error: Service Control Manager [7023] - The Radiosvr service terminated with the following error: Access is denied.
4/19/2012 9:32:23 AM, Error: Service Control Manager [7023] - The MagicTune service terminated with the following error: Access is denied.
4/19/2012 9:17:23 AM, Error: Service Control Manager [7023] - The Oracleorahome811cman service terminated with the following error: Access is denied.
4/19/2012 9:02:23 AM, Error: Service Control Manager [7023] - The Fshttps service terminated with the following error: Access is denied.
4/19/2012 8:47:24 AM, Error: Service Control Manager [7023] - The AsusACPI service terminated with the following error: Access is denied.
4/19/2012 8:32:24 AM, Error: Service Control Manager [7023] - The Ipodservice service terminated with the following error: Access is denied.
4/19/2012 8:17:23 AM, Error: Service Control Manager [7023] - The Nvcap service terminated with the following error: Access is denied.
4/19/2012 8:02:23 AM, Error: Service Control Manager [7023] - The Avg7rsw service terminated with the following error: Access is denied.
4/19/2012 7:47:23 AM, Error: Service Control Manager [7023] - The SbieDrv service terminated with the following error: Access is denied.
4/19/2012 7:32:23 AM, Error: Service Control Manager [7023] - The Alpham2 service terminated with the following error: Access is denied.
4/19/2012 7:17:23 AM, Error: Service Control Manager [7023] - The Axsnmsvc service terminated with the following error: Access is denied.
4/19/2012 7:02:23 AM, Error: Service Control Manager [7023] - The CXAVXBAR service terminated with the following error: Access is denied.
4/19/2012 6:47:23 AM, Error: Service Control Manager [7023] - The W810mgmt service terminated with the following error: Access is denied.
4/19/2012 6:32:23 AM, Error: Service Control Manager [7023] - The IntuitUpdateService service terminated with the following error: Access is denied.
4/19/2012 6:17:23 AM, Error: Service Control Manager [7023] - The Winsock service terminated with the following error: Access is denied.
4/19/2012 6:02:23 AM, Error: Service Control Manager [7023] - The Db2licd service terminated with the following error: Access is denied.
4/19/2012 5:47:23 AM, Error: Service Control Manager [7023] - The Ctprxy2k service terminated with the following error: Access is denied.
4/19/2012 5:32:24 AM, Error: Service Control Manager [7023] - The Cpqvcagent service terminated with the following error: Access is denied.
4/19/2012 5:17:23 AM, Error: Service Control Manager [7023] - The PGPsdkDriver service terminated with the following error: Access is denied.
4/19/2012 5:02:23 AM, Error: Service Control Manager [7023] - The W700mdfl service terminated with the following error: Access is denied.
4/19/2012 4:47:23 AM, Error: Service Control Manager [7023] - The Dbmang service terminated with the following error: Access is denied.
4/19/2012 4:32:23 AM, Error: Service Control Manager [7023] - The Tifsfilter service terminated with the following error: Access is denied.
4/19/2012 4:17:23 AM, Error: Service Control Manager [7023] - The ScsiPort service terminated with the following error: Access is denied.
4/19/2012 4:02:23 AM, Error: Service Control Manager [7023] - The Nnsvc service terminated with the following error: Access is denied.
4/19/2012 3:47:23 AM, Error: Service Control Manager [7023] - The OneCareMP service terminated with the following error: Access is denied.
4/19/2012 3:32:23 AM, Error: Service Control Manager [7023] - The Mqdmserd service terminated with the following error: Access is denied.
4/19/2012 3:17:23 AM, Error: Service Control Manager [7023] - The Lxcccustomerconnect service terminated with the following error: Access is denied.
4/19/2012 3:02:23 AM, Error: Service Control Manager [7023] - The Mcrdsvc service terminated with the following error: Access is denied.
4/19/2012 2:47:23 AM, Error: Service Control Manager [7023] - The VAIOMediaPlatform-VideoServer-HTTP service terminated with the following error: Access is denied.
4/19/2012 2:32:23 AM, Error: Service Control Manager [7023] - The Pctavsvc service terminated with the following error: Access is denied.
4/19/2012 2:17:23 AM, Error: Service Control Manager [7023] - The Aegisp service terminated with the following error: Access is denied.
4/19/2012 2:02:24 AM, Error: Service Control Manager [7023] - The Lmouflt2 service terminated with the following error: Access is denied.
4/19/2012 12:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/19/2012 12:47:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2012 12:47:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/19/2012 12:47:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/19/2012 12:47:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/19/2012 12:47:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/19/2012 12:47:23 AM, Error: Service Control Manager [7023] - The Tnidriver service terminated with the following error: Access is denied.
4/19/2012 12:40:06 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
4/19/2012 12:39:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
4/19/2012 12:39:52 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2012 12:39:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/19/2012 12:32:24 PM, Error: Service Control Manager [7023] - The Yukonwlh service terminated with the following error: Access is denied.
4/19/2012 12:32:23 AM, Error: Service Control Manager [7023] - The Vaiomediaplatform-videoserver-appserver service terminated with the following error: Access is denied.
4/19/2012 12:17:24 PM, Error: Service Control Manager [7023] - The Sdcplh service terminated with the following error: Access is denied.
4/19/2012 12:17:23 AM, Error: Service Control Manager [7023] - The Vrfwsvc service terminated with the following error: Access is denied.
4/19/2012 12:02:24 PM, Error: Service Control Manager [7023] - The USBModem service terminated with the following error: Access is denied.
4/19/2012 12:02:23 AM, Error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: Access is denied.
4/19/2012 11:47:23 AM, Error: Service Control Manager [7023] - The Vsbus service terminated with the following error: Access is denied.
4/19/2012 11:32:23 AM, Error: Service Control Manager [7023] - The ATWPKT2 service terminated with the following error: Access is denied.
4/19/2012 11:17:23 AM, Error: Service Control Manager [7023] - The NWUSBPort service terminated with the following error: Access is denied.
4/19/2012 11:02:23 AM, Error: Service Control Manager [7023] - The Wlluc48 service terminated with the following error: Access is denied.
4/19/2012 10:47:23 AM, Error: Service Control Manager [7023] - The 3compxe service terminated with the following error: Access is denied.
4/19/2012 10:32:23 AM, Error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: Access is denied.
4/19/2012 10:17:23 AM, Error: Service Control Manager [7023] - The Ipahelper.exe service terminated with the following error: Access is denied.
4/19/2012 10:02:23 AM, Error: Service Control Manager [7023] - The Dcevt32 service terminated with the following error: Access is denied.
4/19/2012 1:47:23 AM, Error: Service Control Manager [7023] - The Elbycdfl service terminated with the following error: Access is denied.
4/19/2012 1:32:23 AM, Error: Service Control Manager [7023] - The Vmx86 service terminated with the following error: Access is denied.
4/19/2012 1:17:23 AM, Error: Service Control Manager [7023] - The CAM1210 service terminated with the following error: Access is denied.
4/19/2012 1:02:23 AM, Error: Service Control Manager [7023] - The Mcsysmon service terminated with the following error: Access is denied.
4/18/2012 9:47:24 PM, Error: Service Control Manager [7023] - The Tfsnudfa service terminated with the following error: Access is denied.
4/18/2012 9:32:23 PM, Error: Service Control Manager [7023] - The Alcxwdm service terminated with the following error: Access is denied.
4/18/2012 9:17:23 PM, Error: Service Control Manager [7023] - The Symantecantibotdriver service terminated with the following error: Access is denied.
4/18/2012 9:02:23 PM, Error: Service Control Manager [7023] - The MASPINT service terminated with the following error: Access is denied.
4/18/2012 8:47:23 PM, Error: Service Control Manager [7023] - The Epfwndis service terminated with the following error: Access is denied.
4/18/2012 8:32:23 PM, Error: Service Control Manager [7023] - The Pdlnebas service terminated with the following error: Access is denied.
4/18/2012 8:17:23 PM, Error: Service Control Manager [7023] - The DELTA service terminated with the following error: Access is denied.
4/18/2012 8:02:23 PM, Error: Service Control Manager [7023] - The Pavfnsvr service terminated with the following error: Access is denied.
4/18/2012 7:47:23 PM, Error: Service Control Manager [7023] - The Sysmonlog service terminated with the following error: Access is denied.
4/18/2012 7:32:23 PM, Error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: Access is denied.
4/18/2012 7:17:23 PM, Error: Service Control Manager [7023] - The Epoxusdm service terminated with the following error: Access is denied.
4/18/2012 7:02:23 PM, Error: Service Control Manager [7023] - The Wstcodec service terminated with the following error: Access is denied.
4/18/2012 6:47:23 PM, Error: Service Control Manager [7023] - The Teefer service terminated with the following error: Access is denied.
4/18/2012 6:32:23 PM, Error: Service Control Manager [7023] - The Ltmodem5 service terminated with the following error: Access is denied.
4/18/2012 6:17:23 PM, Error: Service Control Manager [7023] - The Emupia service terminated with the following error: Access is denied.
4/18/2012 6:02:23 PM, Error: Service Control Manager [7023] - The Oracle_load_balancer_60_server-forms6i service terminated with the following error: Access is denied.
4/18/2012 5:47:23 PM, Error: Service Control Manager [7023] - The Caccprovsp service terminated with the following error: Access is denied.
4/18/2012 5:32:23 PM, Error: Service Control Manager [7023] - The Motoswitchservice service terminated with the following error: Access is denied.
4/18/2012 5:17:23 PM, Error: Service Control Manager [7023] - The SE2Emdm service terminated with the following error: Access is denied.
4/18/2012 5:02:23 PM, Error: Service Control Manager [7023] - The Bdrsdrv service terminated with the following error: Access is denied.
4/18/2012 4:47:24 PM, Error: Service Control Manager [7023] - The CVirtA service terminated with the following error: Access is denied.
4/18/2012 4:32:23 PM, Error: Service Control Manager [7023] - The BRCMDECO service terminated with the following error: Access is denied.
4/18/2012 4:17:23 PM, Error: Service Control Manager [7023] - The MTsensor service terminated with the following error: Access is denied.
4/18/2012 4:02:23 PM, Error: Service Control Manager [7023] - The Se2Bunic service terminated with the following error: Access is denied.
4/18/2012 3:47:23 PM, Error: Service Control Manager [7023] - The Hddsvc service terminated with the following error: Access is denied.
4/18/2012 3:32:23 PM, Error: Service Control Manager [7023] - The Pdscheduler service terminated with the following error: Access is denied.
4/18/2012 3:17:23 PM, Error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: Access is denied.
4/18/2012 3:02:24 PM, Error: Service Control Manager [7023] - The Mbmiodrvr service terminated with the following error: Access is denied.
4/18/2012 2:47:23 PM, Error: Service Control Manager [7023] - The Nimxdfk service terminated with the following error: Access is denied.
4/18/2012 2:32:23 PM, Error: Service Control Manager [7023] - The E1express service terminated with the following error: Access is denied.
4/18/2012 2:17:23 PM, Error: Service Control Manager [7023] - The Tfsndrct service terminated with the following error: Access is denied.
4/18/2012 2:02:24 PM, Error: Service Control Manager [7023] - The Oracleorahome92tnslistener service terminated with the following error: Access is denied.
4/18/2012 2:01:24 PM, Error: Service Control Manager [7023] - The SeratoUsb service terminated with the following error: Access is denied.
4/18/2012 12:33:23 PM, Error: Service Control Manager [7023] - The IPassPeriodicUpdateApp service terminated with the following error: Access is denied.
4/18/2012 12:27:23 PM, Error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: Access is denied.
4/18/2012 12:18:24 PM, Error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: Access is denied.
4/18/2012 12:14:35 PM, Error: Service Control Manager [7023] - The Backupexecjobengine service terminated with the following error: Access is denied.
4/18/2012 11:47:23 PM, Error: Service Control Manager [7023] - The Btwavdt service terminated with the following error: Access is denied.
4/18/2012 11:17:23 PM, Error: Service Control Manager [7023] - The Bt service terminated with the following error: Access is denied.
4/18/2012 11:02:23 PM, Error: Service Control Manager [7023] - The Atalk service terminated with the following error: Access is denied.
4/18/2012 10:47:23 PM, Error: Service Control Manager [7023] - The Belmonitorservice service terminated with the following error: Access is denied.
4/18/2012 10:32:23 PM, Error: Service Control Manager [7023] - The Sscdmdm service terminated with the following error: Access is denied.
4/18/2012 10:17:23 PM, Error: Service Control Manager [7023] - The Psdvdisk service terminated with the following error: Access is denied.
4/18/2012 10:02:23 PM, Error: Service Control Manager [7023] - The Msloop service terminated with the following error: Access is denied.
4/18/2012 1:46:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================
 
Okay then- judging by the number of infected files with Zero Access Rootkit and the abundance of errors in the Event Viewer, it appears that you have had the malware for a while. We will see what else in on the system and make the decision whether it's feasible to try and clean the system or go to the reformat/reinstall.

This malware is usually accompanie with other malware, or conversely, other malware may bring this.
===========================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=================================================
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
=========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================================
If yoi have any problem running these programs- STOP-and let me know what they are.
If anything noticobly improves-OR-is anything gets worse, please advise me.
======================================================
Please leave the logs from Combofix, TDSSKiller and Eset scan in your next reply.
======================================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Ok, First off, Thanks very very much!!

When I ran ComboFix I got the following prompt:

You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.

If for any reason that your're unable to connect to the internet after running ComboFix, reboot once and see if that fixes it.

If it's not fixed, run ComboFix one more time.

When I click ok the machine seemed to lock up. I waited for an hour and nothing changed so I rebooted and tried again. I got the same prompt and clicked OK. This time it went all the way through all stages, rebooted, finished doing it's thing and spit out this result:

ComboFix 12-04-19.01 - Arlene 04/21/2012 12:47:38.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2999.2398 [GMT -4:00]
Running from: c:\users\Arlene\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Arlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76C2C7BA-4D9A-4B1E-9DB5-2CA65E5ACEC5}.xps
c:\users\Arlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{901F818A-2128-4826-94ED-9A548D450D22}.xps
c:\users\Arlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{95E1D93F-F7A5-4A9F-909F-FF5E56F82B09}.xps
c:\users\Arlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\{977C3A03-9BA1-4466-A914-97AF2E54367C}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1D8E5346-9119-4CFB-A39A-FA00E51D490A}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43EE608B-18AD-480F-9E97-AC070F3107BE}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{47BDEF41-B3AC-48CC-9F58-6A9787D1E3A5}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85C8A1F0-E7D8-4CE5-8B37-0BA928E419F3}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B41E36AE-E40A-47F8-BAB6-1942A92F2DC0}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BD6D9916-E6B1-4808-9F64-DAE96EA6928F}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C8A84F4E-F6B6-4437-AD55-C01C83167685}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3C1F474-6614-47DB-BD02-48D2A0AF9689}.xps
c:\users\Erika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2396FD9-8734-421C-9042-52906B72B021}.xps
c:\users\Erika\Documents\~WRL0003.tmp
c:\users\Erika\Documents\~WRL0004.tmp
c:\users\Erika\Documents\~WRL0005.tmp
c:\users\Erika\Documents\~WRL1488.tmp
c:\users\Erika\Documents\~WRL2075.tmp
c:\windows\system32\bdss.dll
c:\windows\system32\bwmservice.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\$NtUninstallKB25191$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_a8djavs
-------\Service_Eplpdx02
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 16:57 . 2012-04-21 16:57--------d-----w-c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-04-21 16:57 . 2012-04-21 16:57--------d-----w-c:\users\Erika\AppData\Local\temp
2012-04-21 16:57 . 2012-04-21 17:18--------d-----w-c:\users\Arlene\AppData\Local\temp
2012-04-21 16:57 . 2012-04-21 16:57--------d-----w-c:\users\Laurie\AppData\Local\temp
2012-04-21 16:57 . 2012-04-21 16:57--------d-----w-c:\users\Default\AppData\Local\temp
2012-04-21 16:57 . 2012-04-21 16:57--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-18 17:51 . 2012-04-18 17:51388096----a-r-c:\users\Arlene\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-18 17:51 . 2012-04-18 17:51--------d-----w-c:\program files\Trend Micro
2012-04-18 16:44 . 2012-04-18 16:44--------d-----w-c:\users\Arlene\AppData\Roaming\Malwarebytes
2012-04-18 16:28 . 2012-04-18 16:28--------d-----w-c:\users\Erika\AppData\Roaming\Malwarebytes
2012-04-18 16:28 . 2012-04-18 16:28--------d-----w-c:\programdata\Malwarebytes
2012-04-18 16:28 . 2012-04-18 16:28--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-04-18 16:28 . 2012-04-04 19:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-12 19:34 . 2012-03-01 05:4619824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-12 19:34 . 2012-03-01 05:37172544----a-w-c:\windows\system32\wintrust.dll
2012-04-12 19:34 . 2012-03-01 05:33159232----a-w-c:\windows\system32\imagehlp.dll
2012-04-12 19:34 . 2012-03-01 05:295120----a-w-c:\windows\system32\wmi.dll
2012-04-12 19:34 . 2012-03-06 05:593968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-12 19:34 . 2012-03-06 05:593913072----a-w-c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 05:34 . 2012-03-14 10:52826880----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 10:52183808----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 10:5224576----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 10:531077248----a-w-c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 10:532343424----a-w-c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-02-11 06:01237072------w-c:\windows\system32\MpSigStub.exe
2012-01-25 05:32 . 2012-03-14 10:5258880----a-w-c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 10:52129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 10:528192----a-w-c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-02-11 06:111410400----a-w-c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-12-20 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-12-20 487992]
"331BigDog"="c:\program files\USB Camera\VM331_STI.EXE" [2009-12-20 536576]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-12-20 501640]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-12-17 4114368]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6223808]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 665504]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2011-02-11 3122528]
"UCam_Menu"="c:\program files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files\Lenovo\YouCam\YouCamTray.exe" [2009-11-11 167008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
IgrsSvcsREG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
vwlogger
StkScan
hpqwmi
MSFWHLPR
VAIOMediaPlatform-PhotoServer-UPnP
VAIOMediaPlatform-PhotoServer-HTTP
s3savagenb
ATSWPDRV
cd20xrnt
SWNC8U51
wanatw
w550mdm
cvintdrv
flutilssvc
vpn5000service
tng-dts
rtl8023
ScFBPNT2
lmouflt2
PhilCam8116_XP
s716unic
alerter
NsTrcNT
LVBulk
timounter
cdvp
PTproct
DritekPortIO
zenos1
mxserver
AMDPCI
npkcusb
pid_0928
ntcharge
avgio
ashampoodefragservice
pinger
NITaggerService
compaq_rba
Cinemsup
cnxtdiag
thotkey
ati2mtaa
cpuidlep
sscdmdfl
sony_ssm.sys
symantecantibotagent
se2Bunic
ss_mdm
amdk77
EpmShd
XAudio
vxsvc
Rawwan
vnxservice
oraclewebassistant
riomsc
nalntservice
VC6SecS
FirePM
omniusb
HPSLPSVC
CoolerXPDriver
upsentry_smart
dxdebug
ehstart
cdfsvc
license
ccpwdsvc
se45mdfl
sdbus
Eplpdx02
a8djavs
websensepolicyserver
pwisvc
xusb21
X4HSX32
TdmService
areschatserver
ldlcserv
WIBUKEY
w300mdm
SiRemFil
roxliveshare
s117unic
WINIO
DM9102
inport
HBtnKey
lxcd_device
sandboxu
pae_avs
AtlsAud
lightscribeservice
bdpredir
ds1
lxrjd31d
moufiltr
dlaudfam
se26unic
nhcDriverDevice
pcidump
Si3132r5
nod32krn
rnadiagnosticsservice
cfosspeed
snareiis
portmapper
citrixxteserver
L8042Kbd
tdrpman174
netmnt
navap
BCMWLNPF
oracledbconsoleorcl
mcproxy
adobeactivefilemonitor5.0
Anydlc
TeamViewer
tvalz
passthru
LVVI500A
aliadwdm
USBCamera
pnmsrv
elosystemservice
U81xmgmt
bc_pat_f
mqdmbus
LPDSVC
btwaudio
ati2mtag
pnarp
snpstd
quickbooksdb
lusbaudio
tpkmpsvc
zebrmdmc
L6POD
DLARTL_M
trioservice
icm10blk
iAimFP5
entech
NETw4v32
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1003Core.job
- c:\users\Laurie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 19:31]
.
2012-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1003UA.job
- c:\users\Laurie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 19:31]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1004Core.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 09:30]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1004UA.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 09:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7836)
c:\program files\Lenovo\Onekey Theater\ActiveDetect32.dll
c:\program files\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
c:\windows\system32\IcnOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\IgrsSvcs.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-21 13:22:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-21 17:22
.
Pre-Run: 249,738,764,288 bytes free
Post-Run: 252,095,774,720 bytes free
.
- - End Of File - - A2439518983C0A8BE1837F9EFFF2E962
 
I ran tdsskiller and got a fault:
"Illegal operation attempted on a registry key that has been marked for deletion"

As instructed I rebooted and ran again. It found one infection but there was no option to "Quarantine". The only 2 options were to "copy to quarantine" and "cure". I selected the "copy to quarantine". It reported that one infection remained. I re-read the instructions and noticed the last line said "reboot after disinfection" so I rescanned with tdsskiller and chose the "cure" option. It failed to cure and didn't prompt for a reboot.

Here is a copy of the log from TDSSKILLER

13:50:25.0721 7100TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
13:50:25.0737 7100============================================================
13:50:25.0737 7100Current date / time: 2012/04/21 13:50:25.0737
13:50:25.0737 7100SystemInfo:
13:50:25.0737 7100
13:50:25.0737 7100OS Version: 6.1.7601 ServicePack: 1.0
13:50:25.0737 7100Product type: Workstation
13:50:25.0737 7100ComputerName: LAPTOP
13:50:25.0737 7100UserName: Arlene
13:50:25.0737 7100Windows directory: C:\Windows
13:50:25.0737 7100System windows directory: C:\Windows
13:50:25.0737 7100Processor architecture: Intel x86
13:50:25.0737 7100Number of processors: 4
13:50:25.0737 7100Page size: 0x1000
13:50:25.0737 7100Boot type: Normal boot
13:50:25.0737 7100============================================================
13:50:28.0155 7100Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:50:28.0155 7100\Device\Harddisk0\DR0:
13:50:28.0155 7100MBR partitions:
13:50:28.0155 7100\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:50:28.0155 7100\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:50:28.0186 7100C: <-> \Device\Harddisk0\DR0\Partition1
13:50:28.0186 7100Initialize success
13:50:28.0186 7100============================================================
13:50:35.0705 6576============================================================
13:50:35.0705 6576Scan started
13:50:35.0705 6576Mode: Manual;
13:50:35.0705 6576============================================================
13:50:38.0170 65761394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:50:38.0186 65761394ohci - ok
13:50:38.0264 6576ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:50:38.0264 6576ACPI - ok
13:50:38.0451 6576AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:50:38.0451 6576AcpiPmi - ok
13:50:38.0529 6576ACPIVPC (e4d3dd5a1fc4aef696d34d4b97049343) C:\Windows\system32\DRIVERS\AcpiVpc.sys
13:50:38.0529 6576ACPIVPC - ok
13:50:38.0669 6576adobeactivefilemonitor5.0 - ok
13:50:38.0763 6576adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:50:38.0779 6576adp94xx - ok
13:50:38.0950 6576adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:50:38.0950 6576adpahci - ok
13:50:39.0106 6576adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:50:39.0106 6576adpu320 - ok
13:50:39.0153 6576AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:50:39.0153 6576AeLookupSvc - ok
13:50:39.0247 6576AFD (0dac8bf208bb132ebea0f0366ebd3e6d) C:\Windows\system32\drivers\afd.sys
13:50:39.0262 6576AFD ( Virus.Win32.ZAccess.k ) - infected
13:50:39.0262 6576AFD - detected Virus.Win32.ZAccess.k (0)
13:50:39.0371 6576agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:50:39.0387 6576agp440 - ok
13:50:39.0481 6576aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:50:39.0481 6576aic78xx - ok
13:50:39.0512 6576alerter - ok
13:50:39.0777 6576ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:50:39.0777 6576ALG - ok
13:50:39.0808 6576aliadwdm - ok
13:50:39.0871 6576aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:50:39.0871 6576aliide - ok
13:50:39.0917 6576amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:50:39.0917 6576amdagp - ok
13:50:39.0933 6576amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:50:39.0933 6576amdide - ok
13:50:40.0011 6576AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:50:40.0011 6576AmdK8 - ok
13:50:40.0105 6576AMDPCI - ok
13:50:40.0120 6576AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:50:40.0120 6576AmdPPM - ok
13:50:40.0198 6576amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:50:40.0198 6576amdsata - ok
13:50:40.0229 6576amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:50:40.0245 6576amdsbs - ok
13:50:40.0276 6576amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:50:40.0276 6576amdxata - ok
13:50:40.0323 6576Anydlc - ok
13:50:40.0401 6576AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:50:40.0417 6576AppID - ok
13:50:40.0495 6576AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:50:40.0495 6576AppIDSvc - ok
13:50:40.0557 6576Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:50:40.0573 6576Appinfo - ok
13:50:40.0744 6576Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:50:40.0744 6576Apple Mobile Device - ok
13:50:40.0931 6576arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:50:40.0931 6576arc - ok
13:50:40.0947 6576arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:50:40.0947 6576arcsas - ok
13:50:41.0009 6576ashampoodefragservice - ok
13:50:41.0103 6576AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:50:41.0119 6576AsyncMac - ok
13:50:41.0212 6576atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:50:41.0212 6576atapi - ok
13:50:41.0306 6576ati2mtag - ok
13:50:41.0415 6576ATSWPDRV - ok
13:50:41.0477 6576AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:50:41.0493 6576AudioEndpointBuilder - ok
13:50:41.0493 6576Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:50:41.0493 6576Audiosrv - ok
13:50:41.0571 6576avgio - ok
13:50:41.0789 6576AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:50:41.0789 6576AxInstSV - ok
13:50:41.0899 6576b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:50:41.0914 6576b06bdrv - ok
13:50:42.0055 6576b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:50:42.0055 6576b57nd60x - ok
13:50:42.0211 6576BCM43XX (61351a6aac26257f333d77ef738f3f3e) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:50:42.0289 6576BCM43XX - ok
13:50:42.0351 6576BCMWLNPF - ok
13:50:42.0429 6576BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:50:42.0429 6576BDESVC - ok
13:50:42.0507 6576Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:50:42.0507 6576Beep - ok
13:50:42.0757 6576BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:50:42.0757 6576BFE - ok
13:50:42.0803 6576BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
13:50:42.0819 6576BITS - ok
13:50:42.0866 6576blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:50:42.0866 6576blbdrive - ok
13:50:42.0991 6576Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:50:42.0991 6576Bonjour Service - ok
13:50:43.0100 6576bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:50:43.0100 6576bowser - ok
13:50:43.0178 6576bpenum (2b21b3e9abf067ce0b0878e2517a8971) C:\Windows\system32\DRIVERS\bpenum.sys
13:50:43.0178 6576bpenum - ok
13:50:43.0225 6576BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:50:43.0225 6576BrFiltLo - ok
13:50:43.0240 6576BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:50:43.0240 6576BrFiltUp - ok
13:50:43.0303 6576Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\Windows\system32\drivers\WDBridge.sys
13:50:43.0318 6576Bridge0 - ok
13:50:43.0459 6576BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:50:43.0459 6576BridgeMP - ok
13:50:43.0505 6576Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:50:43.0505 6576Browser - ok
13:50:43.0708 6576Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:50:43.0724 6576Brserid - ok
13:50:43.0833 6576BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:50:43.0849 6576BrSerWdm - ok
13:50:43.0864 6576BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:50:43.0864 6576BrUsbMdm - ok
13:50:43.0880 6576BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:50:43.0880 6576BrUsbSer - ok
13:50:43.0895 6576BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:50:43.0895 6576BTHMODEM - ok
13:50:43.0958 6576bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:50:43.0958 6576bthserv - ok
13:50:44.0036 6576btwaudio - ok
13:50:44.0161 6576catchme - ok
13:50:44.0285 6576ccpwdsvc - ok
13:50:44.0363 6576cd20xrnt - ok
13:50:44.0441 6576cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:50:44.0457 6576cdfs - ok
13:50:44.0535 6576cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:50:44.0535 6576cdrom - ok
13:50:44.0675 6576cdvp - ok
13:50:44.0753 6576CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:50:44.0753 6576CertPropSvc - ok
13:50:44.0816 6576cfosspeed - ok
13:50:44.0894 6576Cinemsup - ok
13:50:44.0956 6576circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:50:44.0956 6576circlass - ok
13:50:45.0065 6576citrixxteserver - ok
13:50:45.0112 6576CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:50:45.0128 6576CLFS - ok
13:50:45.0237 6576clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:50:45.0253 6576clr_optimization_v2.0.50727_32 - ok
13:50:45.0331 6576clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:50:45.0346 6576clr_optimization_v4.0.30319_32 - ok
13:50:45.0393 6576CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:50:45.0393 6576CmBatt - ok
13:50:45.0440 6576cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:50:45.0440 6576cmdide - ok
13:50:45.0487 6576CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:50:45.0487 6576CNG - ok
13:50:45.0518 6576cnxtdiag - ok
13:50:45.0580 6576CnxtHdAudService (544e2926007f7b57fd5e4a76718e3c85) C:\Windows\system32\drivers\CHDRT32.sys
13:50:45.0580 6576CnxtHdAudService - ok
13:50:45.0721 6576compaq_rba - ok
13:50:45.0799 6576Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:50:45.0799 6576Compbatt - ok
13:50:45.0955 6576CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:50:45.0955 6576CompositeBus - ok
13:50:46.0033 6576COMSysApp - ok
13:50:46.0064 6576crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:50:46.0079 6576crcdisk - ok
13:50:46.0220 6576CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:50:46.0220 6576CryptSvc - ok
13:50:46.0329 6576cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:50:46.0345 6576cvhsvc - ok
13:50:46.0454 6576cvintdrv - ok
13:50:46.0516 6576DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:50:46.0516 6576DcomLaunch - ok
13:50:46.0750 6576defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:50:46.0750 6576defragsvc - ok
13:50:46.0906 6576DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:50:46.0906 6576DfsC - ok
13:50:47.0078 6576Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:50:47.0078 6576Dhcp - ok
13:50:47.0125 6576discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:50:47.0125 6576discache - ok
13:50:47.0171 6576Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:50:47.0171 6576Disk - ok
13:50:47.0312 6576DLARTL_M - ok
13:50:47.0359 6576Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:50:47.0359 6576Dnscache - ok
13:50:47.0405 6576dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:50:47.0405 6576dot3svc - ok
13:50:47.0452 6576DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:50:47.0452 6576DPS - ok
13:50:47.0515 6576DritekPortIO - ok
13:50:47.0639 6576drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:50:47.0639 6576drmkaud - ok
13:50:47.0780 6576DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:50:47.0795 6576DXGKrnl - ok
13:50:47.0936 6576EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:50:47.0951 6576EapHost - ok
13:50:48.0154 6576ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:50:48.0232 6576ebdrv - ok
13:50:48.0357 6576EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:50:48.0373 6576EFS - ok
13:50:48.0466 6576ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:50:48.0482 6576ehRecvr - ok
13:50:48.0513 6576ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:50:48.0513 6576ehSched - ok
13:50:48.0685 6576elosystemservice - ok
13:50:48.0809 6576elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:50:48.0825 6576elxstor - ok
13:50:48.0919 6576entech - ok
13:50:48.0965 6576ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:50:48.0965 6576ErrDev - ok
13:50:49.0043 6576ETD (0daa932ae06b47e0f4b1c02f6575be05) C:\Windows\system32\DRIVERS\ETD.sys
13:50:49.0043 6576ETD - ok
13:50:49.0184 6576EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:50:49.0184 6576EventSystem - ok
13:50:49.0231 6576exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:50:49.0231 6576exfat - ok
13:50:49.0246 6576fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:50:49.0262 6576fastfat - ok
13:50:49.0293 6576Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:50:49.0309 6576Fax - ok
13:50:49.0340 6576fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:50:49.0340 6576fdc - ok
13:50:49.0371 6576fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:50:49.0371 6576fdPHost - ok
13:50:49.0387 6576FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:50:49.0402 6576FDResPub - ok
13:50:49.0418 6576FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:50:49.0418 6576FileInfo - ok
13:50:49.0449 6576Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:50:49.0449 6576Filetrace - ok
13:50:49.0465 6576flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:50:49.0465 6576flpydisk - ok
13:50:49.0543 6576FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:50:49.0543 6576FltMgr - ok
13:50:49.0667 6576flutilssvc - ok
13:50:49.0714 6576FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:50:49.0730 6576FontCache - ok
13:50:49.0901 6576FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:50:49.0901 6576FontCache3.0.0.0 - ok
13:50:49.0948 6576FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:50:49.0948 6576FsDepends - ok
13:50:49.0995 6576Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:50:49.0995 6576Fs_Rec - ok
13:50:50.0073 6576fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:50:50.0073 6576fvevol - ok
13:50:50.0229 6576gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:50:50.0229 6576gagp30kx - ok
13:50:50.0369 6576GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:50:50.0369 6576GEARAspiWDM - ok
13:50:50.0479 6576gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:50:50.0479 6576gpsvc - ok
13:50:50.0541 6576hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:50:50.0541 6576hcw85cir - ok
13:50:50.0744 6576HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:50:50.0759 6576HdAudAddService - ok
13:50:50.0822 6576HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:50:50.0822 6576HDAudBus - ok
13:50:50.0869 6576HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:50:50.0869 6576HidBatt - ok
13:50:50.0900 6576HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:50:50.0900 6576HidBth - ok
13:50:50.0931 6576HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:50:50.0931 6576HidIr - ok
13:50:50.0978 6576hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
13:50:50.0978 6576hidserv - ok
13:50:51.0056 6576HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:50:51.0056 6576HidUsb - ok
13:50:51.0087 6576hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:50:51.0103 6576hkmsvc - ok
13:50:51.0134 6576HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:50:51.0149 6576HomeGroupListener - ok
 
(cont)

13:50:51.0212 6576HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:50:51.0212 6576HomeGroupProvider - ok
13:50:51.0227 6576hpqwmi - ok
13:50:51.0305 6576HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:50:51.0305 6576HpSAMD - ok
13:50:51.0446 6576HPSLPSVC - ok
13:50:51.0508 6576HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:50:51.0508 6576HTTP - ok
13:50:51.0555 6576hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:50:51.0555 6576hwpolicy - ok
13:50:51.0695 6576i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:50:51.0695 6576i8042prt - ok
13:50:51.0836 6576iAimFP5 - ok
13:50:51.0914 6576iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\Windows\system32\DRIVERS\iaStor.sys
13:50:51.0914 6576iaStor - ok
13:50:52.0007 6576IAStorDataMgrSvc (cc800d2d9fd467542bac7c186c4774ad) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:50:52.0007 6576IAStorDataMgrSvc - ok
13:50:52.0163 6576iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:50:52.0179 6576iaStorV - ok
13:50:52.0179 6576icm10blk - ok
13:50:52.0273 6576idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:50:52.0319 6576idsvc - ok
13:50:52.0553 6576igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:50:52.0787 6576igfx - ok
13:50:52.0897 6576IGRS (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
13:50:52.0897 6576IGRS - ok
13:50:53.0053 6576iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:50:53.0053 6576iirsp - ok
13:50:53.0099 6576IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:50:53.0131 6576IKEEXT - ok
13:50:53.0224 6576Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
13:50:53.0224 6576Impcd - ok
13:50:53.0333 6576IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:50:53.0333 6576IntcDAud - ok
13:50:53.0380 6576intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:50:53.0380 6576intelide - ok
13:50:53.0458 6576intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:50:53.0458 6576intelppm - ok
13:50:53.0505 6576IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:50:53.0505 6576IPBusEnum - ok
13:50:53.0521 6576IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:50:53.0521 6576IpFilterDriver - ok
13:50:53.0708 6576iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:50:53.0723 6576iphlpsvc - ok
13:50:53.0833 6576IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:50:53.0848 6576IPMIDRV - ok
13:50:53.0911 6576IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:50:53.0911 6576IPNAT - ok
13:50:54.0035 6576iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
13:50:54.0067 6576iPod Service - ok
13:50:54.0207 6576IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:50:54.0207 6576IRENUM - ok
13:50:54.0254 6576isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:50:54.0254 6576isapnp - ok
13:50:54.0285 6576iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:50:54.0285 6576iScsiPrt - ok
13:50:54.0363 6576kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:50:54.0363 6576kbdclass - ok
13:50:54.0441 6576kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:50:54.0441 6576kbdhid - ok
13:50:54.0472 6576KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:50:54.0472 6576KeyIso - ok
13:50:54.0503 6576KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:50:54.0503 6576KSecDD - ok
13:50:54.0535 6576KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:50:54.0535 6576KSecPkg - ok
13:50:54.0581 6576KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:50:54.0581 6576KtmRm - ok
13:50:54.0722 6576L6POD - ok
13:50:54.0737 6576L8042Kbd - ok
13:50:54.0847 6576LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
13:50:54.0847 6576LanmanServer - ok
13:50:54.0971 6576LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:50:54.0971 6576LanmanWorkstation - ok
13:50:55.0096 6576Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
13:50:55.0112 6576Lenovo ReadyComm AppSvc - ok
13:50:55.0127 6576Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
13:50:55.0143 6576Lenovo ReadyComm ConnSvc - ok
13:50:55.0268 6576libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\Windows\system32\drivers\libusb0.sys
13:50:55.0268 6576libusb0 - ok
13:50:55.0330 6576license - ok
13:50:55.0517 6576lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:50:55.0517 6576lltdio - ok
13:50:55.0549 6576lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:50:55.0564 6576lltdsvc - ok
13:50:55.0580 6576lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:50:55.0580 6576lmhosts - ok
13:50:55.0611 6576lmimirr - ok
13:50:55.0954 6576LPDSVC - ok
13:50:56.0079 6576LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:50:56.0079 6576LSI_FC - ok
13:50:56.0110 6576LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:50:56.0126 6576LSI_SAS - ok
13:50:56.0219 6576LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:50:56.0219 6576LSI_SAS2 - ok
13:50:56.0266 6576LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:50:56.0266 6576LSI_SCSI - ok
13:50:56.0313 6576luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:50:56.0313 6576luafv - ok
13:50:56.0391 6576lusbaudio - ok
13:50:56.0469 6576LVBulk - ok
13:50:56.0485 6576LVVI500A - ok
13:50:56.0578 6576MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:50:56.0594 6576MBAMProtector - ok
13:50:56.0703 6576MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:50:56.0719 6576MBAMService - ok
13:50:56.0875 6576mcproxy - ok
13:50:57.0109 6576Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:50:57.0109 6576Mcx2Svc - ok
13:50:57.0374 6576megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:50:57.0374 6576megasas - ok
13:50:57.0483 6576MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:50:57.0483 6576MegaSR - ok
13:50:57.0514 6576MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:50:57.0530 6576MMCSS - ok
13:50:57.0561 6576Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:50:57.0561 6576Modem - ok
13:50:57.0686 6576monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:50:57.0686 6576monitor - ok
13:50:57.0904 6576mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:50:57.0920 6576mouclass - ok
13:50:58.0123 6576mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:50:58.0123 6576mouhid - ok
13:50:58.0169 6576mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:50:58.0185 6576mountmgr - ok
13:50:58.0201 6576mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:50:58.0216 6576mpio - ok
13:50:58.0247 6576MpKsl5975f928 - ok
13:50:58.0403 6576mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:50:58.0403 6576mpsdrv - ok
13:50:58.0591 6576MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:50:58.0606 6576MpsSvc - ok
13:50:58.0887 6576mqdmbus - ok
13:50:59.0027 6576MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:50:59.0027 6576MRxDAV - ok
13:50:59.0277 6576mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:50:59.0277 6576mrxsmb - ok
13:50:59.0324 6576mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:50:59.0339 6576mrxsmb10 - ok
13:50:59.0355 6576mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:50:59.0371 6576mrxsmb20 - ok
13:50:59.0402 6576msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:50:59.0402 6576msahci - ok
13:50:59.0449 6576msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:50:59.0464 6576msdsm - ok
13:50:59.0542 6576MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:50:59.0558 6576MSDTC - ok
13:50:59.0620 6576Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:50:59.0620 6576Msfs - ok
13:50:59.0620 6576MSFWHLPR - ok
13:50:59.0667 6576mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:50:59.0667 6576mshidkmdf - ok
13:50:59.0698 6576msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:50:59.0698 6576msisadrv - ok
13:50:59.0808 6576MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:50:59.0808 6576MSiSCSI - ok
13:50:59.0823 6576msiserver - ok
13:50:59.0917 6576MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:50:59.0917 6576MSKSSRV - ok
13:50:59.0979 6576MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:50:59.0979 6576MSPCLOCK - ok
13:50:59.0995 6576MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:50:59.0995 6576MSPQM - ok
13:51:00.0026 6576MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:51:00.0026 6576MsRPC - ok
13:51:00.0073 6576mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:51:00.0073 6576mssmbios - ok
13:51:00.0135 6576MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:51:00.0135 6576MSTEE - ok
13:51:00.0151 6576MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:51:00.0151 6576MTConfig - ok
13:51:00.0182 6576Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:51:00.0182 6576Mup - ok
13:51:00.0198 6576mxserver - ok
13:51:00.0244 6576napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:51:00.0260 6576napagent - ok
13:51:00.0338 6576NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:51:00.0338 6576NativeWifiP - ok
13:51:00.0385 6576navap - ok
13:51:00.0447 6576NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:51:00.0463 6576NDIS - ok
13:51:00.0868 6576NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:51:00.0868 6576NdisCap - ok
13:51:00.0978 6576NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:51:00.0978 6576NdisTapi - ok
13:51:01.0071 6576Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:51:01.0071 6576Ndisuio - ok
13:51:01.0118 6576NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:51:01.0134 6576NdisWan - ok
13:51:01.0165 6576NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:51:01.0165 6576NDProxy - ok
13:51:01.0243 6576Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
13:51:01.0243 6576Netaapl - ok
13:51:01.0290 6576NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:51:01.0290 6576NetBIOS - ok
13:51:01.0336 6576NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:51:01.0336 6576NetBT - ok
13:51:01.0383 6576Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:51:01.0383 6576Netlogon - ok
13:51:01.0492 6576Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:51:01.0492 6576Netman - ok
13:51:01.0524 6576netmnt - ok
13:51:01.0570 6576netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:51:01.0586 6576netprofm - ok
13:51:01.0726 6576NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:51:01.0773 6576NetTcpPortSharing - ok
13:51:01.0820 6576NETw4v32 - ok
13:51:01.0976 6576nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:51:01.0976 6576nfrd960 - ok
13:51:02.0007 6576NITaggerService - ok
13:51:02.0148 6576NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:51:02.0163 6576NlaSvc - ok
13:51:02.0272 6576nod32krn - ok
13:51:02.0428 6576Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:51:02.0428 6576Npfs - ok
13:51:02.0569 6576npkcusb - ok
13:51:02.0616 6576nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:51:02.0616 6576nsi - ok
13:51:02.0803 6576nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:51:02.0818 6576nsiproxy - ok
13:51:03.0006 6576NsTrcNT - ok
13:51:03.0224 6576ntcharge - ok
13:51:03.0302 6576Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:51:03.0333 6576Ntfs - ok
13:51:03.0411 6576Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:51:03.0411 6576Null - ok
13:51:03.0489 6576nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:51:03.0505 6576nvraid - ok
13:51:03.0583 6576nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:51:03.0598 6576nvstor - ok
13:51:03.0848 6576nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:51:03.0848 6576nv_agp - ok
13:51:03.0957 6576ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:51:03.0957 6576ohci1394 - ok
13:51:04.0004 6576oracledbconsoleorcl - ok
13:51:04.0129 6576ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:51:04.0129 6576ose - ok
13:51:04.0597 6576osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:51:04.0706 6576osppsvc - ok
13:51:04.0846 6576p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:51:04.0862 6576p2pimsvc - ok
13:51:04.0971 6576p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:51:04.0971 6576p2psvc - ok
13:51:05.0018 6576Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:51:05.0034 6576Parport - ok
13:51:05.0065 6576partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:51:05.0065 6576partmgr - ok
13:51:05.0096 6576Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:51:05.0096 6576Parvdm - ok
13:51:05.0143 6576passthru - ok
13:51:05.0190 6576PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:51:05.0190 6576PcaSvc - ok
13:51:05.0221 6576pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:51:05.0221 6576pci - ok
13:51:05.0268 6576pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:51:05.0268 6576pciide - ok
13:51:05.0314 6576pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:51:05.0314 6576pcmcia - ok
13:51:05.0346 6576pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:51:05.0346 6576pcw - ok
13:51:05.0392 6576PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:51:05.0392 6576PEAUTH - ok
13:51:05.0439 6576PhilCam8116_XP - ok
13:51:05.0455 6576pid_0928 - ok
13:51:05.0470 6576pinger - ok
13:51:05.0564 6576pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:51:05.0595 6576pla - ok
13:51:05.0720 6576PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:51:05.0736 6576PlugPlay - ok
13:51:05.0876 6576pnarp - ok
13:51:05.0954 6576pnmsrv - ok
13:51:06.0001 6576PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:51:06.0001 6576PNRPAutoReg - ok
13:51:06.0079 6576PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:51:06.0079 6576PNRPsvc - ok
13:51:06.0204 6576PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:51:06.0204 6576PolicyAgent - ok
13:51:06.0219 6576portmapper - ok
13:51:06.0266 6576Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:51:06.0266 6576Power - ok
13:51:06.0406 6576PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:51:06.0406 6576PptpMiniport - ok
13:51:06.0438 6576Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:51:06.0453 6576Processor - ok
13:51:06.0531 6576ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:51:06.0531 6576ProfSvc - ok
13:51:06.0594 6576ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:51:06.0594 6576ProtectedStorage - ok
13:51:06.0672 6576Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
 
(cont)

13:51:06.0672 6576Psched - ok
13:51:06.0781 6576PS_MDP - ok
13:51:06.0859 6576PTproct - ok
13:51:07.0046 6576pwisvc - ok
13:51:07.0124 6576ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:51:07.0171 6576ql2300 - ok
13:51:07.0202 6576ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:51:07.0202 6576ql40xx - ok
13:51:07.0342 6576quickbooksdb - ok
13:51:07.0436 6576QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:51:07.0436 6576QWAVE - ok
13:51:07.0561 6576QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:51:07.0561 6576QWAVEdrv - ok
13:51:07.0592 6576RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:51:07.0592 6576RasAcd - ok
13:51:07.0795 6576RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:51:07.0810 6576RasAgileVpn - ok
13:51:07.0826 6576RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:51:07.0842 6576RasAuto - ok
13:51:07.0904 6576Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:51:07.0920 6576Rasl2tp - ok
13:51:08.0076 6576RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:51:08.0076 6576RasMan - ok
13:51:08.0232 6576RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:51:08.0232 6576RasPppoe - ok
13:51:08.0263 6576RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:51:08.0263 6576RasSstp - ok
13:51:08.0294 6576rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:51:08.0310 6576rdbss - ok
13:51:08.0341 6576rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:51:08.0341 6576rdpbus - ok
13:51:08.0372 6576RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:51:08.0372 6576RDPCDD - ok
13:51:08.0434 6576RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:51:08.0434 6576RDPENCDD - ok
13:51:08.0497 6576RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:51:08.0497 6576RDPREFMP - ok
13:51:08.0559 6576RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:51:08.0575 6576RDPWD - ok
13:51:08.0715 6576rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:51:08.0731 6576rdyboost - ok
13:51:08.0778 6576ReadyComm.DirectRouter - ok
13:51:08.0809 6576RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:51:08.0824 6576RemoteAccess - ok
13:51:08.0856 6576RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:51:08.0856 6576RemoteRegistry - ok
13:51:08.0949 6576RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
13:51:08.0949 6576RimUsb - ok
13:51:09.0121 6576RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
13:51:09.0121 6576RimVSerPort - ok
13:51:09.0152 6576rnadiagnosticsservice - ok
13:51:09.0277 6576ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
13:51:09.0277 6576ROOTMODEM - ok
13:51:09.0417 6576RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:51:09.0433 6576RpcEptMapper - ok
13:51:09.0464 6576RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:51:09.0480 6576RpcLocator - ok
13:51:09.0511 6576RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:51:09.0526 6576RpcSs - ok
13:51:09.0667 6576rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:51:09.0667 6576rspndr - ok
13:51:09.0807 6576RSUSBSTOR (9f66b1355a53ff3ff9d0e7dfdd2f3dc9) C:\Windows\system32\Drivers\RtsUStor.sys
13:51:09.0807 6576RSUSBSTOR - ok
13:51:09.0885 6576RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:51:09.0901 6576RTL8167 - ok
13:51:10.0026 6576s3savagenb - ok
13:51:10.0088 6576s716unic - ok
13:51:10.0150 6576SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:51:10.0150 6576SamSs - ok
13:51:10.0244 6576sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:51:10.0244 6576sbp2port - ok
13:51:10.0291 6576SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:51:10.0291 6576SCardSvr - ok
13:51:10.0338 6576scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:51:10.0338 6576scfilter - ok
13:51:10.0384 6576Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:51:10.0400 6576Schedule - ok
13:51:10.0447 6576SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:51:10.0447 6576SCPolicySvc - ok
13:51:10.0509 6576sdbus - ok
13:51:10.0556 6576SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:51:10.0634 6576SDRSVC - ok
13:51:10.0790 6576se45mdfl - ok
13:51:10.0868 6576secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:51:10.0868 6576secdrv - ok
13:51:10.0915 6576seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:51:10.0915 6576seclogon - ok
13:51:10.0962 6576SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
13:51:10.0977 6576SENS - ok
13:51:11.0008 6576SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:51:11.0008 6576SensrSvc - ok
13:51:11.0040 6576Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:51:11.0055 6576Serenum - ok
13:51:11.0071 6576Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:51:11.0071 6576Serial - ok
13:51:11.0118 6576sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:51:11.0118 6576sermouse - ok
13:51:11.0196 6576SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:51:11.0196 6576SessionEnv - ok
13:51:11.0227 6576sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:51:11.0227 6576sffdisk - ok
13:51:11.0274 6576sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:51:11.0274 6576sffp_mmc - ok
13:51:11.0289 6576sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:51:11.0289 6576sffp_sd - ok
13:51:11.0352 6576sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:51:11.0367 6576sfloppy - ok
13:51:11.0445 6576Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:51:11.0445 6576Sftfs - ok
13:51:11.0539 6576sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
13:51:11.0554 6576sftlist - ok
13:51:11.0695 6576Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:51:11.0695 6576Sftplay - ok
13:51:11.0851 6576Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:51:11.0851 6576Sftredir - ok
13:51:11.0976 6576Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:51:11.0976 6576Sftvol - ok
13:51:12.0069 6576sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
13:51:12.0085 6576sftvsa - ok
13:51:12.0194 6576SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:51:12.0210 6576SharedAccess - ok
13:51:12.0334 6576ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:51:12.0334 6576ShellHWDetection - ok
13:51:12.0428 6576Si3132r5 - ok
13:51:12.0615 6576sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:51:12.0615 6576sisagp - ok
13:51:12.0771 6576SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:51:12.0771 6576SiSRaid2 - ok
13:51:12.0787 6576SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:51:12.0802 6576SiSRaid4 - ok
13:51:12.0849 6576Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:51:12.0849 6576Smb - ok
13:51:12.0943 6576snareiis - ok
13:51:13.0021 6576SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:51:13.0021 6576SNMPTRAP - ok
13:51:13.0083 6576snpstd - ok
13:51:13.0208 6576spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:51:13.0208 6576spldr - ok
13:51:13.0255 6576Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:51:13.0270 6576Spooler - ok
13:51:13.0395 6576sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:51:13.0489 6576sppsvc - ok
13:51:13.0598 6576sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:51:13.0614 6576sppuinotify - ok
13:51:13.0660 6576srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:51:13.0660 6576srv - ok
13:51:13.0692 6576srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:51:13.0707 6576srv2 - ok
13:51:13.0785 6576srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:51:13.0801 6576srvnet - ok
13:51:13.0848 6576SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:51:13.0863 6576SSDPSRV - ok
13:51:13.0879 6576SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:51:13.0879 6576SstpSvc - ok
13:51:13.0972 6576stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:51:13.0972 6576stexstor - ok
13:51:14.0066 6576StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:51:14.0082 6576StiSvc - ok
13:51:14.0097 6576StkScan - ok
13:51:14.0191 6576swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:51:14.0191 6576swenum - ok
13:51:14.0222 6576SWNC8U51 - ok
13:51:14.0269 6576swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:51:14.0284 6576swprv - ok
13:51:14.0362 6576SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:51:14.0425 6576SysMain - ok
13:51:14.0472 6576TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:51:14.0472 6576TabletInputService - ok
13:51:14.0550 6576TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:51:14.0565 6576TapiSrv - ok
13:51:14.0721 6576TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:51:14.0721 6576TBS - ok
13:51:14.0815 6576Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:51:14.0846 6576Tcpip - ok
13:51:15.0033 6576TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:51:15.0033 6576TCPIP6 - ok
13:51:15.0127 6576tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:51:15.0127 6576tcpipreg - ok
13:51:15.0252 6576TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:51:15.0252 6576TDPIPE - ok
13:51:15.0267 6576tdrpman174 - ok
13:51:15.0314 6576TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:51:15.0314 6576TDTCP - ok
13:51:15.0376 6576tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:51:15.0392 6576tdx - ok
13:51:15.0501 6576TeamViewer - ok
13:51:15.0564 6576TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:51:15.0564 6576TermDD - ok
13:51:15.0688 6576TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:51:15.0704 6576TermService - ok
13:51:15.0782 6576Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:51:15.0782 6576Themes - ok
13:51:15.0813 6576thotkey - ok
13:51:15.0860 6576THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:51:15.0876 6576THREADORDER - ok
13:51:15.0876 6576timounter - ok
13:51:15.0922 6576tng-dts - ok
13:51:15.0954 6576tpkmpsvc - ok
13:51:15.0969 6576trioservice - ok
13:51:16.0032 6576TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:51:16.0032 6576TrkWks - ok
13:51:16.0078 6576TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:51:16.0078 6576TrustedInstaller - ok
13:51:16.0141 6576tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:51:16.0141 6576tssecsrv - ok
13:51:16.0234 6576TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:51:16.0234 6576TsUsbFlt - ok
13:51:16.0375 6576tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:51:16.0375 6576tunnel - ok
13:51:16.0406 6576tvalz - ok
13:51:16.0453 6576uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:51:16.0468 6576uagp35 - ok
13:51:16.0531 6576udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:51:16.0531 6576udfs - ok
13:51:16.0593 6576UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:51:16.0593 6576UI0Detect - ok
13:51:16.0718 6576uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:51:16.0718 6576uliagpkx - ok
13:51:16.0843 6576umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:51:16.0858 6576umbus - ok
13:51:16.0905 6576UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:51:16.0905 6576UmPass - ok
13:51:16.0968 6576upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:51:16.0968 6576upnphost - ok
13:51:16.0999 6576USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:51:17.0014 6576USBAAPL - ok
13:51:17.0092 6576usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:51:17.0092 6576usbaudio - ok
13:51:17.0124 6576USBCamera - ok
13:51:17.0170 6576usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:51:17.0170 6576usbccgp - ok
13:51:17.0233 6576usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:51:17.0233 6576usbcir - ok
13:51:17.0264 6576usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
13:51:17.0264 6576usbehci - ok
13:51:17.0326 6576usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:51:17.0342 6576usbhub - ok
13:51:17.0373 6576usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:51:17.0373 6576usbohci - ok
13:51:17.0436 6576usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:51:17.0436 6576usbprint - ok
13:51:17.0545 6576usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:51:17.0545 6576usbscan - ok
13:51:17.0638 6576USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:51:17.0638 6576USBSTOR - ok
13:51:17.0685 6576usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:51:17.0685 6576usbuhci - ok
13:51:17.0748 6576usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
13:51:17.0763 6576usbvideo - ok
13:51:17.0779 6576UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:51:17.0794 6576UxSms - ok
13:51:17.0826 6576VAIOMediaPlatform-PhotoServer-HTTP - ok
13:51:17.0841 6576VAIOMediaPlatform-PhotoServer-UPnP - ok
13:51:17.0888 6576VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:51:17.0888 6576VaultSvc - ok
13:51:17.0966 6576vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:51:17.0966 6576vdrvroot - ok
13:51:18.0013 6576vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:51:18.0013 6576vds - ok
13:51:18.0122 6576vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:51:18.0122 6576vga - ok
13:51:18.0200 6576VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:51:18.0216 6576VgaSave - ok
13:51:18.0309 6576vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:51:18.0309 6576vhdmp - ok
13:51:18.0512 6576viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:51:18.0512 6576viaagp - ok
13:51:18.0559 6576ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:51:18.0574 6576ViaC7 - ok
13:51:18.0606 6576viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:51:18.0606 6576viaide - ok
13:51:18.0684 6576vm331avs (e37e2dc65ae295cc0c27f31d566045c6) C:\Windows\system32\Drivers\vm331avs.sys
13:51:18.0684 6576vm331avs - ok
13:51:18.0715 6576volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:51:18.0715 6576volmgr - ok
13:51:18.0746 6576volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:51:18.0762 6576volmgrx - ok
13:51:18.0808 6576volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:51:18.0808 6576volsnap - ok
13:51:18.0886 6576vpn5000service - ok
13:51:18.0980 6576vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:51:18.0996 6576vsmraid - ok
13:51:19.0058 6576VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:51:19.0089 6576VSS - ok
13:51:19.0183 6576vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:51:19.0183 6576vwifibus - ok
13:51:19.0276 6576vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:51:19.0276 6576vwififlt - ok
13:51:19.0292 6576vwlogger - ok
13:51:19.0339 6576W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:51:19.0339 6576W32Time - ok
13:51:19.0526 6576w550mdm - ok
13:51:19.0588 6576WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:51:19.0588 6576WacomPen - ok
13:51:19.0713 6576WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:51:19.0713 6576WANARP - ok
13:51:19.0729 6576Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:51:19.0729 6576Wanarpv6 - ok
13:51:19.0885 6576wanatw - ok
13:51:20.0072 6576WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:51:20.0103 6576WatAdminSvc - ok
13:51:20.0197 6576wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:51:20.0228 6576wbengine - ok
13:51:20.0368 6576WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:51:20.0384 6576WbioSrvc - ok
13:51:20.0415 6576wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:51:20.0431 6576wcncsvc - ok
13:51:20.0446 6576WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:51:20.0462 6576WcsPlugInService - ok
13:51:20.0493 6576Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:51:20.0509 6576Wd - ok
13:51:20.0540 6576Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:51:20.0556 6576Wdf01000 - ok
13:51:20.0571 6576WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:51:20.0587 6576WdiServiceHost - ok
13:51:20.0587 6576WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:51:20.0587 6576WdiSystemHost - ok
13:51:20.0680 6576wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\Windows\system32\DRIVERS\WDMirror.sys
13:51:20.0680 6576wdmirror - ok
13:51:20.0790 6576WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:51:20.0805 6576WebClient - ok
13:51:20.0868 6576websensepolicyserver - ok
13:51:20.0914 6576Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:51:20.0930 6576Wecsvc - ok
13:51:20.0946 6576wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:51:20.0946 6576wercplsupport - ok
13:51:21.0024 6576WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:51:21.0024 6576WerSvc - ok
13:51:21.0102 6576WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:51:21.0102 6576WfpLwf - ok
13:51:21.0195 6576WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
13:51:21.0195 6576WimFltr - ok
13:51:21.0242 6576WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:51:21.0242 6576WIMMount - ok
13:51:21.0336 6576WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:51:21.0351 6576WinDefend - ok
13:51:21.0367 6576WinHttpAutoProxySvc - ok
13:51:21.0507 6576Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:51:21.0507 6576Winmgmt - ok
13:51:21.0570 6576WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:51:21.0601 6576WinRM - ok
13:51:21.0772 6576WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:51:21.0772 6576WinUsb - ok
13:51:21.0835 6576Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:51:21.0850 6576Wlansvc - ok
13:51:22.0038 6576WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:51:22.0038 6576WmiAcpi - ok
13:51:22.0131 6576wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:51:22.0131 6576wmiApSrv - ok
13:51:22.0240 6576WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:51:22.0272 6576WMPNetworkSvc - ok
13:51:22.0381 6576WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:51:22.0396 6576WPCSvc - ok
13:51:22.0443 6576WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:51:22.0443 6576WPDBusEnum - ok
13:51:22.0490 6576ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:51:22.0490 6576ws2ifsl - ok
13:51:22.0521 6576wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
13:51:22.0521 6576wscsvc - ok
13:51:22.0537 6576WSearch - ok
13:51:22.0615 6576wsvd (baedc491374defd5e76336901d6d397d) C:\Windows\system32\DRIVERS\wsvd.sys
13:51:22.0630 6576wsvd - ok
13:51:22.0771 6576wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:51:22.0833 6576wuauserv - ok
13:51:22.0958 6576WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:51:22.0958 6576WudfPf - ok
13:51:23.0130 6576WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:51:23.0130 6576WUDFRd - ok
13:51:23.0208 6576wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:51:23.0223 6576wudfsvc - ok
13:51:23.0270 6576WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:51:23.0286 6576WwanSvc - ok
13:51:23.0301 6576X4HSX32 - ok
13:51:23.0379 6576xusb21 - ok
13:51:23.0504 6576zebrmdmc - ok
13:51:23.0520 6576zenos1 - ok
13:51:23.0582 6576MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:51:23.0722 6576\Device\Harddisk0\DR0 - ok
13:51:23.0722 6576Boot (0x1200) (6508ee5510674296c7e617f7846c96ef) \Device\Harddisk0\DR0\Partition0
13:51:23.0722 6576\Device\Harddisk0\DR0\Partition0 - ok
13:51:23.0754 6576Boot (0x1200) (65959a05f6ba93b801abe5af1b881eea) \Device\Harddisk0\DR0\Partition1
13:51:23.0754 6576\Device\Harddisk0\DR0\Partition1 - ok
13:51:23.0754 6576============================================================
13:51:23.0754 6576Scan finished
13:51:23.0754 6576============================================================
13:51:23.0769 7416Detected object count: 1
13:51:23.0769 7416Actual detected object count: 1
13:51:38.0043 7416C:\Windows\system32\drivers\afd.sys - copied to quarantine
13:51:38.0059 7416VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
13:51:40.0992 7416Backup copy not found, trying to cure infected file..
13:51:40.0992 7416C:\Windows\system32\drivers\afd.sys - Cure failed (FFFFFFFF)
13:51:40.0992 7416C:\Windows\system32\drivers\afd.sys - processing error
13:51:43.0753 7416AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
 
I could not run ESET online scan because I no longer have internet access on either WiFi or hardwired LAN. Connection is present but it has the yellow exclamation triangle. I tried rebooting several times but no internet.
 
t
Regarding this:
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Click to expand...
========================================
When you have finished the above, Please uninstall Combofix as follows:

Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
=========================================
The run this:
Please download and extract the following file: XPSP3 netsvcs
Then double click on it to merge it into the Registry.
============================================
Now download and run Combofiix again.
=========================================
I see multiple users on the system: Laurie, Arelene, Erika. I also see a Remote User> log me in. Are you doing a remote help for this system? There is also a 'default user.'
=======================================
Please leave logs in next reply
 
Hello

I removed Combofix as instructed.

The link for the file XPSP3 netsvcs appears to be dead. Please forward and alternative link if you have one.

Yes there are 3 user accounts on the laptop. There is also a Guest account but it is disabled. I did have logmein installed on this laptop but uninstalled it while we are trying to salvage it.

I'm not sure what you mean when you ask if I'm doing a "remove help"? If you meant remote help then the answer is no the laptop is sitting on my desk here. I'm downloading files to USB stick from my main computer and transferring them to laptop. I am scanning the stick everytime I reinsert it to my main computer.

Thanks again!
 
I found the xpsp3_netsvcs file it was located HERE.

I've merged it into registry and re-downloaded Combofix. Currently running combofix. Will post the log results when complete.
 
I ran the freshly downloaded Combofix. It prompted me again that computer has a rootkit and combofix needed to reboot machine. I selected ok and the laptop rebooted. I still have no internet access on this machine and it says connected to "unidentified network" in the connection icon in tray along with the yellow exclamation point. Here is the log from the newest combofix run.

ComboFix 12-04-22.02 - SYSTEM 04/23/2012 11:18:08.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2999.725 [GMT -4:00]
Running from: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 15:26 . 2012-04-23 15:27--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-23 15:26 . 2012-04-23 15:26--------d-----w-c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-04-23 15:26 . 2012-04-23 15:26--------d-----w-c:\users\Laurie\AppData\Local\temp
2012-04-23 15:26 . 2012-04-23 15:26--------d-----w-c:\users\Erika\AppData\Local\temp
2012-04-23 15:26 . 2012-04-23 15:26--------d-----w-c:\users\Default\AppData\Local\temp
2012-04-23 15:26 . 2012-04-23 15:26--------d-----w-c:\users\Arlene\AppData\Local\temp
2012-04-23 15:04 . 2012-04-23 15:04--------d-----w-c:\windows\system32\%LocalAppData%
2012-04-21 17:30 . 2012-04-21 17:51--------d-----w-C:\TDSSKiller_Quarantine
2012-04-18 17:51 . 2012-04-18 17:51388096----a-r-c:\users\Arlene\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-18 17:51 . 2012-04-18 17:51--------d-----w-c:\program files\Trend Micro
2012-04-18 16:44 . 2012-04-18 16:44--------d-----w-c:\users\Arlene\AppData\Roaming\Malwarebytes
2012-04-18 16:28 . 2012-04-18 16:28--------d-----w-c:\users\Erika\AppData\Roaming\Malwarebytes
2012-04-18 16:28 . 2012-04-18 16:28--------d-----w-c:\programdata\Malwarebytes
2012-04-18 16:28 . 2012-04-18 16:28--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-04-18 16:28 . 2012-04-04 19:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-12 19:34 . 2012-03-01 05:4619824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-12 19:34 . 2012-03-01 05:37172544----a-w-c:\windows\system32\wintrust.dll
2012-04-12 19:34 . 2012-03-01 05:33159232----a-w-c:\windows\system32\imagehlp.dll
2012-04-12 19:34 . 2012-03-01 05:295120----a-w-c:\windows\system32\wmi.dll
2012-04-12 19:34 . 2012-03-06 05:593968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-12 19:34 . 2012-03-06 05:593913072----a-w-c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 05:34 . 2012-03-14 10:52826880----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 10:52183808----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 10:5224576----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 10:531077248----a-w-c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 10:532343424----a-w-c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-02-11 06:01237072------w-c:\windows\system32\MpSigStub.exe
2012-01-25 05:32 . 2012-03-14 10:5258880----a-w-c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 10:52129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 10:528192----a-w-c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-02-11 06:111410400----a-w-c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-12-20 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-12-20 487992]
"331BigDog"="c:\program files\USB Camera\VM331_STI.EXE" [2009-12-20 536576]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-12-20 501640]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-12-17 4114368]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6223808]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 665504]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2011-02-11 3122528]
"UCam_Menu"="c:\program files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files\Lenovo\YouCam\YouCamTray.exe" [2009-11-11 167008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 MpKsl5975f928;MpKsl5975f928;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19D7BAE-6EA6-4768-9B9F-430BA3B53678}\MpKsl5975f928.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 56832]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-29 63240]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-06-24 21504]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-12-20 182304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-09-03 21256]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-12-20 119296]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-20 209920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-20 189440]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2009-12-20 179072]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
IgrsSvcsREG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
HidServ
Iprip
LanmanWorkstation
Messenger
Netman
TrkWks
W32Time
WZCSVC
wscsvc
xmlprov
napagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1003Core.job
- c:\users\Laurie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 19:31]
.
2012-04-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1003UA.job
- c:\users\Laurie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 19:31]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1004Core.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 09:30]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2455382146-3077568640-2663614186-1004UA.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 09:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-23 11:29:31
ComboFix-quarantined-files.txt 2012-04-23 15:29
.
Pre-Run: 262,901,125,120 bytes free
Post-Run: 262,837,653,504 bytes free
.
- - End Of File - - 3F167C8B7FC79B60C95257CA7C931FD8
 
connected to "unidentified network
Click to expand...

Then we need to replace file if we can find a clean on:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
afd.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

I am puzzled by the multitude of drivers/Services crashing and/or being deleted. I' like to check the system:

Please run the MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows is it for?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
 
Thanks for sticking with me! Ok, so a couple of weird things I've noticed. All the desktop icons that I copy to the desktop now show a little padlock beside them. Also, my sound icon in the tray now shows a little red "x" beside it. Just letting you know.

Also this laptop only came with 2 DVD's that I had to order after the fact. 1 is a product recovery DVD and the other is a driver DVD. There is a COA sticker on the bottom of the Laptop that is virtually unreadable for the product key which is a little alarming but it says "Windows 7 Home Prem. OA" along the top.

Ok, on to the info you requested.

SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:09 on 26/04/2012 by SYSTEM
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.*"
C:\Windows\System32\drivers\afd.sys--a---- 338944 bytes[22:27 15/06/2011][02:18 25/04/2011] 0DAC8BF208BB132EBEA0F0366EBD3E6D
C:\Windows\System32\drivers\en-US\afd.sys.mui--a---- 14848 bytes[04:55 14/07/2009][02:08 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D
C:\Windows\winsxs\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4bbf167edfba3058\afd.sys.mui--a---- 14848 bytes[04:55 14/07/2009][02:08 14/07/2009] 2F1E1E5CE5927E156F0B30163119960D
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys--a---- 338944 bytes[23:12 13/07/2009][23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys--a---- 338944 bytes[22:27 15/06/2011][02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys--a---- 338944 bytes[22:27 15/06/2011][02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys--a---- 338944 bytes[05:09 10/03/2011][08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys--a---- 338944 bytes[22:27 15/06/2011][02:18 25/04/2011] 0DAC8BF208BB132EBEA0F0366EBD3E6D
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys--a---- 338944 bytes[22:27 15/06/2011][03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5

-= EOF =-

MGA Diagnostics Log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-JKHXW-D9W83-FJQKD
Windows Product Key Hash: AYaBykmfTHUVW5whGaYMeVJn0/U=
Windows Product ID: 00359-OEM-8992687-00249
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {2EC5CF4C-3B3A-4BE7-9327-DCEB5807F272}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120305-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2EC5CF4C-3B3A-4BE7-9327-DCEB5807F272}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-FJQKD</PKey><PID>00359-OEM-8992687-00249</PID><PIDType>2</PIDType><SID>S-1-5-21-2455382146-3077568640-2663614186</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>0679 </Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>29CN29WW(V2.06)</Version><SMBIOSVersion major="2" minor="6"/><Date>20100708000000.000000+000</Date></BIOS><HWID>D38D3E07018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800249-02-1033-7600.0000-0402011
Installation ID: 013155057073610574604485876070964602683581547101042095
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: FJQKD
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 4/26/2012 11:13:26 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:28:2012 20:43
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: KgAAAAEAAQABAAEAAAABAAAAAQABAAEAeqgeVDaGmEEyl6wizMpSylxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table NameOEMID ValueOEMTableID Value
APICINTELCalpella
FACPLENOVOCB-01
HPETLENOVOCB-01
BOOTINTELCalpella
MCFGLENOVOCB-01
WDRTINTELCalpella
ASF!INTELCalpella
SLICLENOVOCB-01
ASPTINTELCalpella
SSDTPmRefCpuPm
SSDTPmRefCpuPm
SSDTPmRefCpuPm
 
For the blocked icons:

Do a right click anywhere on an empty space on the desktop> Arrange icons by......................> Uncheck 'lock web items on desktop.'

I notice this on the MGA DX scan:
"Remaining Windows rearm count: 4" A Rearm is the ability for a user to extend the Activation grace period and all version of Vista and Windows 7 get three 3 rearms, not 4.And it appears that either the OS is damaged, or you did not Activate it.

[FONT=Arial]Go to http://microsoft.com/genuine and click the Validate Windows button. If it validates as Genuine, that should cause the Non-Genuine messaging to go away. If it validates as Non-Genuine, it should give an indication of the cause.[/FONT]
 
Hello again.

I don't have the option to uncheck "lock web items" I've included a screen capture. In fact I don't even have the "Arrange icons by" option. The option also doesn't show in either "view" or "sort by".

I still can not connect to internet on this computer so I can't go to the above link. I tried downloading the genuine advantage prog onto a stick and running it but the first thing it wants to do is update which it can't do so it just quits.

Thanks
 
I'm sorry but this is taking too long. I have to give this computer back to her. I'm going to format it and reinstall everything. I tried uninstalling and reinstalling LAN drivers for both hardwired and wireless. I also tried using my iPhone to tether and nothing is working. This problem started with the ComboFix execution. It still finds a rootkit every single time I run it so obviously it is not eliminating it. I'm frustrated and upset that we can't get this working and now I have to spend another 4 hours starting from scratch. I really appreciate you sticking with me on this and trying your best. It's much further than I would have got on my own. Thanks again for all the help!
 
Maybe what we did didn't work because Windows isn't set up correctly.

You're welcome for the help. Less impatience will allow one to learn.
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back